Fuck You

Once uppon a time

I used to be called a geek. A nerd. A no-life. Whatever. It used to be associated with people who didn’t want to socialize the way high school and society asked them to do.

It used to be people who were refusing what we told them what a boy or a girl should be, should act. It used to be people who were extremely interested by scientific topics, weird mathematics, role playing games, video games, computer science.

It used to be nice people who were chatting online, exchanging data, helping each other – or anyone who gets in and asked for help.

I wasn’t really proud of it, but at least it was something that was usefull for me at some point, I knew what I was. I wasn’t only an outcast.

Things change

But now, people grew old. Those geeks became adult, got in charge of things, and being a geek became something cool. It was rapidly identified to a man with tech gadget (like iPhones, and other useless shiny stuff) who are adept of a specific sub-culture (implying mainly commercial things).

And new people came in. And are still called geek because they spend time online, because they play video games, etc. Those people developped a false feeling of persecution. Prefering staying in their so-called community, they started to chose who was good enough to be a geek.

They are bullying, assaulting, stalking, chasing online and offline people who are saying them they’re doing someting wrong.

Basically, they act like 4 years old to whom someone asked to stop playing games and go eat with the family. Except 4 years old do not send SWAT team to rivals, do not harass women who are part of the industry – industry whoch provide the games they plays to – to the point they have to leave their house or their jobs, they do not hunt celebrities online for years to find nude cpictures of them and asks ransom for it before publishing them, they do not insult those victim once the picture shave been published while masturbating themselves on those pictures, once again to have them leave what they think is their.

They think the internet is their own things. They are destroying the community that once was inclusive (ok, and weird, and not that easy to understand) by turning it into a … I don’t know … mutually masturbating circle of elitists jerk?

Fuck You!

So fuck you. I refuse to be assimilated to you, a geek. You stripped that of me, you forced me to reject what used to be part of me, part of my culture. You can choke on your masculinist ego.

As long as you prefer hating people I love. As long as you think LGBTIQ people, women, or other are inferiro and can’t be part of your group or can’t access your culture, by using extremely violent means, including harassment, threats and other things like that, I can’t be called like you.

You do not deserve it, but you took that from me.

I may have changed recently, I may have discovered my bisexuality recently. But I’m still fond of RPG, Comic books, video games. But I cannot be called a geek. Not anymore.

So fuck you. You, your hate of what’s not like you, your syndrom of persecution, your conservatism, your etricked mind. I’m not like you. I do not want to be considered like you.

You’re destroying the privacy and the life of other people. I try to give them tools to help have privacy and a safe online life.

I’m not a geek. Not anymore. I can’t be.

Make Datalove Not Cyberwar

Note This post will be in French, since it’s what I used as notes for my talk at Pas Sage en Seine 2014 in Paris.

Make Datalove

Internet n’est pas un territoire

Internet n’est pas un territoire. Un territoire est un espace géographique et implique l’existence de frontière ou de limite quelconque. Or Internet est une machine hybride composée d’humain et de machines, connectées sans limite de par le monde – ou presque – et créant à l’infini de l’information.

Internet est infini. En tant qu’espace d’information et donc de culture, il n’a pas de limite. L’ensemble des mèmes peuvent cohabiter sur Internet, sans jamais épuiser les ressources d’Internet.

C’est en fait beaucoup plus proche de la notion d’espace mathématique que de territoire géographique. C’est un ensemble composé de cultures, d’idées, de mèmes, d’informations – au sens de la théorie de l’information, et qui repose sur la libre circulation de celle-ci.

Internet is not broken

En tant que système d’échange d’information, Internet fonctionne parfaitement. Il ne garantis pas la confidentialité des échanges, ni la sécurité des machines ou des personne, mais il garanti que l’échange et, l’accès à l’information est possible. Il garanti également que n’importe qui ou n’importe quelle machine peut s’y connecter, le seul pré requis est simplement de parler IP. A aucun moment il n’est demandé une preuve de confiance ou d’identité à une machine, ni n’est éxigé autre chose que de parler IP.

Internet fonctionne parfaitement. Il fonctionne même tellement bien qu’il y a plusieurs milliards de personnes connectées. Il fonctionne même tellement bien que partout dans le monde – ou presque – des personnes de tout milieu social, de toutes cultures, de tout niveau d’éducation, s’en servent pour communiquer.

Et je dis ça en ayant conscience de parler à un évènement où, sur 61 conférenciers, il n’y a que 5 femmes – et une seule à un talk où elle est seule à parler. Et en sachant parfaitement que des continents entiers ne sont pas présents sur Internet, ou que l’accès aux machines permettant l’accès à Internet reste encore trop souvent un privilège des classes sociales supérieures.

We are

Ce qui est cassé ce n’est pas Internet. Ce qui est cassé c’est nous. Les barbus auto proclamés gourous des internets, cyber hactivistes, hackers, sysadmin et autre. Ce qui est cassé ce sont nos égos, nos réactions de sociopathes nihilistes face à un problème politique et social. Ce qui est cassé c’est notre absence de réaction politique, imbus de nous mêmes que nous sommes et confortés dans notre idée que nous sauverons le monde grâce aux machines.

Nous n’avons pas besoin de CaliOPen ou de mailpile. D’OTR ou de GPG. De libre ou open SSL. Nous n’avons pas besoins d’appel à prendre les armes ou de nous écrire des lettres. Nous n’avons pas besoin de dire aux gens que s’ils ne sont pas capables de faire de la crypto et de la gestion de clef correctement alors nous ne pouvons pas les aider. Nous n’avons pas besoin de l’attitude arrogante qui consiste à penser que tout le monde est capable de comprendre la documentation que nous ne sommes pas capables d’écrire.

Certains d’entre nous veulent changer le monde. Et c’est une bonne chose. Certains veulent un monde dans lequel les communications sont par défaut ultra sécurisées, établis entre pairs de confiance, et avec la possibilité d’exclure les nœuds dangereux pour le réseau de manière permanente et selon un consensus autoritaire.

Ils partent du principe que la surveillance de masse, effectuées par les états nations ou corporatistes, est une violente atteinte à la démocratie et à la vie privée et que, de la même manière que le pair à pair permet l’échange d’information de manière décentralisée, fluide et sans autorité centrale, la protection de la vie privée et de l’intimité ne peut se résoudre que techniquement.

Pourquoi pas, mais réfléchissons y deux minutes. Si nous voulons reconstruire un réseau qui garantisse la sécurité et la confidentialité des communications, cela veux dire que nous ne pouvons communiquer qu’avec des nœuds approuvés par le réseau. Cela implique – entre autre – que tout nouvel arrivant doit prouver qu’il est de confiance.

Fini l’arrivée sur le réseau Internet par la simple attribution d’une adresse IP. Il va falloir prouver que l’on est "trustable". Il va falloir prouver au reste du réseau que l’on est bien comme il faut. Que la machine utilisée est sûre, respecte la dernière norme du protocole, et dispose de matériel ne compromettant pas l’intégrité du réseau.

Vous imaginez une société basée sur cette norme? Seules les personnes pensant comme il faut, n’ayant pas d’idée dangereuse, ne compromettant pas le consensus, ne remettant pas en question l’ordre établi, seraient autorisées à faire partie de la société, les autres seraient contraintes à un exil, à un isolement forcé?

En gros, vouloir un réseau de communications entièrement fiable et sécurisé, empêchant toute interception de communication, et dans lequel il y a des garanties que le message est bien délivré à son seul destinataire, reviens à créer des réseaux soit déconnectés les uns des autres, soit inutilisables par des personnes non encore connectées au réseau, ou ne pouvant pas se permettre une connexion. Cela reviens à créer une élite qui seule décide de qui accède au réseau et comment.

Une élite qui aurait le pouvoir de choisir qui doit se connecter et qui ne doit pas se connecter, basé sur des critère qu’elle est seule à formuler et comprendre. Je n’appelle pas vraiment ça un système démocratique. Du moins ça l’est encore moins que celui du fonctionnement actuel d’internet.

Make Datalove

Alors oui, il y a des problèmes. L’espionnage massif de la population par des états corporatistes ou nationaux – parce que ne croyez pas que c’est la NSA l’ennemi. L’asservissement volontaire au cool et le "choix" d’abandonner ses libertés au profit d’un objet. La réduction de la sphère privée et de l’intime, souvent sans en avoir conscience.

Mais ce n’est pas un problème technique. Le journalisme d’investigation n’a jamais su faire de l’OpSec, pas depuis le Viètnam. Ça ne l’a jamais empêché de faire son boulot. Les manifestants et activistes du monde entier utilisent des outils non sûr pour communiquer, mais ils communiquent et s’organisent quand même – peu importe qu’ils aillent en taule. Le problème ce n’est pas tellement de les protéger, ils prennent de toutes façon des risques monstrueux.

Le problème c’est de combattre les mèmes de la sécurité, de la peur, de l’espionnage. Et ce n’est pas avec plus de sécurité qu’on y arrivera. IL suffit de voir les différents ratage de la surveillance. Si on attrape pas telle personne en dépit des caméras de surveillance, c’est qu’il n’y en a pas suffisamment, il faut en rajouter, ce n’est pas parce que le système est inefficace.

Le problème c’est que ce n’est pas quelque chose qu’un outil logiciel résoudra – aussi bien conçu soit il. Même si on était capable de créer des systèmes de chiffrements point à point qui ne nécessitent pas d’intervention de l’utilisateur et que l’ensemble des bibliothèques logicielles sur lesquelles ils se baseraient soient exemptes de failles – ce qui est impossible – il resterait toujours le problème de la surveillance des communications périphériques, de la compromission des terminaux ou des utilisateurs qui iraient coller sur Facebook le contenu d’une conversation privée.

Le problème est politique et il ne se règlera que par une ou plusieurs solution politique. Il est temps que cette élite auto proclamée de barbus des internets redescende de son arbre à chat d’ivoire et aille au contact de celleux qui utilisent Internet, de celleux qui mènent des combats pour leurs droits à eux, mais aussi aux autres.

Il est temps d’arrêter de croire que des ordinateurs et des câbles vont sauver le monde. Déjà, parce que Internet ce n’est pas que des ordinateurs et des câbles, mais aussi les personnes qui s’en servent. Ensuite parce qu’il y a encore énormément de zone dans le monde où ces câbles n’existent pas. Enfin, parce que tant que l’on s’agite uniquement sur le net, et qu’on ne se sert pas des outils créés et utilisés par d’autres groupes militants, cela n’inquiètes pas les super puissance. Il faut arrêter de défendre nos droits sur internet, il faut défendre nos droits tout court, sur les territoires que nous occupons.

Et nous ne sommes pas seuls. Nous avons inventés des moyens d’actions efficaces – ou pas – qui permettent de créer du momentum médiatique, nous avons testés d’autres façon de manifester, mais nous sommes restés entre nous. Les groupes de défenses des droits – ce que l’on appelle la société civile au sens large – existent depuis avant Internet. Certains sont entrés dans la danse et utilisent merveilleusement cet outil social, d’autres non.

Nous espérons quoi, que ces groupes qui ne comprennent pas cet outil que nous avons construit, formé, déformé, et avec lequel nous faisons parfois des trucs géniaux viennent spontanément s’en servir comme nous l’entendons et fassent ce que nous voulons que ces groupes fassent? Ces groupes, mouvements, ont une histoire de militant. Ils se sont souvent formés dans la douleur et ont tous inventés des façons différentes d’agir. Ils savent comment ils veulent militer, ils expérimentent de nouvelles façon de résister. Qui sommes nous pour leur dire comment ils doivent défendre leur cause?

Ce n’est pas à eux de venir vers nous, c’est à nous d’aller vers eux, d’écouter ce qu’ils ont à dire, leurs histoire, leurs outils, leurs problèmes et les solutions qu’ils ont trouvés pour les résoudre. Au lieu de râler que tel groupe utilise gmail, allez les voir, allez discuter, allez échanger. Ils ont des trucs à vous apprendre. Et peut-être que ce n’est pas si grave qu’ils utilisent Gmail au final ou peut-être que vous pourrez démarrer un cluster avec eux etd ‘autres groupes qui se partagerons des ressources techniques et qu’ils se passeront de Gmail à terme.

Nous n’avons pas pour but d’être le centre de support des activistes. Et ils n’en ont pas besoin. En revanche nous savons tous qu’internet est fondamental pour la liberté d’expression, de communication et d’organisation. Nous savons tous que cet outil social peut transcender les frontières, les différences de classe, de langue, d’origine, de religion et autres pour construire de belle choses.

Et c’est notre devoir à nous, utilisacteurs d’internet, hacker ou pas, barbus ou pas, hipster, geeks, nerds ou pas de défendre cet outil. Et c’est notre devoir à nous en tant qu’être humains de défendre nos droits, et cela ne peut se faire qu’en défendant les droits de tout le monde. Avec tout le monde.

Télécommunisme et Cryptoanarchisme

Le Télécommunisme consiste simplement à cinsidérer le réseau physique comme un bien commun. Non pas le contenu, pas Internet, mais le net. Les réseaux, les fils, les signaux, les données. Pas les gens qui s’en servent, mais le réseau.

C’est penser qu’il n’y a pas nécessairement besoin d’un consensus pour le faire fonctionner, du moment qu’il fonctionne. Bien sûr les standards et autres RFC sont nécessaire, comme tout organisme complexe, les différentes parties de cet organisme ont besoin de discuter entre elles, de connaitre leur statut et de pouvoir s’adapter à des défaillances locales. Certains organismes ont choisit la centralisation dans des centres nerveux, d’autres distribuent ces centre nerveux – insectes, céphalopodes -, d’autres enfin collaborent carrément avec des organismes étrangers afin d’assurer leur survie – siphonophores.

La "gouvernance" du réseau n’existe pas. Il y a certes quelques organes qui pensent avoir réellement de l’influence, mais globalement le réseau fonctionne parce que des personnes mettent en commun leurs compétences et ressources pour que cela fonctionne. Il y a même des allumés qui remettent le réseau en route quand les organes officiels le coupent localement.

Nous sommes capable de gérer un des plus gros outils de communication comme un bien commun. Sans avoir de gouvernement, sans s’embêter des heures à prendre des décisions, sans se soucier non plus de l’utilité des actions entreprises. Nous gérons pour tous ce réseau, qui est l’épine dorsale de l’Internet et qui permet à tout ces cerveaux de s’échanger des informations.

La Cryptoanarchie est une théorie mathématique qui établit que si l’ensemble des communications sont chiffrées, il est impossible de distinguer le bruit et l’information dans le signal. Et donc de détecter une communication, ou d’en intercepter une.

Pour que cette théorie fonctionne, il faut que les outils de chiffrement soient massivement adoptés. Et tant qu’ils ne le seront pas, il n’y aura pas de cryptoanarchie. Penser que, parce qu’un outil existe, il est utilisé est une erreur. Il faut que l’outil soit le moins invasif possible, non désactivable, documenté et libre, et qu’il puisse fonctionner sur toutes les plateformes auxquels cet outil est destiné.

Tout ce qui amène à avoir juste un groupe de gens seuls capables de chiffrer, qu’il s’agisse de gouvernement faisant usage de lois de régulation de la cryptographi, d’entreprise déposant des brevets sur les techniques de chiffrement ou usant de logiciels propriétaires, ou d’une bande de nihiliste qui ne veut pas faire d’interface utilisable par tout le monde reviens au même.

Seuls une élite est capable de chiffrer et donc de se protéger. De créer une asymétrie dans l’information en étant seuls capables d’avoir des secrets, et donc d’obtenir un pouvoir sur toutes les autres entités non capables de chiffrer. C’est ce que l’on appelle le crypto fascisme.

Et je suis inquiet quand je vois l’attitude d’une partie de la communauté hacker ou de la scène infosec. Quand certaines personnes envoient balader des débutants et des débutantes parce qu’ielles n’ont pas comprises la documentation pour installer ou configurer certains outils.

Oui, nous autres, peuples des intertubes, sommes parfaitement capables d’appliquer le Télécommunisme, de gérer de manière décentralisée, et intéressante, l’un des systèmes les plus complexe jamais créé par l’homme. EN revanche, nous nous plantons dès qu’il s’agît de fournir à chacun les clefs nécessaire à son indépendance, dès qu’il s’agît de permettre à chaque individu de pouvoir se débrouiller seul, il y a beaucoup moins de monde.

Alors que justement, Internet est à propos de l’émancipation, de la prise de conscience et de pouvoir nécessaire à chacune et chacun pour pouvoir essayer de créer son monde comme il l’entend. Internet est plus qu’un bien commun. Il repose sur un bien commun, mais il est au-delà de ça. Il permet la création de nouvelles formes de société, de nouvelles formes de médias, de nouvelles formes de communications.

Et si l’on se contente du Télécommunisme, si l’on se contente de la Cryptoanarchie, alors nous ratons quelque chose. Il faut se poser la question de l’application de nos modes de gestions technique à nos modes de gestions sociaux. Nous avons inventer des outils qui permettent des échanges non commerciaux, qui permettent de vivre de sa passion, qui permettent une transmission d’info gigantesque. Et nous voulons sacrifier ça pour aller faire la guerre?

Not Cyberwar

Je suis peut-être un bisounours mais

Je pense qu’utiliser les mèmes de la guerre n’est pas nous rendre service. Une guerre c’est une territorialisation. C’est l’instauration de frontière, de limitation de ressources, et à minima de l’occupation de celles-ci par une puissance quelconque.

Parler de guerre, c’est admettre une territorilisation d’internet. Ce qui permet de le découper, de le balkaniser. De créer des clouds souverains, des réseaux nationaux et autre genre de chose qui ont pour but de casser le flot de donnée, de créer de plus petite entités plus facile à contrôler, plus indépendantes des autres, sans lien facile entre elles. Et personne ne veut ça. Personne ne veut que la circulation de l’information soit contrôlée, que ce soit par un gouvernement ou une autre élite technologique.

Arrêtons l’appel aux armes

Il est donc temps d’arrêter l’appel aux armes. D’essayer de réparer ce qui n’est pas cassé, ou de vouloir réparer ce qui est cassé au-delà du réparable. Refusons la sémantique guerrière. Nous ne sommes pas des cyber guerriers. Nous ne vivons pas dans un cyber territoire. Nous n’avons pas de cyber armes, ou de cyber gouvernement. La guerre est un jeu qu’on ne peut gagner qu’en refusant de participer.

Vous voudrez sans doute parler de guerre asymétrique, de guérillas. Mais ça reste de l’épuisement de ressources, ça reste de la guerre, de l’occupation, de la destruction, de la raréfication de ressources. Arrêtons de parler de cyberguerre. C’est complètement destructif et contre-productif.

Nous ne sommes de toutes façon pas une armée, si nous en étions une, nous aurions une chaîne de commandement – elle peut très bien être décentralisée – des uniformes, du recrutement, des opérations. La création et la mise en place d’une armée, consiste de toute façon à créer une élite. Ouip, Anonymous ressemble à une armée. Du moins, de l’extérieur, cela ressemble à une armée. Certes décentralisée et distribuée, mais une armée quand même. Ce n’est pas tout Anonymous, nous savons bien que cela est pus complexe, et que cette armée est plus une image médiatique construite pour valider la cyber guerre, et donc la territorialisation du net. Et donc son occupation.

Mais pire encore, vous savez pourquoi les US et l’UE s’engagent dans tant de conflits? Pas pour défendre les intérêts des peuples. Mais pour justifier les budgets accordés aux entreprises privées qui leurs fournissent du matériel, des munitions, du renseignements. Pour pouvoir ensuite bénéficier de juteux contrats de reconstructions.

Si vous voulez jouer à la guerre, vous devez avoir des moyens vaguement équivalent à votre adversaire. En soldat, en armes et/ou en argent (ce dernier permettant de régler les deux autres). En face, nous avons d’une part des états nations paranoïaques qui ont plusieurs milliards de dollars à consacrer à ça, et des entreprises qui reçoivent des budgets toujours plus gros. Vous croyez vraiment qu’avec nos logiciels libre et nos seules valeurs nous sommes capable de gagner une guerre contre eux? Même une guerre asymétrique? Vous êtes naïfs à ce point?

Snowden, ce héros

Et vous savez qui profite le plus des révélations d’Edward Snowden? Non, ce ne sont pas les citoyens. Sinon, les organismes de surveillance auraient été remis sous contrôle des citoyens et on commencerait à avoir des procès. Non, ce sont les entreprises privées qui vendent de la sécurité. Pas les entreprises US, mais les entreprises UE. Les vendeurs de sécurité.

Ils ne prospèrent que grâce aux vendeurs de peur. Si vous n’avez pas peur, vous n’avez pas besoin d’acheter un système de sécurité. Or nous sommes ceux qui parlons le plus de sécurité. Il faut de la sécurité pour avoir une vie privée disons nous. Il faut plus de sécurité pour se protéger de l’espionnage massif des états. Il faut plus de sécurité pour se protéger des botnets chinois. Il faut plus de sécurité… Toujours plus de sécurité… Tout en sachant que cette sécurité est impossible à atteindre.

Nous faisons le lit des entreprise privées, de groupes transnationaux et extra territoriaux ne cherchant qu’à vendre encore plus de sécurité et donc de peur. De groupe ne pouvant être traduit en justice, collaborant pourtant à des crimes de guerre. Bien entendu, il y a des procès, contre des entreprises. Les actionnaires ne seront pas inquiétés, les patrons de ces entreprises ne seront pas personnellement mis en cause et – si jamais c’était le cas – ils seront remplacés par d’autre. Quoique fassent ces entreprises, tant qu’elles gagnerons du pouvoir, elles continuerons de le faire. Sans être inquiétées.

Cette course à la sécurité, en plus d’être vaine, ne mène qu’à de la paranoïa. Les ennemis sont difficiles à déterminer, à distinguer, du coup tout le monde travaille pour eux. Dans un climat ambiant de paranoïa et de défiance, il devient impossible de faire confiance à des inconnus, il devient impossible de travailler avec eux, il devient impossible de lancer des mouvements nouveaux, de trouver de nouvelles manières de militer, de défier les puissances et d’essayer de les mettre à genoux.

Vous vous souvenez de ce qui a fait le succès de l’internet? Le fait que n’importe quelle machine puisse se connecter et participer au réseau sans aucun pré requis autre que parler IP. Nul besoin de faire confiance, ou autre, il suffit juste de se brancher. Alors oui, il y a des choses malicieuse qui trainent sur les tubes, mais au final assez peu en rapport à toutes ces idées qui s’échange, à tout ces mèmes culturels qui se font et se défont, à tout ces mouvements sociaux qui s’organisent et font parler d’eux grâce à ça.

Utiliser les mèmes de la sécurité et de la guerre au sein de notre communauté, c’est devenir paranoïaque. C’est refuser que quiconque, peu importe son bagage technique, ses origines culturelles, ses connaissances du monde, puisse venir nous parler si ielle n’a pas été validée par une chaine de confiance reconnue.

Et à chaque fois que vous envoyez un méprisable RTFM, ou STFU NOOB à quelqu’un – ou un girls don’t code – c’est exactement ce que vous faites. À chaque fois que vous laissez quelqu’un quitter votre groupe parce qu’ielle ne s’y sent pas bien, c’est exactement ce que vous faites. À chaque fois que vous refusez – consciemment ou non – d’inclure quelqu’un, de débattre et d’échanger avec cette personne, c’est ce que vous faites. A chaque fois que vous refusez de prendre une position qui favoriserait l’inclusion, c’est ce que vous faits.

Croire qu’il y aura un éveil massif de la population et que tout le monde sera capable d’utiliser un terminal afin de chiffrer des mails à grand coup de ‘gpg –armor -e -r 0x00513947’ c’est se mettre le doigt dans l’œil. Profond. Cette prise de conscience massive n’arrivera pas. Et vous savez pourquoi? Parce que nous sommes suffisant. Parce que nous pensons que nos combats sont plus important que les autres. Parce que nous pensons qu’il est plus important de pouvoir chiffrer ses mails en toute confiance que de défendre les droits des femmes, des minorités, des queers. Que nous pensons que l’espionnage massif de la NSA est plus important que le changement climatique et que toutes celles et ceux qui ne sont pas d’accord avec nous ne sont que des fous dangereux inconscients qui remettent en question nos libertés.

Appel à ouverture

Ce qu’il nous faut c’est arrêter de nous comporter en sociopathe. Nous nous plaignons tellement des gens qui ne reverse pas au Libre, mais nous que reversons nous aux autres? Des outils fonctionnels, sûrs et ne mettant pas en danger leur vie ou leurs organisations? Non. Nous ne leur apportons pas de soutien, nous préférons leur lancer des ordres en leur disant qu’il n’y a de salut que dans la crypto end-to-end.

Nous sommes persuadés que les outils actuels et le plus sûrs possible – et oui il en existe – sont utilisable par la majorité des gens, à condition de lire et de comprendre une documentation nécessitant un bagage technique assez énorme. Quand la documentation existe, est traduite, est disponible. Et ces outils sont donc inutilisables, donc non fonctionnels. Et donc du coup, les "autres" n’utilisent pas de crypto, et nous les considérons comme stupide et ne méritant pas notre précieux temps, nous sommes tellement meilleur qu’eux.

Sauf qu’internet n’est pas à propos de la crypto. La vie privée et la sphère intime sont à propos de crypto, la vie publique – des états et des puissances gouvernantes – aussi, mais ce n’est pas internet. Les lanceurs d’alertes n’ont pas attendus GPG pour faire leur travail. Les journalistes non plus. Si nous voulons changer le monde – et en tant que partie du monde nous nous devons de le faire – ce n’est pas avec de nouveaux logiciels ou protocoles que nous le ferons.

C’est en appliquant à nos structures sociales, nos communautés, les mêmes principes que ceux qui permettent à internet de fonctionner. Gratuité d’accès, facilité d’accès, ouverture à tous, confiance par défaut. Donc de s’ouvrir. Et pour s’ouvrir, il faut faire plus que juste dire "Hey, viens et poses toi là". Il faut faire en sorte que celleux qui veulent venir se sentent accueillies.

Oui, ça veut dire faire des efforts pour arrêter d’être paranoïaques, imbu de soi, ou simplement des connards. Mais en fait, en supprimant cette couche de paranoïa, cette suspicion par défaut, les choses deviennent moins stressante. En permettant à toutes de pouvoir participer et d’inclure tout le monde, nous augmentons aussi les diversités, nous ajoutons des mutations à nos mouvements cellulaires, nous pouvons découvrir de nouveau moyen d’actions, découvrir de nouvelles problématiques, se développer, construire des liens forts, développer une communauté, un groupe social qui partage réellement et qui prend soin de lui.

C’est ce que fait la Quadrature dans une certaine mesure en travaillant avec les engraineurs ou Act’Up sur certaines problématique. Et tout le monde y gagne.

Cela nécessite d’accepter que des personnes ne comprennent pas et ne comprendrons pas ce que vous faites. Cela nécessite d’aller contre des certitudes, des choses qui paraissent évidentes, de voir ce qu’il se passe ailleurs dans le monde.

Internet n’est pas un territoire, c’est une somme de conscience collective. Mais nous avons des territoires à défendre. Nous avons besoin d’Internet pour les défendre, mais nous devons les défendre. Allez parler aux autres, invitez-les. Écoutez-les. Si ielles ne veulent pas venir, demandez vous pourquoi. Souvent c’est parce qu’ielles ne se sentent pas bienvenue, pas inclus.

Et c’est généralement parce que personne ne règle le problème des trolls. Des antisociaux qui ne cherchent qu’à détruire les communautés, à maintenir le statu quo, à rester "entre couilles". A vouloir absolument avoir raison. Le climat qui règne sur nos listes de diffusions, canaux IRC, lieux "ouvert" n’est pas forcément serein. Sous prétexte de la liberté d’expression, on laisse tout dire sans conséquences, on laisse nos communauté se diviser, exploser, ne pas exister, refuser les autres.

Non, je ne demande pas la censure ou la régulation. La liberté d’expression existe et est importante. Mais la liberté n’a de sens que si elle est exercée en groupe. Notre liberté de pouvoir vivre ensemble est bien plus importante que la liberté des trolls d’exister impunément.

Il est peut-être temps d’arrêter de se comporter en nerds sociopathes, et de commencer à se comporter en activistes. Parce que les activistes de terrain ne nous attendrons pas. Ils refont déjà le monde, avec ou sans crypto de la mort. Avec ou sans sécurité. C’est quelque chose que vous ne pouvez pas empêcher, que ce soit au Bahrein, en Espagne, aux États Unis ou en Ukraine, des activistes sont arrêtés et torturés, peu importe qu’ils aient ou non utilisés des outils de chiffrement fort.

Ce qui est sûr en revanche c’est que le territoire dans lequel vous vivez, est défendu par des personnes que vous feriez bien de rencontrer. Parce qu’elle changent le monde et ne vous attendrons pas. Si vous ne voulez pas vous retrouvez limité à un rôle de barbu grincheux, de geek associal, de nerd nihiliste, de hipster branchouille, il serait peut-être temps de s’y mettre, d’inclure tout celleux qui veulent venir, et d’aller voir les autres.

Promis, les cannibales n’existent plus. Nous avons mangé le dernier hier.

GMX, Security and Privacy.

[[!meta description="""Yet another story about why you need to hide things from the rest of the world, and why commercial company can’t help you with

Once upon a time

I have this friend – Milou. She’s going to be a good journalist, and she worked a lot for NGOs during her studies. Hence she travelled a lot. As a NGO worker and apprentice journalists, she travelled in … hmmm … interesting places, and a country in particular – let’s call it Zoukinistan.

You’ve probably heard about Zoukinistan, it’s one of these countries the US – and part of EU – are at war with, and where those almighty democracies^Wpowers tried to create a Democracy they own.

So, this woman was going there, doing a job of getting in touch with local activists, reporting human right violations, doing journalisms, stuff like that. And she met there a lot of interesting people.

Not all these people are on the side our governments are comfortable dealing with. Not necessarily warlords or fundamentalists either. They probably just don’t want any more foreign interferences in their country. Yeah, the ones governments probably call terrorists. Or enemies. Or just those who want to expose corruption of their US backed government.

So, as a journalist, she maintains contact with those. No one knows when the next things to expose will blow up. And since she’s quite aware of all the NSA doing nasty things on US hosted servers – essentially trying to graph people in contact with this kind of activists – she goes for a non-US based email provider, and a free one.

And then GMX entered the dance.

Since Milou knows me, and since I worked a bit with her, she uses Tor, OTR, and free softwares. And I think she understands why it’s needed, and why she needs to protect her sources.

So, she created an account on https://gmx.com and used the webmail using Tor, naively thinking GMX – being a German company – would protect her communications.

It appears that GMX is part of United Internet, a German holding which also owns 1&1 and mail.com. And they own 7 datacenters in the EU and the US according to their about page. So they have data on US soil, under the Patriot Act – and you definitely don’t want to have data there if you try to protect sources from US Gov. But nothing says that the former French Caramail they bought and became part of gmx.com is hosted there – in fact, and for strict latency reasons, I think they’ll leave it in EU soil, just to have good performances.

Anyway, let’s put those considerations aside for now.

So, Milou and her friend exchange emails using GMX. I’ll skip the fact https is not enabled by default. Or that they implemented it quite late between servers – after all, Google did it only after NSA had leaked a nice post-it – it’s not really that important since, after all, all emails are probably stored in clear text on a corporation server.

However, Germany, home nation of GMX, is involved in military and security mission in Zoukinistan. We also now that NSA did infiltrate German Internet companies and that the German secrete services do cooperate with NSA.

And then the Milou’s GMX account has been closed for security reasons. Since the IT support doesn’t provide any details and that I could not find anywhere on the net anything related to closing of the accounts if used via Tor – even if they made it hard for anyone to do so – and given the lack of security on their side, I think that it must be read as national security reasons.

My guess is that GMX has been required to terminate this account because it represented a threat to national security.

The interesting part would be to know which nation asked for it. Could be France (Caramail which became GMX.com was French after all), US since they would not like my friend to chat with a terrorist or the German wanting the same thing.

I don’t know. Hard to find evidence when the tech people in the company refuse to provide any. And that’s weird. They could have pretended some unusual traffic came from Milou’s computer – unusual meaning in this case via Tor and Ubuntu – or that they detected some attack and the account had to be terminated, or anything else.

But no, they just "can’t answer", won’t provide any email backup, nor even any support. I don’t like drawing conclusions without facts, but it really seems like someone read those emails and have GMX close this specific account.

About learning and teaching

About learning and teaching

And maybe doing it right

So, I happens to have accidentally bootstrapped a sort of collective to “organize” cryptoparties in Paris (See Here). It’s quite cool because then, you know, I can skip some of them to actually get some rest when I’m on holiday.

Things works more or less smooth, but I have some issues with the way it looks like now. It’s not something easy to say, because it’s probably my fault – at least I do have some responsibilities – but we have some attitude issues among some of the co organizers. I hope it’s nothing that can’t be fixed and we will try to talk about it and see how it evolves.

However, the more I think about it, the more I think we didn’t talked enough about what teaching or do training actually is. And what are some responsibilities you have to endorse and accept when going in front of a group of people and try to have then learn new things, be it chemistry, astrophysics, politics or – in this case – cryptography and privacy.

So, as usual, I’m gonna brain dump here. Not sure if it will make sense or if I’m right, but I think people who wanna do some training might think about what it implies for them and for the people they’ll train.

Desorganised and non-planned

This how we kept cryptoparties organised around here. Everyone of good will is welcome to helps, there’s no skill prerequisite, no resume checking. We all do that on our free time and we try to remain between friends, so it implies a lot of parties (the Telecomix way of doing things) and sometime some harsh talk on a mailing list. But it’s how I like it.

I started those workshops at le Loop, because I wanted to explore technology I did not understand completely at that time, and I prefer doing that in group. The fact that it became a sort of institution is an accident and was never planned.

So, when we throw up a new cryptoparty, we follow the Chaos workshop Howto and we mostly tries to know who will be there and who can train on what topic, then ask the question to the people who have gathered here “What do you wanna explore?

And it was far from perfect, but at least it worked for a while. But now, we have some issues. Those issues are basically because we never talked between us of what knowledge transmission implies.

Cognitive biases ans Argument of authorities

First thing to acknowledge is that, when you put yourself in a trainer position, you have an immense power. You are the expert, the authority, the person who knows, and what you will say will be accepted like The Truth (with capital letters) by your audience.

It means that you need to be extra cautious regarding this power, because – has Peter Parker states it – with great power there is also great responsibility. Not to be exhaustive, or to be flawless, but to be as much flawless as you can toward the knowledge you’re trying to transmit.

Especially in the case where you train activists. Those people basically will use this knowledge in life or death situations and you must do everything you can to avoid them having wrong ideas about what they’re doing.

This is YOUR responsibility. You must know what you know and what you do not, you must accept that you can’t know everything and says when you can’t find an answer to a question (and note it and then look later for the answer). You can’t be good enough or approximative. You must be excellent. If you can’t, you should not do this training.

And yes you have internet to help you. When you don’t know, do not hesitate to fire up a web browser and search for the answer. That way, the people you’re training will learn how they can get better at understanding things. In the crypoparty context that’s also why I like doing them in pair. One can correct the other or helps when difficulties arises, and everyone is getting better at doing it.

That’s also why when I want to explore a new tool, I say upfront that I do not now how it works, but I want to find out how it works. And we dig deeper and deeper, while exploring.

That’s also why I do not teach the math behind cryptography, because I do not understand them fully (and that’s also why I’m not writing crypto code), so it’s hard for me to explain how they works besides rough generalities.

But – and that’s the important part – few people will question you. After all, you’re the person who have the knowledge, and they crave for it, they want it. So, it’s YOUR job to make sure that you won’t teach them errors.

Inclusiveness and accessibility

This part is more directed toward cryptoparties. It’s already a hard place for people to come to a cryptoparty, the name is scary – and that’s why we brand them Café Vie Privée or Privacy Café here – so we need to be the more polite, accessible and inclusive as possible.

It means that you should avoid to patronize people and accept their questions, and weirdness. It also means that when you have to pick up examples, analogies, and things like that, you really should avoid stereotypes because it only creates more stereotypes.

That’s also why you shouldn’t do level oriented groups. Or use terms like n00bs. It’s exclusive, it confront people to their lack of knowledge in a specific area (while they can probably teach you a lot of things from their experience).

The fact that our cryptoparties here are mostly ran by white cis-male is already a big issue. If you use sexist example or assume that people – because they’re female – are the ones who do not know a thing about crypto, you will have an issue.

And it’s not even because you’re an asshole. It’s still because you have the authority, and it have some powerful side-effects. If you tell to people that they’re fantastic and that they’re making progress, that it doesn’t matter if they fail now, etc., then they’ll be amazing. On the other end, if you think of them as n00bs and lamers who sucks at understanding basic tech because you knew it all before, then they’ll stay that way.

So always think of inclusion of everyone. Including the weirdest people you’ll see. Or the one you’re not comfortable with. You don’t have a choice, if you want to share your knowledge, you should share it with the biggest number possible of entities, and then you shouldn’t assume anything about their lives.

Stay humble

And that leads to our last part. Stay humble. You might know a lot of things about the topic you’re about to talk, or you wouldn’t or shouldn’t do it. But all the other people around you – including the co organisers – are also more or less expert on some topics, sometime even the topic you’re going to teach.

And you’ll always be in a de-facto authority, so do not brag about all the things you did. You do not need to justify yourself, if people came they already trust you to be good at what you’re going to train them. You do not need to confront them to their lack of knowledge.

And if you’re doing it with a collective – which is best, parties are better when there’s more than one person partying – you need to work with the collectives. Different people have different views on the same topic, that’s why it’s interesting to work with them. They will also helps you when’ you’re in difficulty, or helps you getting things together when your world will inevitably fall apart.

And it’s important in such a collective to not have to big of an ego, to accept to step back. Yes, you can promote your own projects because they’re cool, they can help people and the like. But you have to accept that, sometimes, someone else want to speak, or try to do things a different way, because we’re all learning how to transmit knowledge, and sometimes we need to experiment.

So yeah, you should listen at your co-organisers. But you must also listen at your trainees. They have questions and problematics you can’t anticipate. And since you’re not doing a lecture, you need to interact, to accept their view, to try to get in their shoes, because there’s a reason for that question you judge stupid.

Also, you need to transmit all the keys you may have to knowledge. It means that you, for instance, when you’re demonstrating a new crypto-tool you like, you should explain what each available options are and what are the differences, but also why you recommend using this specific set of options. You have a reason for doing so, so explain it.

And be patient. I mean, I’m doing help desk for a living (or well, part of my job is doing help desk) I can assure you that most of the people who will voluntarily come to one training are willing to learn. But they need to understand things, and sometimes you will need to answer the same questions many times. It means you need to rephrase until the trainee understand. And yes it’s exhausting. But it’s nothing like help desk, so be patient.

Conclusion?

So yes, if you want to train people, you have responsibility toward them. You must think about that, you’re basically messing with their lives. It’s easy to scare them, and have them run away, but that’s not your job. Your job is to give them enough keys and support for them to walk then run then do a back-flip.

And it needs some prerequisite. Be humble. Know where your knowledge stop. Be inclusive. If you’re not, and if it happens when I’m around, I will probably rush into you and slaps you around with a big trout.

Training is a serious matter. It can be done in fun ways, but it must be done in a way that will manage trainees to be trained (and, one day, they’ll became trainers too, which is an excellent things and helps you stepping back

Identity, Symbolism and Uniforms

Disclaimer: I’m in no way a sociologist, those are the state of thoughts in my brain as of now, it will probably change later. And yes, it’s the result of different conversation I had online recently

Identity crisis

Identity and surveillance

There’s something going on in my head for a while, it’s that I have hard time thinking why mass surveillance is inherently bad. I agree with that, but I try to understand why. Because, as Quinn Norton and Eleanor Saitta said it in their 30C3’s talk ‘No neutral ground in a burning world‘, the surveillance is not necessarily bad.

If we want mutual care and mutual aid to work – and really, I think it’s mandatory in the world I want to live in – then we need surveillance. To keep tabs on each other just to know if they’re OK, or if they need something.

So, the more I think about it, the more I come to the conclusion that the bad thing with surveillance is not the massive amount of data collected. It’s the link made between those data and entities – human being, devices, whatever. And that is, I think, what we call identity.

Some might argue that identity is what you are, but I tend to think it’s more than that. Identity is the projection of yourself in a social context, and the your identity is not the same from the state perspective or from your friends one.

Embodiment and identity

An identity is an interface between your self and other selves. It can be a login on a computer system, a social security number, or any other features. The Guy Fawkes mask is one of them for instance, as well as a lots of memes – but more on that later – and this interface is what we usually call a body.

A body (including the way it is dressed) is, in the meatspace, how people will identify me. My friends recognize me because of my body (and not because I give them my social security number). But in this networked world, you’re body has been augmented.

Your socials networks (Facebook profile, twitter stream, G+ account, whatever) is just that. A big pile of data that became your unique body on those networks. Same goes for the medical system, your personal medical record is your body in there – and yes it include description of your flesh and blood body.

And, for what it matters, the state, by giving you ID papers and forcing you to have them with you at all time, including biometrics to check that you’re really the good version of you (yes, a picture is a biometric identification system) gave you an identity.

And this is where it starts to suck big time. Whatever we wanna do today, you’re asked for a proof – a link – of identity. More and more content you check online require you to be authenticated using one identity or another, and since everything is logged, it’s added to your identity and to your body without your consent or your knowledge.

And every time you’re forced to use an identity (to get money from your bank account, to prove your ID to a cop, to watch that porn), you’re forced into a body. And that’s why registration sucks. Each time you have to login or decline an identity somewhere, you have to endorse a body on which you have less and less control.

As the feminist says: "My body, my rules." It should apply on all forms of body, including the ones made of data.

Symbolism and memes

Symbol

Before going further, I need to define what a symbol – or an icon – is. I’m not a specialist in symbolism or else, but still. Symbols are ides compression system. When you see one of them, you instantly access to a lot of ideas and concepts linked to it – of course those ideas will depend on your past and on the events you’ve gone through – and that’s why symbols can be extremely powerful. They are to ideas and memes what gzip is to text, a fast way to deliver memes.

And occult enthusiast loves the symbols because their meaning depends on your cultural background. Take the svastika for instance. If you’ve got an hinduist or buddhist background, a north-westernenr one or if you’re a raëlian, it does not deserve the same message. And occultists loves the hidden meaning of symbols, after all occultism is all about the hidden meaning. What’s the hidden meaning of this bird fly, of those tea leafs, or any other stupid sign they try to interpret and give meaning to.

Symbol and bodies

Adding symbols to your body is, usually, a good way to tell a lot of things to the entities interacting with you. Wearing those buttons of the CCC or EFF basically explain to those who have the cultural background that I support them.

The hidden meaning of symbols and the fact that they’re senseless is also extremely interesting. That’s how antisocial and oppressed groups identify themselves. Christian during the early age of roman empire, used to use fish as a way to identify themselves. Nowadays fascists wear some specific clothes, or use some symbols (like the celtic cross) to be able to identify themselves but not being flagged as a fascist (while having a nazi cross tattooed on their forehead will makes us identify them as nazi).

So tattoos, clothes, buttons, avatars, quotes, and all those memetic shortcuts you wear on your body do tell to people what you claims to be or think. And that’s why we spend some time to think about how we look, that’s because those symbols will unzip themselves in people thoughts when they’ll meet us. Your body – and then your identity – tells a lot to the people you interact with. And that’s why it’s important for you to get in control of your body.

I mean, you wouldn’t allow somehow to tattoo that nazi cross on your forehead. So, you shouldn’t let a government or a corporation labels you as, for instance, a radical lefty or a LGBTIQ militant if you do not want it.

However, some symbols have became so powerful tat they now have entire identities attached to them. Take the Guy Fawkes mask. Seeing one makes you think Anonymous (and can recall V for Vendetta) and Anonymous is an identity. It’s a body you can wear at any given time it’s even its purpose.

Uniforms

And yes, there’s a lot of these kind of body you can wear to represent specific ideas. You reject your identity to embrace one another. For instance the UPS delivery guy is not someone specific. He is UPS. While wearing this brown body, driving this brow truck, he become UPS and all that this represent or can represent.

Wearing a uniform denies your identity and makes yourself part of another body. That’s why cops and soldier have them. To identify themselves, for us to identify them as the function they serves (and not as specific individuals), and to differentiate from their enemies.

That’s also why anarchists and others tend to have a uniform (hell, black flag is a strong symbol, and nowadays most of them wears black hoodies and scarf to hide their faces) it allow them to abandon their identities and to wear another one.

Wearing a symbol or a uniform also makes you part of a community. I mean, the Apple is a sign of belonging to the Apple values (elitism, lack of control, wealth, coolness) as well as wearing a latin cross will give you the feeling to belong to the christianity, or wearing those branded shoes will makes you part of a community. Or makes you think you are.

But mostly, uniforms are a form of abandoning your identity to merge yourself in a crowd of more or less likely minded people. That’s why I tend to think they can be dangerous. When you start having people all wearing the same symbols with or without understanding all the implication a symbol might have – not everyone have the same cultural background – you start to have a uniform appearing.

And wearing a uniform is abandoning your identity to became another.

The link with surveillance?

So, you have your body. Some part you control, some you don’t (basically everything that’s in the cloud – which is a technical term meaning I don’t give a shit about what happens to those data).

The ones you control is not the problem here. The problem here is the one you don’t control anymore. Different entities are associating ideas, tags, identification mark all over your body – think tattoo here – for different kind of purposes. To tailor some services, advertisement or – as the event in Kiev show us – to classify you as a dissident.

You have no control on that. Those organisms use those (meta)data to build an identity and to link it to your others identities. And if you control the identity – hence the body – you control the people.

You make them wear a uniform they don’t even know about, or understand. You transform them from individuals to part of something else they have to conform to, because wearer of uniforms do not disobey or they’re stripped of it. And since it’s cool to wear it, you do not want to lose it.

And yes, this identity imply that you’ll comply with what it means. From the state point of view, building identities allow them to sort between good and bad citizens. And to expose the bad ones as bad citizens and you don’t want to be the bad guy – except for the sociopath.

So, you’ll do everything you can to conform. To obey. To stay in it, to deserve your uniform of good citizenship. And then to abandon your self for the one you’re told to wear. And that’s where mass surveillance sucks. It’s not about the amount of data collected which can be useful (asks an epidemiologist to work without data collected on the whole earth for instance). It’s not even about surveillance (knowing a disaster is happening and reacting to it is, generally, a good thing). It’s the identity building that sucks.

Enforced identity is quite new as a concept in the human history. And each time a state have provided citizens with ID-card, it was for controlling them (yeah, in France we have them since the Vichy government), not for making their life easier.

And in that connected era, states aren’t the only on to gather data and to attributes ID. Twitter nickname, Google and Facebook ID, all of them are more and more used to connect to other services. And yeah, it means they want to have control over you. And for you to wear the identity they’ve chosen for you.


Project Chaos – Part 1

Project Chaos Part 1

Intro

This article will be the first one of an ongoing story, I’ll try to document my journey on this project through posts, probably shorter than the usual ones.

So, I’ve got this group or tabletop role player that I know for 15 years through different instanciation of the same internet community. It’s the group of people I know for the longest time (for almost half of my life until now) and as all online community it’s shaped by the tools we use (and the tools we use are shaped by our community).

There were the bulletin board like forums (phpBB then fluxBB), both of them managed by the techies (not me) and a third iteration based on drupal. And facebook. Because before 2007 we used the bulletin board forums as a way to keep in touch, to plan parties or to help each other.

Since the facebook happens, the forum mostly turned to be a game-lore database, all the social thing slowly moved over there. And then the forum started to slowly die.

Also, Shadowrun, the game we used to play, gone through some editorial crisis, the new edition has been heavily criticized and some personal dramas did technically killed this forum and group of friends.

They’re still in touch through Facebook, Google cloud sharing services and stuff like that. But since I won’t get there I’ve been a little bit ostracized (not that I really mind, I love my loneliness) but this community was not a community anymore. We ended up with half a dozen of people doing all the community services, while all the others are just feasting on it.

Typical of communities of that age I think. Some of us moved far away, other are having babies, but still, internet tools were supposed to help us to stay in touch.

For the last two years, we did however launch a lot of meetups in different places. And I fighted the uses of google docs to the profit of free alternatives such as etherpad and ethercalc (more than enough for our use case of writing down recipes and errands to run to feed 30 people) with some success.

And then came the sharing. We’re sharing a lot of music and playlists. Especially when you want to run a game, you’re always looking for some atmosphere, so we talk a lot about music (I mean, a 6hours long game is 6 hour of music non stop, you need to find some). The thing is, they want some of my music and, since I won’t use spotify nor google, we’re stuc with sneakernet. Reminds me high school where we exchanged tapes, but with USB hard drive of more than one terabyte.

So, they wanted to share, including what politicians would call illegal files. And, in what sounds like a surprise – but interesting – move, they want to do it themselves (OK, they want me to get involved and helps them) but they want to self-host their stuff.

10 years of advocating free software. 5 of advocating for getting out of social centralized web. 2 after setting up a social network for our characters. 1 after showed them how powerful free and decentralized software can be, they asked me to helps them build a community sharing server.

At last.

Next step

So, we’re currently writing down what we want and need, using etherpad and calcs. There will be a lot of learning implied, and some code to write. But at least, we’re going to do it together.

And yes, they actually asked me to show them how to administrate a server, even if it implies running a shell.

So this will be my log for this journey. I hope we’ll reach the destination. Theres adventures to come, but I have faith in their motivation.

You can haz my freedom. As long as I can haz my pr0n

is not the issue we’re facing"""]]

Context

Yesterday, the National Assembly in France voted the LPM (Loi de Programmation Militaire – Military Planning Law) and a lot of the so called civil society was upset about the Article 13 that may (or may not, we can’t know given the way the text is redacted) legalise what has been illegal for the state until now: wide collection of data and communication in a state without a judge intervention if it’s for the defense of the state.

And I really think that civil society is now dead in France. And I’m saying that while working for a NGO – FIDH (Human Rights International Federation) – and after helps LQDN fighting ACTA, HADOPI and all this stuff.

I just think that the 13th article of this law is just a diversion, a bone throw to the civil society to fight against and to enable the government to do worst at the same time.

Don’t touch my porn

Everyone, including me, is fully aware that each attempt to control and censor the internet (even if it’s stupid) is dangerous because it deprives you of your liberty to … to do what? To consume moar advertisement push to us by private companies.

We’re not using this fantastic tool to build a new society, to change the old one, to organise protest like it’s the case almost everywhere in the world (Tunisia, Egypt, SYria, Ukrain, Greece, Brazil, I mean, look at the news: world is in flame). We’re using it to watch porn and to stalk our neighbour.

So, yes, you will fight for your right to watch porn. That’s OK, I mean, I can’t blame you for wanting to watch porn. But you will defend only that. When people are in the streets fighting for the «internet», they’re not asking for freedom of organisation, communication and privacy. They just want to watch movies they do not want to pay for (because the movies are so lame nowadays that anyone should pay for that, I agree) or to watch their neighbor having sex at a party.

And now, the civil society is just raging against each attempt to censor the big ternet. Except it’s mostly fighting on that. We were already lured in the past, when opposing DADVSI while anti terrorism law were passed. Twice.

The issue is that organisation (and non organisation) such as LQDN might be great to get people calling parliamentarians in the French national assembly or in the Euopean parliament (after all, ACTA was defeated), but they’re not good at explaining to the people why those laws suck.

The thing is that now, we have in each and every law (about planning of military operation, prostitution, gambling, copyright fraud, criminalisation of hate speech, etc.) an article about Internet and censorship/controls.

The thing is that now, we’re fighting only on this point. Us, the citizen, at least the one who are occupying the mediasphere and the social space, are only focused on internet, and nowhere else.

It means that it’s easy for the governement to pass a new security law. It ust have to add a censor-the-internet-article-we-do-not(really-want-in-fact and just wait for the civil society to go after this specific piece of article that the governement is willing to abandon anyway.

It will give civil society the feeling that they’re usefull, while validating that this way of governance works.

Well, you know what?

G

O

F

U

C

K

Y

O

U

R

S

E

L

F

!

It’s a lie.

It does not works. A society which is OK with mass surveillance (whereas using cameras for CCTV, advertisement display with eye-tracking and face recognition system, invasive social networks and other facial recognition system branded as cool) is not a democracy.

Wake up!

It’s time to stop believing that the orderly and controlled protests, petitions and yelling at people works. It doesn’t, the current politician cast is gaming us and this system.

We need to teach, to provide as many explanation as necessary, to fight the fear and to help everyone to have a better understanding of what internet actually is, what it’s not and why it’s the best and most beautiful thing humanity ever created (yet). And we can’t do that by using the traditional way of expression.

We must stop trying to convince politician and start more powerful grassroot and decentralized movement. We must build that alternative society everyone is dreaming of. We must stop thinking that politicians and corporations will ever hear the people, because it won’t happen as long as they think they’re safe. We must challenge them and threatens their safety.

We must not abandon our rights, among them the right to have a private life and to protect it from interference according to the Article 12 of the UDHR, but it’s a bit late.

I mean, 2001 is the first anti-terrorist law (LSQ). We since had a lot of them. And each time, there’s only the internaut – or, well, the one who enjoy their porn – to fight them.

It was twelve years ago. And we still have all of them. No one is publicly asking for the abrogation of those laws. Instead of that we’re just reacting, we’re playing a defense game in which we can only lose something (a small piece of liberty or a bigger one), we need to take the initiative now.

How many loss of liberties should we endure before someone will actually move? I think that we just quit the fight. I think that we think about what we can lose if we start getting angry, and that’s why we’re hearing a lot about what’s happening in Greece. Our so-called leaders are using Greece as a bogeyman to scare us and keep us at peace like, you know, saying "You shouldn’t ask to much or you could loose evrything". The problem here is not about what’s left that we can loose. It’s about what we could win.

So, just wake up. ANd think about what we can have, start asking for things instead of waiting that what you deserve is attacked by one more stupid law. Take back the street. Threatens and challenge the ones in power. Use the solidarity and means of communications you have around you.

The issue is not the politicians. The issue is you. You let them control your

We need optimism, not fear

Fear

I plead guilty. I used to use fear as a tool to try to seed concern in people mind when I was explaining why it is needed to use cryptography on the internet (and elsewhere as well).

The thing is, fear is an extremely powerful feeling. I think it’s rooted somewhere in the evolutionary process, I don’t think there’s species who don’t know fear (and if it were they either are sharks or have since then disappeared, eaten by things they should have fear).

And it’s not one you should use to make people do things. If you use fear to try motivate people, they will be stressed, and some of them will panic (we do not answer rationally to stress and fear) and will run away, screaming in despair, spreading the fear like an arson jumps from trees to trees and finally destroying the whole forest.

By using fear, people who will do what you’re saying, won’t do it because they feel it will improve them, they will do something because they have no choice. And if they can run away from it, they will just do it and will avoid to – for instance – use the internet.

Developing fear into people, is the best way to get the worst out of them, this is exactly the mechanism developed by fascist to gain power, and you know that since Star Wars:

Fear is the path to the darknet. Fear leads to anger. Anger leads to hate. Hate leads to suffering. – Yoda

And since fear is irrational, it doesn’t help people to understand how things works. That’s exactly what states (nation or corporate) are doing now with the Cyberwar, the Darknet and all the creepy stuff.

It enables the states to plant uncertainty (and doubt) in the mind of people, to make them unable to understand how things works, and then to control them (people are now afraid of opening stuff to understand how they work).

I once thought it was possible to use a little bit of fear to raise consciousness into people mind, but it’s like firing up a match in a gasoline tank, even if you’re careful, in the end, it will blow up.

Death on the internet

We were discussing the issue with @microouvert the other day – she says I’m now on the cuddle bear sides. We hear a lot of things about the NSA/GCHQ/DGSI/FSB/insert any new acronyms I might forget here, and the way they do surveillance.

We hear a lot about the surveillance (and then control, and restriction of liberties) made by GAFA members, less than the NSA thing but still. The thing is, it’s not the issue at hand.

You won’t fight spying by using fear. I’ve noted two different behaviour when trying to "warn" (and scare) people about the danger of mass surveillance. Either people go for the "Nothing to hide" stance, or they go for the "Jumping into a bunker and wait for the world’s end" stance. None of them is good.

The issue we ave to manage, and the only way we can find to dismantle the mass surveillance, is by fixing society. And you fix society by empowering people, not by giving them tool they don’t understand, and don’t know what to do with.

In most of the cases, the fact that Google, the DGSI, or your neighbour is spying on you is not a matter of life and death. Most people are not field activists, journalists, hackers, or other – sadly – risky activities to do. Most people just keep on with their life, doing the extraordinary things they doing every day. They do not need to be scared by global surveillance, they already have a lot of thing on their mind to manage.

I’m not saying that global surveillance society is not scary. It is, and it keeps me up at night. We need to fight it but we can only fight it by a social change.

I mean, I’ve looked through some toys shop recently (yeah, something about Unixmas) and there’s more and more spy tools. There’s more and more stalker apps on both Android and Apple store (while you still can’t access porn on the second). Spying your neighbors, your partners or your kids is hype, fun and cool.

This is way more worrying than the fact that NSA is spying on French citizens. The acceptance that it’s normal to invade the privacy of other is an issue. And when you protect yourself from that, you are a freak, you’re an outcast of the society.

It’s not a political change that we need. I don’t believe a political change will happen soon, and will do any good. We need a social change. We need people to empower themselves and discover that internet is a great tool to organise.

Internet isn’t about surveillance

Internet is about communication. And organisation. That’s what we need to tell to the world.

Surveillance is, basically the gathering, storage and analysis of human activities – data and metadata. This is not what internet is doing. Internet is doing one thing: packet switching, which is carrying a message from a point A to a point B.

The storage does not happens on Internet, it happens at the fringe of internet: on your computer, in some datacenters, or elsewhere. But Internet does not maintain a databases with all the packets ever created.

Internet is about communication, and organisation. It enables people to benefits of different way of organisation since it provides different way of communication, and communication is what we – social animals – are doing to thrive, live and survive.

This is the thing we need to teach to people. That they should not worry about internet because internet is not actually spying on them. It’s helping them to communicate, to organise, to reach out.

And that’s something all people are doing. Either they want to organize a family meal, a party or a riot, they are organising things. And they’re doing it using social networks, improving they’re social network. Ok it’s on facebook, twitter, Google+ or whatever spying agency tool provided to them.

What we need, is to open the eyes of the internet consumers to turn them in internet actors. What we need, is to reassure them, and guide them through the early step of understanding what is internet and how it works. What we need is disassemble the toxic memes of surveillance, cyber-insecurity and Darknet – which isn’t about encryption, but about opposing the dirty internet to the good internet.

And you can’t do that by using fear. You need to light a spark in the mind of people, not to burn them alive in fear. We don’t need "Told you so", or "Paranoiac" stance – I’m not saying that you should use some caution, just that most of people don’t need it.

So, stop saying there’s some danger on the internet. It’s a lie. There’s only IP packets on the internet. Everything else is in our society. And we need to change it.

And yes, I’m turning to the optimistic cuddle bears from the intertubes team. It will allow we to do some memetic warfare in a more efficient way.

Searx

Welcome to searx

You might have noticed some change on my seeks node since it’s not a seeks node anymore, but instead it’s a searx node.

Searx is a project started by asciimoo after Taziden gave a talk at Camp zer0 about going forward with seeks and opening it up to a wider base of developper.

The idea is that seeks ‑ currently written in hardcore C++ ‑ is a prototype and an exploratory project about search and decentralization of search, and that we can now build almost from scratch a search engine which will implement the concept behind seeks but in a more developper friendly way, for instance in python.

We already had a lot of discussion with people hanging on #seeks@irc.freenode.net about this and, technically, there’s two tool to develop. An easily extensible metasearch engine which will feed a DHT of result shared with different nodes.

And then asciimoo wrote searx, a meta search engine, easily extensible. Now, we "just" have to connect it to a DHT. But I’ll save that for later.

So, how did I installed it? I’ve fought a little bit with uwsgi and nginx, but now it works. Here’s how:

Setup

Getting the code, the dependencies and everything else

Create a searx user for it’s a good practice (don’t run things as root) and do some git cloning and virtualise you’re environment. Oh, before I forgot, I’m running a debian stable and I try to keep the distribution clean (so no pip install outside of virtualenv)

cd /usr/local git clone https://github.com/asciimoo/searx.git chown searx:searx -R /usr/local/searx cd /usr/local/searx virtualenv searx-ve . searx-ve/bin/activate/

Now, you have a running virtual environnement in ”/usr/local/searx/searx-ve” and the code in the parent directory. You need to install some dependencies, so launch that command and go get a cup of coffee.

pip install -r requirements.txt

Now, the code is alive. You can test it by running the flask instance:

python searx/webapp.py

And you can proxy requests to ”http://localhost:8888” from your favorite webserver. It works.

Uwsgi

Since it’s not daemonized, and you’ve got only one worker, I wanted to have something more maintainable. So I needed something like uwsgi (or gunicorn, or whatever) to run the apps right from nginx.

Since debian splitted uwsgi config in a lot of modules, don’t forget to install python module (I was stuck with that a lot). So, let’s install uwsgi and required dependencies.

apt-get install uwsgi uwsgi-plugin-python

Next step is to create an app. In debian, uwsgi has the same apps-{available,enabled} file structure than on nginx or apache. Here’ my config file for searx:

vim /etc/uwsgi/apps-available/searx.ini  [uwsgi] # Who will run the code uid = searx gid = searx  # Number of workers workers = 4  # The right granted on the created socket chmod-socket = 666  # Plugin to use and interpretor config single-interpreter = true master = true plugin = python  # Application base folder base = /usr/local/searx  # Module to import module = searx.webapp  # Virtualenv and python path virtualenv = /usr/local/searx/searx-ve/ pythonpath = /usr/local/searx/ chdir = /usr/local/searx/searx/  # The variable holding flask application callable = app

Once that’s done, symlink this file in apps-enabled and start uwsgi.

cd /etc/uwsgi/apps-enabled ln -s ../apps-available/searx.ini /etc/init.d/uwsgi start

By default, the socket used by uwsgi will be in ”/run/uwsgi/ap/searx/socket”. This is where nginx will chat with uwsgi.

Nginx

Hard part is done, if you already have nginx installed, just use yet another vhost.

vim /etc/nginx/sites-available/searx  server {     listen 80;     server_name searx.example.com;     root /usr/local/searx      location / {             include uwsgi_params;             uwsgi_pass unix:/run/uwsgi/app/searx/socket;     } }

Then activate the newly created sites and restart nginx.

ln -s /etc/nginx/sites-{enabled,available}/searx /etc/init.d/nginx restart

And go visit searx.example.com or whatever your FQDN is) on port 80, it would works.

I suggest you to install some SSL? but it’s beyond the scope of this tutorial.

The NSA and the hypocrisis

Context

Finally, the French governement is going to react to the NSA mass spying. Just after the first article published by Le Monde (there might be a paywall). Technically, it’s nothing really new since we’ve read the same for Mexico, England and Germany those last days – use your search-engine fu to find related articles.

Oddly enough, 6 month after the first revelations, the French Foreign Ministry has summoned immediatly the NSA^WUS ambassador to talk about it. AT the time I’m writing this, the results of the meetings are not yet public (and I don’t even know if the US Ambassador will answers at all) but, in the end, nothing will change.

Also, we currently have, in France, yet another debate around yet another expulsion of yet another school girl (directly from school) and a lot of discontent about or Ministry of Interior. I’m not thinking the summoning of the US ambassador is done only to try to heave people forgetting about this issue, but the timing is troubling.

First, the obvious – Why do the NSA is spying on French

This is the first time that a national newspaper of broad audience (Le Monde) is directly releasing and analysing Snowden’s document. Before today, it was only comment and translations of foreign newspaper and some analysis done by smaller press apparel.

Le Monde is used to do this kind of release since it was the partner of Wikileaks for the CableGate and, at least parts of, the Warlog. And they’ve got a lot of attention when they did that, so I suppose that this article, and the apparently starting collaboration between Snowden’s news agency and Le Monde, is starting to gather political momentum.

And the french governement is craving for achievments. There’s a lot of miscontent right now – not enough to pull people in the streets, but enough to increase the extrem right wings voter pool – and they might want to do something good. Political momentum from NSA scandal might be the good one to convert into good reputation.

However, they always seems to discover the fact that the NSA had spies on French citizens and officials. They know it since, at least, June and I won’t admit that they didn’t had strong suspicion before that. This is just something they’re doing to occupy the news space, and try to divert people from ongoing issues – hate speech, immigration, economic situation, jobs issues, pick one or many of them and you can even add to the list.

Friends and foes

NSA says they’re spying on anyone to find terrorists. So, it means that:

  1. They do not trust us and think that there’s a risk big enough to have a terrorist-strike on the US soil coming from the french soil. If that’s the case, it means they do not trust their allies. So why are we even part of NATO?
  2. They trust us, but they think our own spying services are lame. I can get it, but then, since we’re allies, they’re probably sharing intel with us. As they’re doing with the UK secret services: GCHQ (GCHQ seems to be the NSA’s reach in EU).
  3. It’s not about terrorism, or a risk of war. Then it’s mainly an economic issue and the NSA uses its powers to take over some market for the benfits of US companies – the ones who works with the NSA.

The economic angle

The economic angle is something interesting. In the french IT industries, we have mainly two actors favored by the state. Former State companies – France Telecom aka Orange, Bull but it was a failure, etc – and big names well established – and for the computer stuff it will be US companies.

One single example is quite interesting. Since France is part of NATO, we must comply to some interoperability on different levels such as ammunitions, information system and managemenbt and strategies.

I like the ammunition aprt, because it explains well what interoperability is. The NATO calibers are standards. And if you want to have your rifles, guns, rocket laucnhers, whatever approved and used on NATO battelfields, you must be able to fire them.

It doesn’t means you must use the Colt’s M16, just that you’re own rifle must be able o fire the NATO ammos. In France we use the FAMAS (French automatic Rifle), the US use the M-16. That’s interoperability.

For the information management, NATO requires the sale level of interoperability. You must be able to send and receives data to and from any NATO system. The US used their own version of Microsoft Windows Hardened for their specifid needs.

The France use the Bull system. No, it’s a joke. Mouhamar Khadafi use the Bull/AMESYS system we sold him. We prefer using the Microsoft system for our critical infrastructure whoch is the army. We’re able to manufactures great tools and weapons and we can even sold them to dictators without blinking, but for our own needs, we’d rather relies on the armed arm of the NSA: Microsoft. The Open Bar contract has been exposed in Avril 2013, just some month before the Snowden revelations.

And we now know that Microsoft is a big part of Prism since the 9/11/2007. The fact that the french military’s head didn’t even thought about it is an issue. And I would suspect Microsoft to have used the NSA to spy and influence the deal.

The strategic angle a.k.a they do not trust us

In the diplomatic game, you can’t really rely only on the good behavious of your allies. Especially since allies or your allies can be your ennemies. For instance, Turkey is an ally of the US since it’s part of NATO. But I’m not sure all the Turkey’s allies are allies of the US.

Same goes for Pakistan.

So, a paranoid and schyzophrenic state like the US is spying on its allies. That’s standard diplomatic procedures, and that’s what embassies are for. However, in this specific cases, the NSA is going way further than a simple state spying. They’re spying everyone – I mean, we’re talking of about 7M phone calls from France in a month – that’s a lot.

Also, France has been criticizing the US on some key political and foreign issues such as Iraqi intervention, and the US stance toward the whole Israel/Palestinian SNAFU. So, they might be interested on some data, and since we host some movment which threatens US interests, they woudl suspect that France can host the next team for a suicide bombing toward US interests. That’s why they would want to spy on the French citizens.

The interesting part of it is: did the French government benefited of it? Or any other governement. Or companies. For now, there’s nothing in the documents leaked by Snowden that would give us a solid proof for that.

They knew it

I really think that the french government knew it and benefited from the NSA mass surveillance program. But, before jumping to this conclusion, we need to ellaborate a little bit on how it works.

The presentation in Le Monde, highlight a fact a lot of people forget about. When routing on the internet, you’re not going through the physical shortest route, but through the most efficient one.

I’m going for an analogy for those of you who do not know what routing is. If I want to go from Lyon to Bordeau by car, I can take the shortest path, made of – at best – national roads. You’re going to go accross a ot of villages, and smallest road. Or you can go through the fast highway. It will cost you some kilometers (and money, but that’s not the point) because there’s some kind of mountain in between, but you’ll arrive faster.

That’s the same thing for internet. The physical shortes path, is probably not the one you’re going to use. For instance for going from Latin America to Africa, the direct route is to jump to Europe (5Gbps) then to Africa (343Gbps), but in fact, you’re probably gonna do one more hop through US & Canada (2.918 Gbps), then Europe (4.972Gbps) and then Africa. Way more faster, way more efficient.

If you want more data, have a look at Telegeography it’s full of maps and data about the internet and telecomunication infrastructures.

Peer to beer?

Another thing are peering agreements. Peering agreements are what makes internet. It’s an agreement between two exchange node ran by companies or other organisations – let’s call them A and B. This agreement, determines how the traffic coming from the network A to the network B and vice-versa will be managed and paid. In most of the case, fair peering (which is: since traffic coming from A to B or from B to A are more or less equals or because both network will benefit from it, let’s peer for free), more info about Peering can be found on the Internet, but globally it’s an economic interest.

And it’s been, in France at least, a long-raging battle between all of the operators. For instance, France Telecom vs COGENT back in 2005 FT cut their peering with Cogent, in 2003 it’s a battle between France Telecom and Free, SFR and OVH battled around 2011 and a battle between Free vs Google is still raging as of today (and it’s standing for a long time).

Also, and a funnier part when you look at it with this NSA angle, is that we have here the ARCEP – an equivalent of the US FCC – which is in charge to regulate and document the Telecommunication infrastructure. In 2012, they tried to force each party involved with peering in France to document their formal agreement of peering – Owni did a great piece about it – and what’s fun was that, in fine, Verizon refused to collaborate with the state because it was too much of work. The very same Verizon who gave full access to its infrastructure to the NSA.

So, peering was done, back in the time, by private companies and by a public one. France Telecom (which then became Itineris, Wanadoo and Orange for its ISP part). They were building physical infrastructure with public money and were interconnecting it with US and UK infrastructure. I won’t believe that noone there suspected or saw anything like some weird and unauthorized traffic coming through their equipment, especially since the french intelligence services must have put some things in place to protect themselves and to spy on the people and other states.

Especially since most of the interconnexion toward Africa has been done by french industrial (such as Alcatel Lucent, a US-French consortium, but more on them later). There’s also a big road to middle-east going through Europe and Germany in particular (that’s why routing to and from Syria often transit through Germany Exchange node – Info from 2007)

However, the french net-isolationism (especillay the will of the local companies to push for their product and to refuse to peer with their US counterpart) has favored emergence of the Uk, DE and NL Exchange. Have a look at this map and you’ll note that France is quite low on the Exchange Node values, and datas found on Wikipedia don’t show the France as a big peering country.

Complacency

But who’s building those system? It appears that the previously mentionned Alcatel Lucent company is a good one. Have a look at the BlueCabinet wiki to understand why. They’re providing submarines cables, infrastructures to 130 countries – including Burma and China – they’re a mix between french and US interests and they’re involved in a lot of French and European infrastructure.

So, if the NSA is collecting data going through France and given that a big part of the interconnection infrastructure in France uses at least a part of Alcatel-Lucent technology and that trans-atlantic cables are at least partially deployed by the US-French consortium, you really think the french secret services would have ignored that the NSA will use and deploy tools to spy on us? Especially when the states add shares into this Company? It’s exactly the same issue when Frecnh governement claims they didn’t knew about Amesys solding arms of mass surveillance to Lybia. They’re lying.

You would argue that those tools don’t need to be deployed on the french soil, they need to be deployed in main Exchange node like in UK, NL or DE. And US also. But it does not cover the landline wiretapping exposed by Le Monde today. So, they have a tap inside the network on the french soil – because the cheapest route on phone network between France and France is to route through France. And since most of it has been deployed by public companies, or subsides of french public companies, or subsides of governmental and military contractor, they know about it.

Because if they do not, it is extremely worrying. It means that any foreign power can come in, wiretap our whole infrastructure and uses it against us without our knowledge. And that’s something I can’t rationalize enough to admit it as true. It can be done – and it has probably be done – for some specific wiretap and people, but not on a scale of 7.4M of phone calls a month. At least the trafic generated by the leak of data must have been noticed.

Now, let’s admit that french secret servcies knew about it. Why keep it secret then? An international scandal could profit for the state and could have lead to a stronger foreign policy and a bit more of defiance toward the US. It would have help defeat things like ACTA or the incoming TIPP, just because EU governement would have been suspicious enough, and it would have increased the power of France and developped for a better diplomatic situation reagrding the rest of the world.

They knew it, and they didn’t used that knowledge to gain power over the US and to empower themselves? From people whose job is to use information to take over other interests, they would have done a poor job.

So, they might have something to gain by keeping it silent. I would go for access to the data. Our national intelligence backbone is not as good as the UK or the US ones (see the reports about Thalès interception platform) and is essentially directed toward phone calls – we have a long history of illegal wiretapping used as political scandal and it didn’t lead to any change in the way wiretapping has been done since then.

I really think there is both cooperation and defiance into this spying affair between the NSA and French intelligence services. I also suspect that most of the intelligence services works in defiance of there own governement and in cooperation with both foreign intelligence services and companies.

And now what?

Nothing. Since everyone except citizens is wining on this mutual sharing of mass surveillance system informel deal I do not except things to change in a short term.

However, there is some good news. First, peering deals, and a lot of the necessary system to maintain internet, are out of reach of the different governement. The informal way that governs them doesn’t helps for regulation and controls by governement (that’s why they seek for it). You still have to keep your data out of big datacenter, but that’s not that hard (have a look at yunohost for hosting most of your data) the social networking part is the biggest and hardest one I think – alongside with search engine, but at least you have duckduckgo.

Second, a lot of governement, starting by South American one are really upsets and are starting to act. The Internet Governance summit held recently in Brazil also gave some hopes about the Internet still staying out of control. I’m not sure it will be followed by impact, because the NSA spying is possible due to some key infrastructures issues, but it’s a start.

I’m quite disapointed that the EU didn’t follow the Brazil on this, since we have some good infrastructure and technologies to help. But then again, I do not think those US/EU commercial agreement will cease for the benefits of citizens or sovereignity they have too much industrial and bank pressure on them.

But as always, nothing will come from the politicians. They must knew about the NSA spying in France and they even collaborate or they’re dangerously incompetent. They benefit from it because it’s a coercion measure (the same way CCTV cams are) and industrial groups earns money doing it. Even if they o have gag orders. They would have been motivated for your privacy, they would have fight those gag orders.

And that’s why nothing new will emerge from this meeting between the french foreign ministry and the – currently in shutdown – US embassy.