I’m tired of this shit

[[!meta description="""I’m getting really tired and bored about those crypto nerds who do not understand threat models, general public and who assume they

Shooting the ambulance

It seems that there’s a national sport among crypto nerds, and it’s shooting the ambulance. Yeah, I know, I’ve been kind of naive thinking that some people with common sense could be more vocable than the people who enjoy ranting on stuff, saying that this is shit, and that only them know the truth.

I’m speaking specifically about the own mailbox project and the torrent of flame and more or less accurate accusation it received from @aeris in this three posts. I also like to point out that the answers provided by the Own Mailbox team doesn’t makes them right. There are issues with the project, but I do not think it’s a reason for burning them alive, but instead would have been interesting to help them to improve.

This is something aeris have an issue with – I already pointed that out in the way Crypto Parties are ran around here in Paris.

The point he’s missing in those articles is – as always – what is the threat model own mailbox tries to solve; as well as mixing up a lot of things (blaming a mail server for the insecurity of TLS or for the possibility of MitM attack is … out of scope).

So, let’s try to think about that.

Everything is broken

First, as Quinn Norton once wrote, if you pretend to work in the security and tries to improve the safety of people, you have to acknowledge that: Everything is brooken. It basically states that there’s no way to have a secure system. It does not exists, it will not exists any time soon.

If you look at a project like own mailbox, where you will display decrypted text on an end-point – because if you’re not you’re either using bad crypto or no-one is actually reading the content.

Eventually, you’ll have decoded data – sensitive data – displayed and stored at least in memory of a computer. A computer which is flawed by malware, spyware, adware and other nasty things. Whatever your crypto level is, even if you have a fully patched computer with as few software as you need, you’ll probably have some 0-day active that a motivated attackers can exploit to get access to this memory.

It means that, with a sufficient amount of time and of motivation, someone else than the emitter and recipient of the message would be able to get their hands on your data, for the simple reason that – at some point – you need to read it.

And if you have a bullet-proof mailbox – which is the promises made by own mailbox – well, it’s way much easier to target the end-node and to read the mails at the same time as the user.

After all, Hacking Team was doing basically exactly that. And there’s no reason to believe that they were the only one to do that.

And no, free software will not save you there, with so many attacks on web browser, or PDF, it’s not enough to run free software on your computer. One way to solve this issue is to use an air gap computer, a computer that have never been and never will be connected to a network of a kind. It means you need to burn your mails on a CDRom or a DVDROm and to check them onto the airgap system.

And this is something you cannot do with the general public. Because maintaining such a computer – set asides the financial costs – requires time. Like at least one hour a day. Every day. And to get a good understanding at how the computer works. Which is something a lot of people – because they do not want to or because they cannot to – won’t do.

Also, assuming that the average computer/smartphone/tablet/whatever security is higher than the one of a small brick that cannot be easily improved and extended is a hell of a mistake. Key generation whould only be done on airgap computer with hardware random number generator if you want to have really secure keys – and stored on a read-only devices.

Never forget Jessica

This is the second most important error done I think. We forget about Jessica. Specifically we make two mistakes. The first one, that everyone is willing to spend a lot of time figuring out their safety and to protect themselves and their relatives against a theoretical threat.

Let’s stand back a little bit. We already have hard time to have people using simple means to protect themselves against a real threat like AIDS, syphilis or other STI – use condoms people. Seriously – how would we have them protect themselves against philosophical and political threats?

Especially if we expect them to understand things that could take some months or years to get by? What is the point of full-encrypted mail? What means end-to-end? What’s the NSA/GCHQ/insert-your-own-agency-here doing exactly? And why they’re doing it? They’re trying to protect us, of course. Against terrorism. That’s what they said.

If you want user to actively use crypto, you need them to not think about using it. And if you focus only on the technical issue, you’re missing the point that it’s a political one. Because if your government wants to spy on you, they will sub-contract a hacking team like, and you’ll be screwed.

This is what – I think – aeris is missing. The people who’ll actually get the own-mailbox are people who already understand why they need to protect themselves (yay, there’s actually some of them out there), but who can’t afford to host themselves another way – essentially by a lack of time and of skills.

People who will get these kind of devices are not the hard core activists who tries to avoid cops enter their house to seize computer look-a-like devices. Because, in this situation, hosting your mail in your office is useless at best, dangerous at worst.

So, most of the people who will use this kind of device or services aren’t really people at risk of being sent in jail because they sent an email. They’re probably the one who will use it as a nice gadget, on a side.

This kind of devices have no chance to ever be used in life or death situation. And even if they were, crypto won’t protect you from bullets.

Also, everyone seems to think actual people uses email. They’re not. Less and less. We’re using Facebook messenger, twitter DM, GMail (which is less and less compatible with third-party clients), WhatsApp, SnapChat, SMS, etc …

I’m not saying that it’s a good thing. I’m trying to understand who are the people who’re gonna use this. And it won’t be the social-media addict who only uses a Mac and GMail, it won’t be the Uber Nerd who uses only mutt and altern.org emails, nor will it be company – because they can’t handle the load on those devices.

It won’t neither be the poorest people who do not have access to a correct enough ADSL line. So it will be people who already understand what it means to being watch and wants to add a little bit more security on their devices.

The thing is, we won’t get everyone doing key management the perfect way for – at least – two reasons. The first one being that no one know what is perfect key management. The second one being that even the crypto nerds fails at it on a regular basis.

So this is it.

I really think that own-mailbox commercial team have an issue. Their answer is out of scope. There is some issues to be addressed. The funnier one is pretending that needing JavaScript for a webmail client would be a security issue … it will be if you’re living in a place where there is MitM interception on the line + a way to tamper with TLS. Which is typically the case where you do not want to have a box with all your emails in your houses.

But going after them, saying that the devices is blatantly flawed without even having one at hand in the first place is kind of stupid and counter productive. There’s an issue around the terms used (100% secure is always false), but I believe that – since it’s a free software project – aeris could have, at least, open bugs or ticket. I did not find a repo for own-mailbox though – didn’t look for it hard neither.

But aeris choose to get out for blood. Yes, this porject is far from perfect, but it’s still a plus, and if it gets some people to use more opportunistic crypto, then it’s fine enough for me.

aeris, you really should understand that no, no one can use the tools you’re using as part of their regular routine. And in most case it’s not even a

Crypto fallacies

This post is a follow-up on what I tweeted yesterday – hours before the constitutional council gave its approval of the new French Intelligence bill. First tweet is here

Where I come from

Before writing this article, I think it’s important to give some context about what I’ve done the last few years.

So, before joining the Telecomix Crypo Munition Buro and #telekompaketet, I wasn’t that much in security and crypto. I learned that on the late, and with some specific goals in minds – I’ll be back to that later. I was a mercenary sysadmin, working for anyone willing to pay me to maintain their system.

I didn’t understood the difference between free software and open source back in the time, neither was I aware of a lot of issues in the world. Looking to it through my small internet periscoped visor. Most of the news I was reading back in the time were tied to computer, video games and – to some extent – foreign diplomacy.

Not the mainstream media, but not much better. I worked for government and the police – maintained the fingerprint database used by cops and sold by the former Sagem – now known as Morpho XL. I worked for oen of the traditionalist newspaper. For startup trying to build customer profile and senders of millions of mails.

But I was reading those few news. I was joining the twitter (2009 … damn, that’s already 6 years?) and already having fight with people humping on the Facebook boat.

Because what was clear for me was that my privacy should be kept under my own personal control, not under the control of anyone or anything else. I always been shy about sharing data over over public and free network who will track you in the end.

I got this habit of watching for my privacy since high school. I accessed the internet for the time at this time. And at home we even had high-speed internet (512 Mbps in 1997, was part of an 31337, not chasing for those AOL 50h of free internet CD Roms).

I got this habit not because of the teaching of someone, but because of my father. See, my father wasn’t an abusive one. He was kinda distant, avoiding me, but he was not an abusive one. At the time we had internet and when I discovered some of the endless possibilities of the computers being connected to each other, I also learned that my father was a paedophile. He has been convicted for that. Twice. At least the second time it was related to detention of pictures from internet.

Yep, that’s about how I learned how it was important to understand how things works and why it was paramount to protect your privacy. Because cops would breaks into your house and seize your hardware for the sole purpose of you living in the same house than a sexual offender.

So, everything started there for me. Since then I always had a full encrypted drive, I’ve used the privacy mode in my browser as much as I could, I learned to delete cookies and Internet Cache on a lot of browsers (from Netscape Navigator and Mozaic to chrome to Internet Explorer 6).

This is when I started caring for the law about computers and communication. And censorship. I did not really get a grasp of what politics where, but still, I was keeping an eye at it.

Got a degree in computer science and got working, trying to earn my independence and to get out of my parents house – almost 20 years later I still can’t speak to my father and yes, it’s part of the reason I’m severely depressed – and so on.

We’re now in 2009, end of the year and I’m bored at work. There is a lot of signal coming from Tunisia that things will getting ugly there. That’s when I started to act for someone else than me.

I was self hosted, so I had spaces. And root access to my servers. Slim Ammanou was interviewed in some media I was reading (Cant’ remember if it was Read Write Web fr or the blog of Jean Marc Manach, not really important I guess). And some people were doing mirrors of censored blogs in Tunisia.

I was bored, I did knew bash, so I scripted some things to help. WHen someone figured out that the ATI was dropping the SSL around facebiik to catch login and password, I crote a one line that could generates gigabytes of fake password for a specific account.

And someone told me to join IRC and #telekompaketet@irc.telecomix.org. I haven’t fired up an IRC client since the 2000′ so it felt a bit odd, but then a lot of things changed for me, starting with the immolation of Mohamed Bouazizi, the Egyptian revolution and the Syrian civil massacre.

During those last five years I developed my security and crypto skills, and tried to train activists who needed it to communicate. I’ve quit my job and worked for an NGO for nearly a year and a half, chain burning-out myself to the point of severe anxiety disorder and depression, mixed with my attention disorder it doeswn’t goes well.

So this is where I come from. I hope that it will helps you to understand what and why I’m going to say the next few things.

Crypto fallacies

The crypto fallacies is to think that your freedom relies on the tool you use. That, if you use the correct tools, in the way they’re intended to, then you have nothing to fear from an oppressive regime.

It’s false, first because IT security on the general computing is a disaster – and I’m not sure it can be fixed anytime soon – but lmost of all it’s false because you’re opposing an oppressive regime.

If you’re not actively opposing an oppressive regime, you’re silently accepting it and then you’re an accomplice. So, you’re opposing an oppressive regime. An oppressive regime as one specific characteristics, it’s using arbitrary detention and arrest to spread terror and keep thing under control. And no amount of crypto can fight that.

I’ve seen kill list in Syria, written with a carbon pen on a piece of paper. Based on denunciation by neighbors, assumptions by people or just because people did not live in the correct address. I’ve seen people getting shot for no other reason than their skin color, or the way they were dressed.

But most of all, I’ve seen people getting arrested, tortured and shot at because they were protesting into the street. And that’s the thing cryptonerds needs to understand. In the end, the purpose of an activists, is to get in the street, to oppose – violently – the state, and end up in jail (in the bes case scenario). The crypto, or the tech gyzmo you can provides them with won’t prevent that.

Also, if your freedom relies on a specific piece of tech, or a specific knowledge, it means that each and every people who has no access to it can’t be free. Which raises an issue that I have not seen adressed by the most vocal voices in the OpSec for activists people. Sure, you can do IT Training in Mali, but when you have power outtage several hours a day and when the temperature will frequently raises above 40°C, most of our tech is made unusable – believe me, we tried that.

I’ve also seen crypto nerds going extremists and refusing to even consider talking to an activists over an unencrypted channel. That’s an interesting stance since then, the activist would never know how to do that

That’s also a good way to forbid communication, which is mandatory for coordinating actions, getting information out, and care about people. If we would follow those extremists, we would end up in an autistic mode without communicating because it would exposes you to a risk. Risk that still needs to be determined.

And, in the end, if you want to undermine and destroy an oppressive regime, you need to accept the risks. You need to accept that you’ll end up in jail. You need to accept that you’ll be beaten up. You need to accept the fact that if you do not take the streets, then it’s your opponent who have them. And you need to take that back.

And you cannot do it from a computer.

Sure, sysadmin and service operators providing good opportunistic cryptography, with fluid interface and where the security doesn’t get in the way of the user, while protecting their users from the government are needed – and it’s the path I’ve choose, but you have to accept that it’s illegal in most states. Even in NATO countries, or in the EU.

But those sysadmins won’t be protected by crypto. Their freedom is at risk as soon as they decide to fight and to help. And no crypto tool you can use can tight your organisation to a point where no exterior influence can destroy it. We’ve seen it before – with Sabu for instance – we’ll see it again because that’s how things works.

The only thing crypto will buy you is time. This time should be used to coordinate, to share, to care, but it won’t get you out of jail (even TPB founders did serve time). But that’s about it, once you’ll be in the street, you’ll end up in jail whatever the crypto you’re using.

And that is called OpSec (Operation Security). The purpose of OpSec is to be able to run an operation. If the crypto you’re using makes you unable to run it, then you’ve failed your OpSec. And running no Operation is also an Operational failure.

So, yes, crypto is usefull, because it gives you time and space to breathe. It allows you to get some room to distress and coordinates. But your freedom does not rely on a piece of tech. It relies only on you to take it.

Go into the street.

As-t-on besoin de vie privee ?

Ohai,

Those are the notes I used for my talk at the Ubuntu Party in May 2015. So it’s in French – sorry but feel free to translate.

It’s about privacy, and it intends to give other way to talk about it.

As-t-on vraiment besoin de vie privée?

"On the internet nobody knows you’re a dog".

Depuis les débuts d’Internet, la vie privée à toujours été une problématique forte. Qu’il s’agisse de l’utilisation de pseudonyme, des Anonymous ou des problématique autour de l’immixtion arbitraire dans la vie privée, la vie privée à toujours été débattue sur la place publique.

C’est une notion qui est présente dès que l’on parle de communication et d’information – le secret des correspondances date de bien avant UseNet – mais qui est également utilisé à tort et à raison par des personnes fort différente. Du droit à l’oubli demandé par les politiciens au coming out pratiquée par les communautés LGBTIQ en passant par l’invisibilisation et le conformisme parfois volontaire, parfois subit, que recouvre vraiment la notion de vie privée, et mark Zukerberg a-t-il raison quand il affirme que la vie privée est un artefact du passé?

Ça fait un peu de temps que je réfléchit à ce qu’est une identité, a ce qu’est la vie privé et aux problèmes que cela peut soulever dans la construction de soi. En tant que personne bisexuelle ce sont des questions qui me touchent personnellement et ne sont pas forcément simple.

Mais d’abord quelques définitions.

Qu’est-ce que la vie privée? Et autres définitions nécessaires.

Vie privé / Vie publique

Citée par tous les défenseurs des droits, notamment par l’article 8 de la Convention Européenne des Droits Humains et par l’article 12 de la Déclaration Universelle des Droits Humains de l’ONU, la protection des personnes contre l’immixtion dans leur vie privée est considérée comme un droit fondamental. Mais elle n’est jamais définie dans ces textes et chartes. Généralement car la notion de vie privée évolue avec les mœurs mais aussi avec la technologie. Il y a peu de chance que – en 1948 – l’ONU ai pu imaginer que nous nous baladerions tous avec un appareil capable de nous localiser au mètre près et capable d’enregistrer ces données sur plusieurs dizaines d’années.

Quand je parle de vie privée, je parle donc de tout ce qui n’est pas public. Ce qui est public c’est ce qui est accessible par une entité qui n’est ni émettrice ni réceptrice d’un message. La vie privée ne concerne donc que ce qui est connu par un groupe définit et restreint.

On peut d’ores et déjà remarquer qu’il y a différentes vie privées et publiques en fonction des différents cercles sociaux auxquels ont appartient. Et dans un monde favorisant les connexions entre ces différents groupes, toute la difficulté de gestion de la vie privée vient de là.

Entropie de l’information

Retournons aux bases de l’informatique et de la science de l’information avec la théorie de l’information de Shannon, telle qu’il l’a formulée en 1948, afin de définir l’entropie de Shannon.

L’entropie d’un système d’information est – en gros – inversement proportionnelle à la possibilité de prédire la prochaine information venant d’une source. Par exemple, si un émetteur n’a émis que des ‘a’, alors la source possède une entropie faible. Mais si jamais un ‘b’ apparaît, c’est une information à forte entropie (et nécessitant peu de bit pour être codée) car ce comportement n’a pas pu être prédit en considérant la source d’information.

Dans un monde normé, composé uniquement de ‘a’, exprimer une différence – de manière voulue ou non – est donc une information à forte entropie. Moins il y a de ‘b’, ‘c’, etc… plus leur apparition sera entropique et donc considérée comme anormale, comme une anomalie.

A l’inverse, dans un monde peu ou pas normé, dans lequel toutes les expressions sont reconnues et existe, être différent n’a que peu d’entropie, peu d’impact sur cet ensemble.

Nous vivons actuellement dans un monde normatif, encourageant le conformisme à un modèle donné. Ce modèle est véhiculé par différents médias : la publicité par exemple, qui véhicule une image de bonheur ou de beauté qui ne peut être atteint que par un certain type de personne, ayant un certain corps, une certaines couleur de peau etc… ; mais aussi par les gouvernements qui définissent les bons et mauvais citoyens grâce aux lois qui définissent la marge (stupéfiants, prostitutions, squats, hackers, etc…)

Panopicon

Un panopticon est une prison idéale théorisée en Angleterre au dix huitième siècle et qui se base sur le fait que les prisonniers savent qu’ils peuvent être surveillés en permanence, mais qu’ils ne voient pas si ils sont effectivement surveillés.

La concrétisation de la menace de surveillance – et de répression en cas de non respect des règles établies – est suffisante pour garder les prisonniers sous contrôle.

Michel Foucault étendra ce principe à d’autre milieu sociaux en 1975, et expliquera que ce système de contrôle – la peur d’une surveillance omniprésente – est présente à de nombreux stades de notre société : à l’école, dans l’entreprise, à l’atelier et bien au-delà de la simple prison.

Un système panoptique est donc un système qui entretien une illusion de surveillance doté de capacité de répression afin de forcer les personnes à se conformer et à obéir à des règles. Il n’y a aucun besoin que cette surveillance soit réelle ou efficace, il suffit qu’elle soit visible et présente dans les esprits.

Privacy sucks

Identité « par défaut »

Ce qui est public c’est ce que l’on connait d’une personne lorsque l’on l’on interagît avec elle. Comment elle s’habille, sa coupe de cheveux, les stickers sur son laptop, sa photo de profil sur Facebook, le contenu de sa page Wikipedia où les résultats de recherche retournés par Google quand je cherche à savoir à qui j’ai affaire.

Bien entendu, la façon dont on est perçu par les autres dépend des normes sociales. Le fait d’avoir les cheveux longs n’a pas le même impact pour les garçons aujourd’hui qu’il y a 40 ans. Et il est également parfaitement possible de jouer avec ces codes pour passer dans une autre classe sociale que la sienne. Porter une blouse blanche vous fera passer pour un scientifique – et vous permettra de bénéficier d’un biais d’autorité – de même que porter un costard vous rendra plus crédible auprès de votre banquier pour obtenir un prêt.

Cet ensemble de code sociaux qui permettent de définir rapidement l’appartenance d’une personne à un groupe social est définie comme l’identité sociale. Cette identité sociale – à ne pas confondre avec l’identité personnelle – permet généralement de compléter ou de projeter les parts non explicite et non publique d’une personne. Typiquement, quelqu’un qui traine sur le chan #tor@oftc aura une identité sociale de hacker, avec tout ce que cela implique. Les hackers étant majoritairement des hommes blancs cis-hétéros, à moins qu’une personne n’explicite directement certains aspects de son identité personnelle – et donc abandonne une part de sa vie privée, j’aurais tendance à supposer que je parle à un homme cis-hétéro lorsque je parle avec quelqu’un de ce canal IRC.

L’assomption "On the internet nobody knows that you’re a dog" part du principe qu’il est possible de ne pas avoir de marqueurs sociaux en ligne. En effet, lorsque l’on se connecte il est parfaitement possible de ‘passer’ pour un utilisateur standard. Un profil twitter non personnalisé, avec un pseudo non genré ne révèle que peu de chose sur vous. On ne sait pas si vous êtes un homme ou une femme, noir ou blanc, un chien ou un chat.

Mais notre cerveau a besoin de catégoriser les personnes pour pouvoir interagir avec elles. Pour éviter les impairs, mais aussi parce que notre cerveau fonctionne par analogie (et reconnaissance de motif) et que des hormones telles que l’atropine permettent d’amplifier ces comportement.

Et un utilisateur d’internet a une identité sociale. Plus de la moitié des utilisateurs d’internet sont basés dans les pays dit développés (Europe et Amérique du Nord principalement), et l’utilisateur "moyen" (au sens statistique) d’internet est donc un homme blanc cis-genre hétéro. L’identité sociale d’un utilisateur d’internet est celle-là. Ce qui veut dire que, à moins d’afficher des marqueurs permettant de vous classifier en dehors de cette identité sociale, j’aurais un ‘passing’ d’homme blanc cis-genre.

Quand j’ai une photo de profil d’œuf dans ma timeline sur twitter, je suppose que cette personne est un homme blanc cis-genre. Je lui assigne inconsciemment cette identité, et je m’attend à ce qu’elle se conforme à cette identité.

De même quand je croise une personne dans la rue. Les données que j’emmagasine sur elle en analysant la façon dont elle s’habille, se coiffe, marche, la façon dont elle parle, tout cela me donne des indices sur l’identité sociale de cette personne.

Cette identité n’est pas nécessairement son identité personnelle, il est important de le noter. Si je m’habille comme ça, c’est parce que j’ai envie d’être identifié comme un hacker, ce n’est pas forcément pour ça que je pense en être un. De même une personne efféminée passera pour une femme ou un homo, même si ce n’est pas nécessairement comme cela qu’elle se définirait.

Cette identité "par défaut", sociale, fait que pour pouvoir exister hors de cette norme, pour pouvoir être considéré par les autres comme ce que l’on est et non pas comme cette identité par défaut, il est nécessaire d’abandonner partiellement notre vie privée. Le fait que je vous dise que je soit bisexuel me permet de ne pas être entièrement classé dans cette identité par défaut, et donc d’enrichir une diversité d’identité. Cette diversité peu s’avérer vitale dans un système social, nous le verrons plus loin.

L’identité par défaut peu cependant avoir des avantages. Par exemple, LEGO en choisissant de faire ses figurines à la peau jaune avait établi à l’époque que c’était pour éviter les histoires de racisme. Ce jaune plastique à d’ailleurs été réutilisé un peu partout comme couleur ‘neutre’ et a été dérivée un peu partout. Les smileys et émojis jaunes par exemple.

Sauf que cette couleur a été assimilée à la couleur par défaut. De même que le blanc, ce jaune est devenu la couleur de peau par défaut, et donc ce jaune est devenu synonyme de blanc. Spécifiquement, lorsque la firme LEGO a commencé à développer la licence Star Wars. Lando Calrissian fût un des personnages à ne pas avoir sa mini figurine.

Plus tard, le set LEGO Sports représentant différentes personnalités du sport, donna aux joueurs de la NBA une peau noire, ce qui valida bien que la couleur "par défaut" jaune est en fait celle du système dominant en place. De même les emojis – au début tous jaunes – sont maintenant déclinés dans de nombreuses tonalités de peau afin de permettre à chaque personne de choisir comment elle veut être identifié.

Il y a aussi un trope au cinéma qui établit que l’homme est le "défaut" pour l’humanité. Un personnage de fiction est, par défaut, mâle. Si c’est une femme, il y a une raison spécifique pour – ou alors cela va générer une vague de commentaire et d’attaque. C’est ce que l’on appelle l’androcentrisme : on considère qu’une femme est une "anomalie" alors qu’elles constituent en fait 50% de la population humaine.

Le problème de cette identité par défaut est que, du coup, elle impose à celleux qui ne veulent pas être associées à cette identité par défaut la responsabilité de se démarquer, et de devoir abandonner des bouts de leur vie privée en les affichant car ces éléments sont privés pour les personnes se conformant à l’identité sociale par défaut.

Injonction à l’invisibilisation

Le discours que j’entends beaucoup dans le milieu geek/cryptonerds est basé sur le fait que l’on a forcément quelque chose à cacher et que donc, il faut nécessairement le cacher. Il suffit d’assister à un Café Vie Privé, ou de regarder les intitulés des conférences de l’Ubuntu Party par exemple.

Le discours est – en gros – vous devez tout dissimuler car le gouvernement/Facebook/Amazon/Google vont exploiter toutes ces données pour vous oppresser, vous exploiter, vous transformer en vache à lait et vous déshumaniser.

Selon ce discours, on devrait tous accepter l’identité par défaut. On devrait tous être des hommes blancs cisgenre hétérosexuels, puisqu’on ne devrait afficher aucune différence par rapport au modèle par défaut.

En suivant ce discours, les personnes opprimées parce qu’elles affichent une différence devraient cacher leur différence derrière leur vie privée et se conformer au modèle dominant et oppressif, au lieu de questionner ce modèle oppressif en affichant leurs différences.

Cette injonction, ce devoir d’utiliser sa vie privée pour se protéger des agressions, pose un double problème. D’abord, parce qu’il est formulés essentiellement par des hommes cis-hétéro blanc qui correspondent beaucoup à l’identité par défaut. Ces personnes n’ont que peu de choses à craindre d’un système oppressif car elles font parties – volontairement ou non – de cette classe oppressive. C’est donc une injonction d’oppresseurs à opprimés qui est formulées dans ce discours.

L’autre problème sous-jacent est que, si je suis discriminé, agressé, tabassé parce que je suis bisexuel et que je le revendique, alors on me dira que je n’avais qu’à dissimuler cette particularité. Que je n’avais qu’à me taire et me conformer. Ce discours ne remets pas en cause l’oppression systémique et classiste, voire l’encourage. Après tout, si quelqu’un n’est pas capable de chiffrer correctement ses communications et se fait prendre, ben c’est qu’elle l’a bien cherché, elle n’avait qu’à utiliser Tor.

Demander à supprimer de l’espace public les spécificités et les différences des uns et des autres, revient à uniformiser tout le monde derrière l’identité par défaut. Parfois utile pour mettre en retrait des informations qui pourrait parasiter un discours vis à vis d’un oppresseur – typiquement le black bloc ou les anonymous – cette uniformisation est nuisible si elle est maintenu en permanence et dans tous les espaces de notre société.

Déjà, parce qu’elle augmente l’entropie nécessaire à afficher une différence. Si personne n’est comme moi, alors il est coûteux d’afficher cette différence, et cela pourrais même être vain. Après tout, si je suis seul à ne pas être comme les autres, je n’ai aucun intérêt à l’afficher.

Mais surtout parce que cette uniformisation est présente partout où je vais. Dans la rue, le métro, au taff, dans les conférences techniques, etc…. L’espace public n’appartiens pas aux minorités. Le discours de la Manif pour tous – et leur défense quand on les accuse d’homophobie – est qu’il n’ont rien contre les homos, du moment qu’ils ne s’embrassent pas dans la rue. Ils justifie cela par une agression de leur modèle exprimée par le fait que deux personnes du même genre se tiennent par la main dans la rue ou s’embrassent.

Cette injonction à la vie privée est une ostracisation. Elle force les opprimés à se regrouper dans des endroits safe, dans des ghettos, dans des quartiers à eux où ils peuvent exprimer leur identité sans se faire emmerder. Demander à quelqu’un de tout chiffrer, de ne pas utiliser facebook ou Google parce qu’elle pourrait être profilée, c’est mettre la responsabilité de l’agression sur la personne qui aurait afficher une différence, qui aurait pu très bien se conformer.

Dire que si je ne chiffre pas mes communications et que je ne me conforme pas à l’identité dominante par défaut alors le gouvernement viendra m’emmerder, c’est valider le fait que le gouvernement est légitime pour aller emmerder les personnes à la marge. Dire que pour me protéger du harcèlement en ligne, il suffit que je ne dise pas que je suis une meuf, revient à ne pas remettre en question le fait qu’il y ait du harcèlement.

L’injonction à la vie privée permet, in fine, aux dominants de ne pas e remettre en question. Cette injonction au chiffrement permet de ne pas attaquer l’état sur la légitimité de la surveillance massive. Ce n’est pas parce que je n’utilise pas Tor que la NSA a le droit de surveiller mes communications.

Mais au final, la question la plus important à laquelle ne répond pas le chiffement c’est que si tout est privé, alors qu’est ce qui est légitime à exister dans l’espace public? Qu’est-ce qu’il est légitime de faire en public? Si tout le monde à la même apparence, le même genre, le même uniforme, au final quelle liberté j’ai dans l’espace public? Si porter une cravate rouge au lieu d’une cravate noire deviens un acte subversif, qu’est-ce que ça nous dit de notre société?

Le refus de la vie privée comme acte militant

Rendre publique une partie de sa vie privée est un acte militant. S’affiche comme membre de telle ou telle communauté, et donc hors de la norme établie, permet de faire évoluer cette norme, de réduire l’entropie d’être différent.

C’est une stratégie qui a déjà été beaucoup utilisée. Le manifeste des 343 salopes par exemple a permis de faire avancer le débat sur l’avortement en France et à amené à la loi Weill. 343 femmes ont abandonnées une partie de leur vie privée et se sont reconnues coupable d’un délit, afin de remettre en question ce qui à l’époque était l’état de la loi.

C’est également la stratégie du coming out développée par Harvey Milk entre autres, stratégie qui permettra son élection au poste de maire d’un district de LA, puis à son assassinat.

Cette stratégie est basée sur le fait que si une personne straight connait une personne homosexuelle, que c’est un ami, un frère, une sœur, alors il y a moins de chance que cette personne straight considère l’homosexualité comme une tare ou que la discrimination contre les homos soit quelque chose qui ne la concerne pas.

S’afficher ouvertement comme faisant partie d’une minorité permet aussi aux autres personnes de cette minorité de ne pas se sentir seul⋅e⋅s ou abandonné⋅e⋅s. Cela leur donne un contact, un point d’entrée vers des groupes d’entraide et de soutien, et cela peut amener d’autres personnes à essayer de comprendre les oppressions systémiques.

On le voit, par exemple, dans le mouvement féministe sur twitter. Les féministes font blocs et se soutiennent parce qu’elles se revendiquent en tant que telle. Certes, cela les expose a du harcèlement en ligne et hors ligne, mais avoir un groupe, une communauté, leur permet de aprtager leurs expériences, de se soutenir quand ça ne va pas, de faire front contre les agressions et aussi de s’autogérer c’est à dire de pouvoir s’organiser entre elles, sans qu’un homme blanc cis-hétéro viennent les "aider".

Cette autogestion permet la réappropriation des espace publics. Qu’il s’agisse d’espace hors-ligne – tels que les marches de nuits ou la non-mixité dans certains lieux – ou en-ligne – avec tumblr par exemple qui est essentiellement féminin – cette réappropriation de l’espace public n’est possible que par un abandon partiel de sa vie privée.

En exprimant une injonction à la vie privée et donc en validant le système oppressif actuel, vous empêchez cette réappropriation de l’espace public. Vous forcez les minorités et groupes opprimés à n’exister que dans la sphère privée, loin des regards. Vous les forcez à la clandestinité, à exister hors de votre espace public.

Cette mise à l’écart, cette ostracisation forcée gomme de l’espace public les personnes concernées. Elles n’ont plus le droit d’avoir une identité sociale en lien avec leur identité personnelle. Dans 1984, si tout le monde porte un uniforme c’est pour qu’il ne soit pas possible d’exister hors de l’Angsoc. Les seuls qui ne portent pas cette uniforme sont les personnes qui ne sont pas membres du parti et qui vivent dans les bidonvilles. Ces personnes n’existent pas pour le personnel administratif.

Si vous empêchez les femmes d’exister sur internet, ou les LGBT, alors vous les invisibilisez. Vous leur refusez le droit de s’exprimer dans l’espace public, vous les empêchez de verbaliser les agressions qu’elles subissent. Et si ces agressions ne peuvent être verbalisées, alors peut-être qu’elles n’existent pas. Ou qu’elles ne sont pas systémique. Si je me fais fouiller par les flics, ce n’est pas parce que j’habite à Saint Ouen et que j’ai l’air d’un dealer, c’est juste un contrôle aléatoire. Si il n’est pas possible de faire de statistiques sur les contrôles au faciès parce qu’il n’est pas possible de faire de statistique ethnique, alors il est impossible de mesurer efficacement le racisme de la police.

Si on ne peut mesurer le racisme de la police, alors c’est qu’il n’existe pas. On ne peut pas en prouver l’existence. Tous les débordements et toutes les bavures seront la faute d’individus, pas d’un système raciste et oppressif.

De la même façon, en demandant à tout le monde de tout garder privé, vous validez l’invisibilisation des minorités, vous leur niez le droit et la possibilité d’exposer des oppressions. Faire le choix militant de se revendiquer d’un groupe social, d’abandonner une partie de sa vie privé, est le seul moyen de confronter la société à ses inégalités et injustice.

Ce n’est pas du tout un choix aisé et il y a de nombreux endroits dans le monde où je ne pourrais pas dire que je suis bisexuel sans être instantanément menacé de mort.

Privacy rox

Comme moyen de défense

Ces discriminations basées sur l’identité personnelle sont la raison pour laquelle toutes les déclarations des droits définissent un droit à la vie privée pour se protéger contre ces discriminations.

Ce droit permet à chaque personne de s’aménager un espace personnel dans sa vie quotidienne, espace dans lequel il lui est possible d’essayer de se construire de se définir.

La vie privée permet d’avoir un espace d’expérimentation, un espace dans lequel on peux essayer des choses ou faire des choses que l’on a pas nécessairement envie d’exposer au public parce que l’on ne sait pas encore si on approuve ou pas ces choses. Il peut s’agir par exemple de questionner son identité de genre ou sexuelle, de se demander si le FN n’aurais pas tort et proposerait des choses intéressante ou même de faire une blague sexiste.

Après tout, dans un cadre privé et où tout le monde se connaît, il est possible de baisser sa garde, de laisser échapper un mot ou une blague oppressive et que cela soit compris comme cela, comme une erreur, comme un dérapage ou juste comme un lâcher prise. Et ce n’est pas parce que l’on lit Mein Kampf que l’on est nécessairement un sympathisant d’Adolf Hitler.

Ces expérimentations, sont extrêmement importantes car elles permettent d’apprendre. En explorant des voies alternatives sans être soumis au jugement des autres, il deviens possible de se construire, d’essayer de se définir.

On peut parfaitement avoir besoin de Windows pour travailler, parce qu’il n’est pas possible de faire changer seul toute la politique des système d’information d’une entreprise de 600 personnes et pour laquelle on est qu’un employé comme un autre. Ou juste parce que c’est plus pratique pour dépanner l’ordinateur des personnes qui viennent aux Repair Café et que non, on ne va pleur mettre Ubuntu parce que ce n’est pas la raison pour laquelle ces personnes sont venues – et que l’on ne veut pas qu’elles nous appellent dès qu’un .docx va planter sur leur machine. En revanche l’annoncer ici, publiquement, va déchaîner l’ire de nombreuses personnes.

Ou bêtement parce qu’un rm -rf –no-preserve-root / malheureux va vous exposer à d nombreuses années de moqueries.

L’espace public n’est pas vraiment un espace tolérant à l’erreur ou à la différence, essentiellement parce qu’il est accaparé par les oppresseurs. La vie privée permet de se négocier un espace dans lequel exister sans se confronter aux oppressions. C’est dans ce sens que la DUDH protège – par son article 12 – les citoyens contre les immixtions arbitraire dans leur vie privée.

Cette protection est nécessaire afin de permettre aux états de traiter tous les citoyens de manières égales. Se conserver une vie privée permet de se protéger contre les injustices du système ou de la société. Quand l’environnement extérieur cherche à vous stigmatiser et à vous rejeter, il est nécessaire de se conformer pour souffler et pour éviter d’être soumis à des violences physiques, sociales ou psychologique parfois extrêmement violente.

Il est également parfois nécessaire de passer pour quelqu’un du groupe dominant afin de pouvoir faire valoir certains points politique. L’identité par défaut, passe souvent pour une identité neutre et donc objective. Se parer de cette identité permet ainsi de bénéficier d’une aura d’objectivité qui permet d’asseoir son propos. Il suffit de voir les mèmes tels que "Fake Geek Girl" par exemple. C’est un mème qui se base sur le fait que les meufs n’y connaitrait soi disant rien en culture geek, et se base sur le fait qu’elle ne savent pas répondre à un obscur fait de trivia basé sur cette culture pour leur refuser l’appartenance à cette culture geek. Fait qui est – très souvent – ignoré par une grande partie des hommes faisant partie de ce groupe.

Se faire passer pour un homme dans ce milieu permet donc à une femme de ne pas se faire jeter dehors, juste sous le simple prétexte de son identité de genre non conforme au milieu, et donc de pouvoir se faire écouter par des mecs qui ne l’auraient pas écouter sinon.

Il y a aussi plusieurs espaces publics ou privés. Des choses qui sont parfaitement acceptées dans un sous-groupe, peuvent être sujet à discrimination dans un groupe plus grand ou différent. Démarrer un Mac OS X à NUMA sera parfaitement bien vu, mais vous vaudra quelques regards en coin si vous le faites au Loop. L’intersections et les interactions entre ces cercles sociaux et ces groupes rendent encore plus complexe et flou la notion de vie privée et de vie publique.

Surveillance de masse et discrimination

La surveillance de masse a pour but de pouvoir surveiller l’entièreté d’une population. Cette surveillance ne se limite généralement pas à l’espace public, mais concerne l’ensemble de la vie d’une personne ou – pour être précis – l’indexation et l’analyse de l’ensemble des données personnelles, privées ou non, disponible par une entité étatique ou commerciale.

Ce qui est surveillé devient, de fait public. Connu par l’état ou par les autres. Votre statut relationnel est mis à disposition du public par facebook, de même que votre identité de genre par exemple. La RATP sait quels trajets vous effectuez et peu donc vendre des publicités mieux ciblées aux annonceurs via sa filiale Metrobus.

Si tout est surveillé, tout est alors public. On se retrouve dans le modèle du Panopticon tel que envisagé par Foucault dans "Surveiller et Punir". On ne sait même pas si on est surveillé, mais le simple fait que cette menace existe nous force à nous conformer et donc à nous contrôler. Les boîtes noires de la Loi sur le Renseignement n’ont même pas besoin d’exister ou de fonctionner pour être efficace, il suffit simplement que nous soyons persuadés qu’elles existent et qu’elles analysent intégralement notre vie privée devenue publique pour que nous ayons déjà commencés à modifier nos comportements et notre rapport à la vie privée.

Dans un monde sans vie privé et ayant pour but de forcer au conformisme, alors l’anti conformisme devient suspect. Les personnes ayant le plus à perdre du panoptique sont les personnes qui refusent ce conformisme, car c’est elle que le panoptique cherche à identifier. Toute personne refusant de se conformer est désormais suspecte d’atteinte à la sureté de l’état.

De fait, la surveillance de masse est nécessairement discriminatoire. Elle ne concerne pas les personnes faisant parti de la classe dominante, ou désirant s’y conformer. La surveillance de masse ne va détruire la vie privée que des personne opprimées. Cette surveillance impose donc une forme de conformisme, d’uniformité et – on l’a vu – cette uniformité amène à une invisibilisation des marges et à leur suppression de l’espace public. Or, sans espace privé, ces personnes ne peuvent exister, il deviens impossible de formuler une oppression.

Se négocier un espace privé est donc un moyen de lutte contre la société panoptique et conformiste. Pouvoir vivre en dehors du système de surveillance de masse permet de préserver son individualité, qui ne peut s’exprimer que dans sa vie privée dans un système social de ce type. Sans vie privé, il devient impossible de formuler une idée qui va contre le système social ou d’expérimenter. Il devient impossible d’évoluer ou de se penser différemment des autres ce qui amène à la disparition de toutes les différences vis vis des autres et à l’assimilation de notre identité personnelle à notre identité sociale. Nous ne sommes plus des personnes mais des fonctions et des rôles.

L’invasion de notre vie privée par toute sorte de système panoptique (administration et état d’une part, mais aussi toutes les entités se gavant au big data) amène donc à la suppression des individus et à notre assimilation à une identité sociale hors de notre contrôle. Il est donc littéralement vital que nous reprenions le contrôle sur nos données personnelles – qui ne sont jamais définies comme privées par les opérateurs – afin de savoir qui a le droit de savoir quoi sur moi. Quitte à ce qu’Amazon ne puisse pas me proposer de livre que j’aimerai à tous les coups.

Conclusion

La vie privée est donc quelque chose d’extrêmement important, on l’a vu elle seule permet de pouvoir remettre en question un système oppressif et conformiste en permettant à chacun de se construire son identité personnelle.

Cela dit, l’injonction à la vie privée, dire à tout le monde qu’il faut tout cacher, c’est justement se conformer au système panoptique. C’est refuser aux individus le droit d’exister comme ils le veulent.

C’est un droit consacré par plusieurs déclarations des droits humains. Mais c’est un droit, pas un devoir. Je n’ai aucune obligation à cacher mon identité sexuelle, ni à la révéler. C’est un choix que je fais et que je suis seul à pouvoir faire.

Et c’est un choix qui évolue dans le temps et le contexte social. Ce n’est pas parce que je balance des choses sur moi dans un cercle social défini que je le ferai dans un autre. Il n’y a pas de règle universelle de ce qui doit être privé ou public, il n’y a que des curseurs que l’on essaye de contrôler pour exposer plus ou moins de sa vie privé, pour différentes raison.

Mais oui, il est absolument nécessaire de réfléchir aux outils pour protéger sa vie privée, notamment en ligne. Mais il faut aussi se poser la pertinence de ces outils et de ses usages. Ces outils doivent permettre aux personnes qui le désirent de choisir quelles informations rendre publiques et lesquelles doivent rester privées.

Il faut aussi se poser la question de la lutte globale contre la surveillance généralisée, parce que Tor, GPG, OTR ou autre ne sont pas la solution universelle. Ces outils ne résolvent pas le fait que les états est

PJL Renseignement … stop fleeing!

PJLRenseignement

If you haven’t heard, there’s an emergency law currently “debated” in France, which wants to legalize illegal practices from the Intelligence services (both domestic – DGSI – and foreign – DGSE) and gives them impunity, circumvent the judge, and goes to a massive discriminatory surveillance.

The hashtag is full of report of people opposing it (from Human Right defenders and NGOs to citizen collective such as LQDN to companies and business of all scale). So yeah, it’s the law NSA’s head is dreaming of.

There’s two issues I want to discuss at hand. Not sure how it’ll end, but here it goes. The first one is why fighting surveillance is – in my opinion – the wrong fight and the wrong way of doing it, there’s more to this than just surveillance. The second is about all the geeks and hackers trying to flee out of France, to move their businesses out of it and other “abandon ship” strategies.

Fighting surveillance

So, surveillance. As Quinn Norton and Eleanor Saita stated one year ago in their talk at 30C3, surveillance – in itself – is not inherently good or bad. Surveillance is watching, and – when you want to interact on something – you need to watch it. It’s hard to grab precisely something in the dark (you can do it, but it’s hard).

You need surveillance to expose corruption for instance. Or fascism. Or any wrong doing in fact.

So, the issue discussed is not – and should not be – the surveillance per se. The issue is that this whole process is secret, hidden, non documented, without control or regulation.

What does it mean? First, it means there’s an asymmetry in information. Something knows more about me than I’m able to know about them. What you do not know controls you, it means that this imbalance of power makes the state having more control over you.

It makes them able to act upon you on a discriminatory way. The gigantic issue here is that. It’s not the surveillance, it’s the lack of control. It’s the fact that no one is watching the watchers and have way to act upon them. What frighten me most in this law, are the wording used “secret defense”, “higher interest of the state”, “impunity for state agent” and things like that.

I’ve ranted on twitter about the black boxes that will be able to algorithmically identify threats. The thing is a lot of people lost sight of what an algorithm actually is.

It’s a parametric mathematic function applied to a set of data in order to classify information – or at least that’s what is intended in this specific use case. The magic words in algorithm, machine learning, classification system is just this: parameters. The way you choose your parameters will change the way you classify your data.

How many occurrences of jihadist related news you need to have in your browsing history to be classified as a jihadist? Hom many hours a day you spend in this chatroom? How many times a week you go there?

Those numbers – the one that we as citizens will never heard about – are political tools. The way you choose them, and why you choose them create classification of people and will make you decide who needs to be swatted or not. That’s where the ugliness begins. Those numbers will be chosen to discriminate people depending on their backgrounds.

I mean, they’re already discussing about exceptions for surveillance – especially for journalists – which means that they’re clearly lie when they say it’s an anonymous data collect, they’re already discriminating people based upon their traffic.

So, the surveillance is not the issue. Neither is the privacy. The issue is the lack of control. The issue is the absence of transparency. And stop fighting surveillance saying you have a right to privacy. That’s true, but then it enable politician to call for the “right to be forgotten” which will only help them evading justice.

The issue is that mass surveillance, done by an oppressive system is a tool of segregation and racism. Because in the French context where we do not speak about Arabs anymore, but only about Muslims (and in a way that makes people think that all Muslims are Salafists and potential terrorists), I’ll bet 2 BTC on the fact that they will be the one specifically targeted by this surveillance.

Same goes for the poorer of us. Who happen to be the ones who are not the white guys, who are also the ones who fight for survival and acceptance at all time. I’m quite sure that if the system catchs a white and rich guy, he will go in the false-positive trash and nobody will incriminate him.

So, stop fighting surveillance for the only sake of it. I should not need privacy in a non-oppressive system – that’s even how you determine you’re leaving in a non-oppressive regime: what you do and what you are cannot be held against you as long as it does not threaten the safety of someone else. But go fight the state implemented discrimination.

Don’t run away. Fight.

Which leads me to this other point. We – as citizens, as a collective – need to fight that. I refuse to abandon the ship. I’m witnessing a lot of data-exodus. People actively looking to host their data abroad. Commercial companies – such as OVH – are looking to build datacenter elsewhere.

I can understand why a company would do that. They would because they intend to respect the law. Because they do not want to risk their existence to protect their customers, so they’re running away. But the thing is, if you flee, then what will happen when the country you’ve fled to will also change their law and regulation? Flee again?

That’s not a sane way to do thing. That’s why we have civil society, to oppose the state, to try to restore a bit of balance in the power repartition. If you flee, you say to the state: you can do whatever you want, I just do not care about it.

If you’re a big company, which a lot of money, yes, it might have some power against the government, they will have to choose between reinforcing their power or keeping some jobs in the country. But, well, if the state initially wanted to defend their citizens best interests they won’t be trying to deprive them form liberties, right?

So, fleeing will only preserves you. And, well, you’re still a French company, with offices in France, so you still need to obey the law. OK, you’ll be somehow outside of the DGSI reach. But your customers won’t, since they’ll still be in France and they’ll still connect to your infrastructure from France, from inside the Dragnet. Which, basically won’t protect them and can even gave them a false feeling of security – which is worse.

What can you do? It’s time to protect your customers, your users. The people who’ve put trust in you. You do have a choice – and it’s not an easy or simple or risk-free one. You have to choose between taking care of your users, and actually hold the promises of security you’ve done to them or obeying the law. That’s call civil disobedience and yes, you can end up in jail. But you’re not alone, and a legal defence fund is something you can create or ask for help.

Yes, it might seem easy to say. But that’s what I intend to do with my project. Providing tools for activists and militants groups who need them. In a way that will try to preserve most of their privacy. I do not intend to respect the law to do that. I do not intend to hide myself.

Hosting data for other people is a political statement. I’m sick of hearing people asking for a country where they could safely hosts their data. You can do it wherever you want, if your government has decided to jail you, they will be able to do it – wherever your data are. What we need is not a list of foreign hosters who are out of the French territory and jurisdiction, what we need is a government who actually protects us, not themselves. What we need is actually to take a stance.

Privacy café, camp, cryptoparties et al is good and nice, but it does not solve the main issue. When are we really going to show those who’re in charge who actually is? When are we really going to send them a middle finger?

Do not flee. Do not let them scare you. Fight back. Federate. Protect the

My depression

I’m depressed. It’s quite obvious if you look at it from the symptom part. But I’m still reading or getting comment from people who thinks it’s just a small blues – like a Monday morning blues when the week-end is done and you’ve got to get to work.

It’s like saying that the small bruises you got for falling of your bike is the same thing that getting your leg rip apart without anesthetic or – if I believe what women told me – deliver a child.

First thing is you do not live with a depression. I do not live. Living implies being able to project yourself in time. The closest thing I found about this state is stated by Buffy. In this part of the show she’s obviously depressed, she’s just going through the motion.

My depression takes this form. Time is just irrelevant, I’m stuck into the now and go forward or look backward. It’s not apathy, because apathy doesn’t removes you the capacity to make a difference between next week, yesterday and next year.

This has insidious effect. For one, I’m unable to move forward. I cannot just going better because it implies to project myself into the future. Happiness is an alien concept and I do not see the reason to live. It’s absurd and it has no point, in the end I’ll die. I could as well kill myself, it would not change a thing.

Another thing is that my depression is not a lack of feeling. It’s quite the opposite. Anticipation – meaning something I know will happen in the next few hours – generates anxiety attack. Those attack manifest by an unability to think and sort my thoughts, shacking, craving, loghorea, headache. I have pills to take to calm this down (Valium).

I feel. A lot. Too much. Reading a mail I slightly disagree with will makes me burst into rages. Picture or news of protesters shot by cops will makes me cry and fall in a near catatonic states. I’m only nerves and I can react violently to someone who touch me – even if it’s someone I love.

That’s called exhaustion of emotional bandwidth. Where non depressed people have a way to manage, delay and rationalize their feelings, I have lost this ability. This is because I have something in my brain – Serotonin neuro transmeters who don’t catch the Serotonin – that makes me in a perpetual state of stress and hypervigilance.

I’m scorched and even the lightest of the wind hurts like hell. There’s no end, no light at the end of the tunnel. I’ve got no memories of happiness – that’s another aspect of this thing. I can have some joy, some people can makes me smile. But it does not last. Soon, it’s another wave – or tsunami

  • of feeling that come and overwhelm me.

So no, I’m not living with a depression. I’m drowning into it. I take drugs to help me, they gave me some buoyancy. Friends keep trying to maintain this buoyancy. But there’s always the calm of the abyss down below, under my feet. One day I’ll stop fighting and I’ll drown into the abyss.

I won’t be at peace, I’ll cease to exist, feel and think. And from my point of view it’s like heaven. It’s the end of the line. End of the pain. And it’s

Libertarians

Context

So, I receive queries for people wanting my point of view on various things – ok no, on internet and surveillance, privacy and stuff like that, they do not consult me for issues like climate change and the like. So my email adress is like public data, and people finds me.

It’s not always easy, because there’s a lot of people out there wanting to do a subject on “hackers” without more precision. You need to asks them a lot of things, help them to understand that “hackers” in not a precise enough subject and that they should focus on a specific problematics. And then you need to know the media who’s asks for the job, especially when you’re dealing with students in journalism.

Speaking of student in journalism, I try to be available, to answer them or to put them in contact with others more suited to answer their specific questions.

That’s why this one is a tough one for me. Because it puts me in front of a paradox. I always thought that convincing people needs to talk to them. I inhereted that from Telecomix, and I tried to do it on each occasion. If someone as an angle that I disagree with, then it’s probably because one of us (at least) is missing a point somewhere, and it can only be solved by more discussion.

However, I know the media behind the query. And they’re known to pose hackrs as sociopath who are after your credit card. They capitalize on fear, not on information sharing, and I tried twice to get around that and it did not work.

Hence this blog post. It’s the email I shoud probably write to this person, but I think it might be beneficial to have it somewhere more public. Name are changed, and no metadata of the original mail. Traduction is mine.

Questions and answers

Hello Okhin

Hey Mat,

I’m 19, and I’m writing and embodying a TV documentary in which I try to prove to my parents generation that, no, I did not abandon my privacy, and that Internet is more than a simple tool for my generation.

Cool. Sounds like a good project and I agree that your generation didn’t abandon their privacy, even if you – and I – spent a good part of it online. And I couldn’t agree more on the fact that internet is not only a tool, it’s a form of communication that enables a lot of different form of societies.

I’m focusing on the problematic of Digitals Native freedom, close to the freedom concept of the libertarian (like Larry Page, Elon Musk …) who emphasize the freedom and happiness of the man. My generation is not Foucault’s one, meaning a generation institutionnalized from childhood to retirement, but the libertarian’s ones, building a new world of economic collaboration in a reinvented society.

I’m not a libertarian. Libertarian – at least in the French way – are basically asking for total freedom for corporations (either single person company of worldwide megacorporations). Libertarian choose to inforce economic freedom over social ones.

And you do it also. You’re not speaking about the social aspect of internet, how Internet did change the balance of power between egemonic corporations, states and citizen. No, the aspect you’re focusing one is the economic one. Larry Page and Elon Musk are probably visionary, they did help to build a non-sentient AI, and to fix part of the way we exchange money.

But they’re building a world for an elite. We’re still below a tird of the worldwide population connected to the internet. Worse, most of the countries not connected to it are currently exploited by neo-colonial corporations to exploit them in order to build all those gadgets we use everyday to make our lives easier.

The world for those libertarians is a world where the weak can’t exist. I do agree that economic freedom might help – wel, economy is clearly not my strong suit – but we’re elaving in a world where companies – through Lobby group – actually pass law and can sue states under secret trade agreement.

For me Internet is a social tool. It can helps connect people, build communities, strengthen social link, and get a better understanding of the world. It can helps people throwing away a governement, organise dissent, but also to have care and help of communities members.

Yes, it can be used to build “new” economic system – altough libertarians are around since before Internet so I really do not think a totally free and unregulated market that will have no other purpose than justifying its existence and not to support mankind is something that exited long before the internet (since the first industrial revolution I’d say).

And I do think that the biggest mistake pioneer of the internet did back in 1990-ish is to allow advertisment network and monetization system to get a foot on internet. It certainly fast-tracked the “massive” adoption of internet, but it also give way to much power to those few groups who earned a lot of money selling those advertisment to take control of data – and part of the infrastructure.

I’d rather have an internet build by a community and for communities – using taxes and yes a state – the purpose of state is to maintain wellfare and infrastructure for all people not to govern.

It will be embodied documentary for the mainstream audience.

Currently, I’m focusing on a different angle. I think that I could make a stronger point if I speak about code. “Code is Law”, while showing that conding nowadays, is having power. What I wrote here is EXTREMELY narrow, but I try to know more on this subject (for instance [A state TV] is interested by my project only if I develop this part) and to have a good grasp of the issue. I also need time to immerse myself into this culture.

So, you want to basically say that hackers – people who codes and understand it – are an elit and that they’ve seized control of the world? It might be true (there’s currently an elitism in this so-called hacker community which is an issue), but I try to oppose it as much as I can.

That’s why there’s free software. Free software exists to ensure that no elit could be left in charge because they’re the only one to know how things works. That’s what’s in the hacker manifesto after all, And in every things that hackers do.

And also, if you really need to code to use a system, then you should need to build a car to drive it. You should need to know agronomics to eat vegetables. Even if I do admit that all those exampls are true, there’s a big issue in it, it states that we are born with all the same capacity. Which is false. Prejudicies, handicaps, social stigma, life accident, all these can lead to someone not being able to code. Or to understand how a car angien works, or what are the implication of eating meat instead of vegetables on the global scale.

You cannot asks to a single mother of three to learn how to code to use a system. And still, she can use it. And that’s a good thing. If you make code skill a requirement to use internet then internet is no longer a tool for emancipation, it became a tool of oppression. I want my communities to be inclusives. I want care takers in my communities. And I think internet enable that. And I really think you do not need to code to do that. Or to send enrypted email – or at least you shouldn’t.

So no, I will not say that code is a requirement to live in our world. Even if the french governement currently thinks that we need to teach kids to code instead of – for instance – criticism, building a thinking process and giving thel the key to explore and understand the world they live in.

I’ve came to see you with the director at a conference you made and we really liked your way to explain the issue 🙂 [This is a reference to this talk]. In this case, with our documentary we’re clearly speaking to “old farts” who tries to graps the issues of the Internet world. It’s kind of rare to be able to get this mssage out on the television even if it done – it’s true – simplistic approach (the young connected person that I embody, etc …).

Yeah, well, since you’re condescending with your audience I have big issues. Also – and you’ve probably never been confronted to that since you’re a young documentarist – a national TV will never let a positive message about internet get broadcasted.

I mean, I’ve tried twice. I got burned, I stop. If you think you can do it, then go for it. But you really should stop considring that people who aren’t conencted to the internet or who doesn’t see it the same way you see it do not live in the same world than you. They have a different culture, but you both share the same world. And excluding them from it won’t give you a better world, it will give you a world where you’ll be in power.

So yes, I could have accepted to meet you, but I will not. You can go see a lot of people, for instance Stéphane Bortzmeyer can probably deals with the “code is law” part. But I will not because I disagree with a lot of your ideas.

I hope you’ll find some answers in this post, and that it will raises some questions.

I wih luck in your project.

Back Online

Last year (or so)

For the last year, and a good part of the year before, I was working for a NGO: The International Federation of Human Rights as an ICT manager. Which – for anyone who ever worked as an operational engineer in an NGO -implies doing way to much work. From helpdesk to help to write reports about internet censorship, from system administrator to webmaster, from training activists during clandestine mission to training officers to use free software. It requires adaptabality, skills and an iron will when it tuns to defend free software on a daily basis.

I learned a lot of things there. Working with interesting people doing advocacy for human rights in the whole world brings a lot. Passionat and dedicated people. I learned what human right are and why they’re important. I developped a lot more cynism than what I previously had – and yes, it means a lot more of cynism – mostly due to some way of realism. I developped a better comprehension of how diplomatics and economics intertwined themselves.

I also learned that you can eshift extremeley fast from defending rights to defending your interests. I see egos destroying interesting project. I witnessed personal interests taking over principles of humanism. I was confronted more than once to paradoxes – for instance people advocating for right for the worker in asia and begging for Apple computers.

I also leraned a lot about me. For instance that I’m not meant for help desk. It’s too much stress and it makes me wanting to rip the throat of people with my teeth. I ended more than once a phonecall for support in a state of almost blind rage and needing to go out and walk or hit something. Or crying. I discovered that I probabaly developped a traumatism by being exposed to too much videos and pictures and texts about horror in the world. I had at least two diagnosed burn-outs in those 15 months. And I did anxiety attack on the job – not because we had attacks on our infrastructure, this part of the job is the kind of pressure I do manage.

I’ve been diagnosed with a severe depression, and for the last two month (or so) I’m now under drugs to keep my mind out of the suicide path he wanders on.

Off the grid

My contract is now over. And believe me, it was a great experience and I do not regreat it at all. I cannot afford to continue working like that though and I needed a full month off the grid.

No talks, no interviews, no code no nothing, not going to the hackerspace. Just playing video games (so in the last month I’ve done Dragon Age Inquisition, Mass Effect 1, 2 and almost the three, Saint Rows the Third and Saint Rows 4, Shadowrun Returns: Dragonfall) and watching movies and tv shows.

And sleeping (10 to 12 hours a day, thanks to melatonin). I’ve spent a lot of time inside my flat with my bunnies and getting out only for food – and the occasional social event with two or three people.

I’m still in this kind of state. Stuck in the present, unable to get outside and to walk into the world o to project myself into the future. I’m witting this from the café down the street, and it took me at least a full week to find the motivation to get there and write this (and read my mail).

So yeah, I was a bit off the grid. Off the world. I used part of this time to think about what I’m going to do next. I cannot imagine doing a job which is not inline with at least some of my political views, which blacklist most of the startups and comapnies I know.

I cannot work for other association or NGO because they will have the same issue and need for a five legged sheep as an ICT person. That rules a lot of things out.

Back online

So, I have no other choice but to find a way to pay the bills and to try to contribute to fight for a world with a bit more fairness in it. The thing that most collective lacks is a way to manage their online data.

Most of them relies on youtube – for instance – to upload their videos, exposing wrong doings and the like. Or use a centralized web services for managing their emails or to share documents.

Most of those collectives have other priorities than to learn key management, or to maintain a dedicated servers. It can even be illegal or dangerous for some of them. When reaching out to a foreign journalists or tweeting about your givernement can have you locked up in a jail without trial, you do not have the time to learn GPG, or how to host a website in TLS.

But this is things I was doing for the last year (and the years before with the telecomix crew). It’s something I wrote about, and I’ve been running cryptoparties for a while.

Also, there is a lot of projects promising about privacy and security of communications. Most of them needs that someone runs a server with the code and maintain it. Which is out of scope for most of the organisation and collectives I know – heck even the nation-wide newspaper here barely have the ressources for it.

This is what I’m going to do. I’ll try to find a way to earn my life with that, but the idea is to provide a mutualized solutions for individuals and collectives who cares about privacy and security. Using only free software, and contributing to them. Providing email, chat, storage and syncing, hosting made for those groups and individual.

I’ll need some help at some point, but the goal is to build a small company which can thrive on it. So yes, it will be a service you’ll have to pay for. Some services will be free – mostly the one that requires few ressources and works – but running server have a cost.

And I do not want to pay that cost with the data of my future users. Or with advertisement (which is the same in the end).

So, I’ll try to start that. I’m doing a lot of thinking and writing about it. Of course I’ll disclose everything about it.

Crypto parties.

Once uppon a time

When AsherWolf coined the term Crypto Party, there was an actual need for a specific part of the population to get trained to use encryption tools. We were in the middle of all the revelation of censorship done in the Maghred dictatorship and dictators were thrown out on an almost weekly basis.

I started to do them with journalists. I got in touch with Reporters without borders and we set-up some session to train a specific part of the population: journalists, field activists, netizens – as RWB keeps calling them.

This is where I learned a lot about GPG/PGP, the advanced use of Tor and of full-disk encryption. Doing those workshops and training did helps me to taught myself how thsoe tools works, what is operational security and threat modelling. I still have a lot to learn on those topics, but that’s how I started it, and that’s also why I did run the first CypherPunk workshop at Le Loop hackerspace.

I did’t have the idea at the time that it will works so well. Then Snowden makes me not a paranoid guy anymore. Things gets crazy, mass-media were screaming on loud that there’s no way you can have privacy online, that rogue agencies were going after each and any of us and everyne gets paranoid. Not careful, paranoid. Everyone lose focus on threat modelling.

Cryptography became hype, I heard speaking about Tor, LUKS, and other things on TV and in the press. I did my share of speaking to journalists, learning how the media works on the field, I did makes mistakes in communication, but in the end I tried to get the message that yes, there’s privacy issue, and no, crypto-geeks aren’t the one with the solution but citizens – people in fact – are the one with solutions.

The local cryptoparty group kept growing. People I used to train were now the trainers, and that’s fracking nice. We gathered more and more people, we tried to get out of the hackespace and to go meet people, creating the Privacy Café, in local bars, with diverse people with all their own problematics.

How we failed the people

And we basically failed them. I once wrote about the Responsability of teaching because I thought we were missing a point. When we set-up those workshops, we have a responsability toward the people who’ll eventually come. We need to give them all the necessary key to understand the problematics, we need to reassure them because most of them are not in a case where they face being jailed by a governement due to a tweet they sent.

The thing is, I wanted the crypto party to be able to function without a central person. Also, I was going through – and I’m still into it – a big depression so I needed to take some step out of things I’m doing, so I let it go its way, because I think it’s the only sane way to do things.

Also, I was growing tired of doing all the same workshops. I wanted something else, playing with new tools, learn new things, experiments new paradigms.

And I think that doing those workshop is not thesolution. I learned that a bit late maybe, but having time to go to a workshop, with your own hardware and a will to develop new skills is a privilege a lot of people cannot afford, I’ll send you to this blog entry wrote by a pop star doing infosec for reference: [A story about Jessica][1]

And fear of internet was more and more used as a teaching tool. And Fear is clearly the worst tool to use if you want people to learn. And I witnessed the militarisation fo the languages which bugs me. A lot. I even done a conference on this topic because we need to not scare the people away from the internet, or the Internet will die and we really need to be inclusive.

And being inclusive means we need to provide security by default. And it means, we need to build network and protocols who’ll take care of that. And that’s one point of strong disagreement with a part of the team. Some of them think that if you’re not able to run command line tools, then you do not deserve to be protected. They think that an interface to a tool necessarily implies a weaker security.

I do agree with that, command line tools with all their flags, are the best way to have a crypto disaster for instance (yes, command line IS an interface). The thing is, we do have some tools with good cryptography AND no interface at all (or almost no interface at all). For instance the Tor Browser Bundle. You launch it, it connects, it disapear and you’ll never hear about it and still you’re connected to the privacy network – and if it can’t connect you can’t use it therefore you can’t put yourself at risk.

Yes, Enigmail – and PGP – is a mess. As well as everything that’s based on key management. For one part because key management is about identity, and a lot of people want anonimity – so no identity – also because no one knows what a good key management solution is. The interface sucks, because the tool it’s based on sucks.

And we could build a mail solution where GPG will disappear, working more or less like TLS, with a warning when the key looks weird, or when youhave no encryption. But we – as the crypto party collective – prefers tell people they’re not good enough to use cryptographic tools.

Well, in fact I stopped teaching GPG in the cryptoparties. I prefer have them use OTR for instance, and install XMPP servers everywhere I can, with strong TLS setup, and have them configure OTR to autostart. It works, they do not even need to worry about it (except the color of the OTR button). Neither they need to worry about authenticate (some people might – depends on the threat model) their contact.

But still, I do have a lot of issues with this attitude I see in this group of people that they know best, they do not question their knowledge. They use fear as a tool, they think that you need to work to deserve protection not that we – as experts, geeks, technicians, whatever – need to build a community oriented and driven network of people with anonimity built at its core – yes, it’s supposed to be what internet is.

And that brings me to this tough issue, wether I should continue working on cryptoparties, or try to do something else. I think it’s easy to quit, to let them be. It’s harder to try to do something with the people who are willing to, and to move forward with them. But there is things in what they say that makes me thinking that we do have a gap in what we want to do with those cryptoparties.

Not being inclusive, not understanding the principles of privileges and discrimination, using fear and militarisation of your vocabulary. All of those are no go for me. And I did not find a way to discuss about that yet, tried the mailing lists but git no answer, tried to meet AFK, but no answer either.

So I’m wondering, maybe I should stop fighting for that and quit. Give the admin access to the lists for them to go the way they want to go and start something else. It’s not easy, but maybe it’s a failure.

I should probably just quit.

Fuck Privacy

Privacy … Really?

What’s privacy? It’s quite easy, it’s everything that’s not in the public space. But public space is the reflect of our society. What you see in the public space, is the reflect of the society.

That’s exactly why cities try to hide homeless people, or – at least – send them in places where people won’t see them. To display something that is better than the reality. To hide things that would be shameful. To hide their failure or what they think is not proper.

And this is the main issue regarding privacy. What people are expecting to keep for themselves is what is judged by other as "non proper" or "inconvenient" or "indecent". What you’re supposed to keep private are the things that do not conform to someone idea of proper behaviour.

Privacy is not chosen, it’s enforced. It’s enforced by a dominant and oppressive system, whatever it is. Most of the people have nothing to hide. And that’s probably true. They have nothing to hide, because their behaviour is the one that follow the dominant moral code, the dominant comportment. And then, what they’re doing doesn’t interest anyone else but them; and I’m not saying they’ve got shitty life they just have a life similar to the life of everyone around them.

But if you’re not on this side of the world, then people will ask you to keep things in private. To behave. To not expose yourself. To not claim what you are.

When you says to someone to keep things private, you refuse their right to be.

And that’s why privacy sucks. It sucks when you asks my suicidal and depressive trans-gender-fluid friend who express themselves on social space to keep their pain for themselves because it’s improper. It sucks when you asks my friends to hide their love because they have the same gender while you’ll expose your heterosexuality without being ashamed. It sucks when you says to a woman whose body has been exposed that she should have keep those pictures private or that she should be ashamed to dare exposing herself.

You’ll say that you have a right to privacy. Except that people going fine, tells it – whatever the consequences on their neighbour or friends. Except that male genitals are basically exposed everywhere without consequences for them while a nipple is indecent in the public space – which means that having a female body is something that you should be ashamed of. Except that you can demonstrate your affections to the people you love while me or my friends can’t because we should keep that private.

Privacy is Censorship

In the end, privacy is censorship. It’s an argument used by oppressors to force oppressed people to conform to an oppressive form of society.

Asking to someone to be decent, discrete or to conform, is forcing them to behave, to not express themselves. To not define themselves. People who should have privacy, are the ones who do not conform to your vision of moral. It’s women, queers, sex-workers, porn actors and actress, etc.

And this is a form of censorship. And censorship is the oppresser’s tool. And it sucks. I oppose censorship not because of freedom of speech, but because of freedom of self-determination. I need words to define myself. And by censoring them, by forcing me not to use them, you remove me the possibility to define, to exist in the public space.

If you do not have the words to define an idea, then you can’t formulate this idea – that’s the whole purpose of novlang in 1984.

The interesting part of that is: if you need a law to censor something, then this something is named and then exist. It’s like in Inception (the movie), where the character played by Di Caprio states that:

If I want you to think about elephants, I just have to tell you not to think about elephants.

(And now, all my readers re thinking about elephants)

For instance, the word nigger/nigga has been used to discriminate against afro-american people. But some of them used took back control of this word, and reappropriate it to define themselves. They use it to define themselves. They exist because this word exist, and yes it leads to discrimination but it has a name and then you can fight it.

You can’t fight what you can’t name. And forbidding the use of specific speech do just that. It makes groups and communities unable to exist. Censorship doesn’t protect minorities. Freedom of self-determination does. Yes, it means that you’ll have hate speech. And yes, hate speech should probably be sanctioned in some way. But you must be able to discuss it.

If you cannot discuss racism, or fascism, or sexism then you can’t fight it. That’s why most of the teachers – at least not the creationist one – do oppose censorship.

But … Privacy is a human right?

Yes it it. It’s written in the UDHR and it’s the 12th article. The thing is, this declaration is not directed to citizen. It’s not meant to be implemented by them. It’s directed toward state, and it’s supposed to be what they should do, and to protect citizens from states – the way constitutions do.

And, for the sake of the argumentation, I’ll quote it here:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attack upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attack.

It basically state that you shouldn’t asks me to behave. To keep things private. To be decent. That you shouldn’t attack my honour or that I shall not be treated differently by the state – hence the society – for what I am.

The privacy defined here, is the one that you use to shelter yourself from discrimination of states or oppressive groups. It’s the survival mechanism one should not need to use, but sadly exist because there’s enough bigot out there in the world to threaten your life – think being openly gay in Uganda for instance.

Privacy in this context is a shield. However it disable you the right to being seen as what you are. It removes you the right to be. To define yourself. It’s a crappy shield, but it can makes you living.

And that’s why it’s important to be able to activate some sort of shielding, because you can go in jail for that. Or being killed by fascists. And as a human you have the right to protect yourself.

But if anyone else can define themselves in the public space, and if I can’t, if you ask me to be decent, you’re basically denying me the right to exist. You’re violating this 12th article that you claim to defend. And you’re doing that because you do not need privacy.

On the internet, being a white hetero cis-male means that you really do not need privacy. You won’t be ashamed because you had sex. Or because you exposed your body. Or because you demonstrate affection to the person you love. Privacy isn’t of any use to you, because you’re on the privileged side of an oppressive system. You won’t be beaten up because you were indecent. Or non-conforming to the society.

So, no more Privacy?

No. Sadly, we might need privacy. As I said beforehand, it is a shield from repression. Shielding yourselves is, however, denying what you are. It’s validating the oppressive society you’re leaving in.

If you want to fight that, then you need to abandon your privacy. Because you need to publicly exist. Also, that’s how you’ll find support among people going through similar issues. That’s how you can fight oppression. By existing in the public space, not only in the private space.

And if you do not belong to an oppressed party, then you do not need privacy, for you’re not going to be assaulted just because of what you are or think. You do not have privacy because it interest no one, because you’re in the "normal life" area of the world.

So yeah, we must fight for people being able to have a privacy. Because they could die if they have not. But no, you can’t asks me to being decent. Or to keep things private.

Fuck it.

Falling

Waking up.

Awake. Or not entirely. I’m still lost between both state, asleep – and no, it does not imply dreams for I do not remember them – and awake. Somewhere something is ringing to try to awake me.

I’m craving. Craving of data. I need to chck what happened for those hours I was asleep. I’ll skip breakfast. I can’t make them at my place anyway for I have nothing to prepare them. I do not even have something o brew caffein out of beans.

I’ll be late, but I have to feed on the data feeds. IRC. Mails. XMPP. Twitter. I’ll go through all of them before being awake. That’s how my processor will be booted up. And it’s not pretty, witnessing massacre or picture of dismembered bodies is something regular.

I used to think I’ll never get used to it. That the horror will still starts something into my guts that would makes me puke, but no. Not anymore. I do not feel anything when seeing those.

I’ll go across a stranger’s face while looking in a mirror. An alien face. Someon people saw on TV or elsewhere. I know it’s me because I do remember doing those tats and this non-consistent hair cut. But I do not recognise me. And yes, if you wonder, I may have trouble finding me in a picture.

This whole body is mine but alien to me. Not that I hate it. It’s just alien. Foreign. I’m not used to it and I do not remembr everything that happened to it.

I’ll survive my bike ride through my city to get at work. Processing a lot of data to avoid being hit by other more or less defined objects on the road. It happened once, but besides a lot of pain and some bruises, I survived.

At work I’ll be going from log analysis, to data strealm analysis, to behavioral anaylisys. I’ll eat a lot of horrible event without them hurting me. Not anymore.

It used to horrify me. Witnessing mass murdering, systematic anihilation of mankind. Now I just soak it. I’m not able to soak the help desk though, and it generally makes me angry. And causes a lot of stress.

Scar tissue

I’ve never been good at expressing feeling. Or at feel for what it worth. It’s getting hardr those day. While working here, I’ve done – at least – one burn out in less than three month. I’ve been through way to much riot, massacre, arbitrary arrest and video or picture of those than I can recall.

All of those wounds have healed. My mind is patched by so much scar tissue that it is mostly scar tissue. I have less and less emotionnal bandwidth. I can’t stop eating data or my mind will enter an endless loop of morbid thought.

I tried different hacks to stop that. But none of them works. I’ve hit wall until my hand is broke. I’ve drunk too much. Way too much. Friend of mine once told me "Addiction starts where feeling stops." Feeling stopped a while ago, not the flow of alcohol. I’ve tried being to exhausted to be able to think. It does not works either.

Now I’m eating data. Analysing them. Trying to makes sense of it, and talk about it with people. Friends. I spend most of my wake time to do that. I’m more and more like a computer, a machine. A sentient one, but a machine.

Reading. Analysing. Forwarding. Loop over it. Endlessly.

The more the days go, the more I’m turning into that. I do not eat healthy food. I’m stuck in bugged routine. I’m not enjoying doing stuff as much as I used to. My life is now, mostly, data consumption and anlysis.

No more emotionnal bandwidth makes me itchy. I fail at perceive irony and humor most of the time. I’m entering each and every battle without self-preservation. I know what emotional pain and distress is. It can’t hurt me now.

And yes, I’m falling. The saying is "hitting the bottom", except there’s no bottom. Only dark and infinite abyss.

Mechanisation of my brain and alienation of my body are survival mechanism. A machine can’t feel. A machine can’t be hurted. So I’ll do it. Again. I’ll be that guy with a strange haircut, with some strongopinion on a lot of things, that’ll do the show into the media. Show must go on. And at least, it’s something consistent.

Dancing through my tears

Sometime, a buffer overflow occurs. A crisis. Generally triggered by something benign – for instance the loud bass of the opening of a concert. And I burst into tears. No idea why, it just happens.

I tend to think that’s yet another survival mechanisms. And I’ll dance through it. I’ll dance on my wrecked self. There’s nothing left of me. Nothing to be rejoiced about me. When I look back I have nothing happy. My father stoled my few happy childhood memories.

I manage to grew without leaving trace around me, without leaving anything that someone would use to hurt me.

The last ten years where a bit better, but I’m not able to see happiness in them. – not that I was not just that I’m not able to see it. I’ve been part of things other finds amazing, but it killed me.

What has been seen cannot be unseen they said. And it’s true. When my mind wanders I’ll always go back to the thing I indirectly witnessed the past three years.

But this is a lie. All of this is. I feel. I do feel the pain. I’ll leave conversation because someone hit me with a knife – a metaphorical one. And I’ll choke on it for two days, keeping me awake, trying to process the data. Trying to understand why it hurts so much. Discovering new area where I still feel. New fights to get involved into.

Love and Rage

I want to crush skulls. To hits things with my bare hands. To let the rage I feel going away with the pain. Last time it happens it was in a concert, it felt good. My head was empty and fuck, didn’t happened in a while. It last for few hours, but yes. It was good.

I miss those area in my life where I can let go. Now, even the street are space where people expect me to conform myself to something I’m not really. I need to find space for that.

It became harder to open myself to people. And the paradox is that I want to spare people I love and who loves me, and that’s how I killed my previous relationshisp, by shielding myself, by not talking about me because it’s fucking scary.

I should take care or me. I should accept this alien body, this alien me. I just have no idea of how to do that. I should listen atthe people who gave me advices. But they do not work. I’m not able to keep my brain down, or I’ll be surrounded by ghosts and morbidity.

I’m only able to love, that’s what’s left of me. That’s what I more or less kept to myself. Everything else is linked to thing I have no control over.