Be Evil, Kick Google In the balls

Be Evil

All of you might have heard the Google moto:

Don’t be evil

With a bit of context, this is said by a company that have only one goal: Be the only web that people will use. Glazman explain that Google, and Apple, are working to build a works only on webkit web, using some CSS closed properties (the one that starts with webkit-*). I won’t develop too much on this, it’s just that this is the event that generates this post.

So, we need to be evil and to move out of the googles-centralized-and-closed-space.

There is a lot of steps, and I’ll probably miss some. You have to know that I’m using an Android too, and that I’m tweaking it (and I almost managed to kick google out of it). But first thing first, let’s go for the easiest part first.


So, let’s start. I do not like webmail. Not back when POP3 was hype, not even now that we have IMAP. I do not want to gives my personal email to a third party that will do whatever they want with it (yeah, even with encryption, if the mail is decrypted on the server, that gives the server to read it and break the point of encryption.

We know that Google is reading your mail, to place targeted advertisements on the page you’re reading it. We do not know what they’re doing with your mail and, since there still is an issue with censorship and google being ruled by US laws and regulation, you cannot be sure you won’t have any legal problem with your mails.

So, what can you do? Simple answer: host your mails. You will need a server. It’s cheap, and there is some nice virtual server hosted in Iceland, a country which have strong personal data protection law. Head at for instance. That will cost you a few bucks per month. You’re going to need a domain name to. I made a mistake, mine is nation-tied (.fr), don’t do it, try to find a non nation-linked one.

Now, you’ve got a nice server, install an OS server (one open and free, as in freedom, one you know or can learn about, one designed for servers so, basically, a Linux distribution or a BSD one), plug a small databases in it, that will be needed later, and install stuff.

For your mail, I’ll advise you with postfix, I know it more than I know the other ones out there (but not enough to treat myself as a guru). There’s a lot of interesting Howto in the wild, pick one.

Look at TLS too, and grab a SSL Certs (either fire up an account on, a distributed Certificate Authority based on trust, not on money, or create your own authority.

So, you know have your own server for sending and receiving mail. It’s enough for my needs, because I do not use webmail. If you really want one, have a look at roundcube, it’s pretty and shiny, works on most of the modern browser (probably even with links or mozaic), it looks a bit like gmail so you won’t be lost.

Nice isn’t it, you’re now in charge of your own mail system. No more advertisement, no more dependencies on an external company for that, plain and total autonomy. How does it feel?

You’re addicted now and you want more fix of decentralized freedom? You’re a junkie. But so am I, so, here is your new fix.

Google search

The previous one was easy to understand and to do. Now, we’re going after the big player. Search engines. Google wants you to find websites they think is more relevant to you. They do not want to tell you how they’re doing it, they will target you with advertisement, and they will operates real time censorship and suggestion.

But then, you’re going to say ‘Hey, no choices.’ For one, it’s not true. Even among the closed search engines, there’s Bing (and Yahoo, same engine now) which is quite interesting. Or But those are still centralized and closed source solution.

We want to go derper. And farther. We want really open and decentralized search solutions. There’s two out there: YaCy, a java implementation of P2P search and seeks, a C++ one.

I do not know well YaCy, but it have the advantage of scanning and index local pages, and it has its own fans and community. I’m more a seeker (and I run my personal seeks node). They started like a proxy and a meta-engine, but they are now sharing results across P2P and, since the 0.4.0 version, there’s pure seeks results.

You can use a public node for seeks (like mine) that will learn from the uses of all the people that uses it, or you can install your private one. You can use it as a proxy that will intercept all the query that should have landed on Google to process it via seeks instead.

It will require you to build it from sources, but it’s easy to do, there’s an updated and fully detailed tutorial, so go for it. Also, there’s an IRC chan:, they’re quite nice people to hang with.

So, now, you won’t use google anymore to search your stuff. You see? The Colossus won’t feed on you. Now, worst part is done, let’s deal with the details.

Calendar and contact

Yeah, those are nice tools. But you do not need to them being on google. They are ical compatible, which is nice. VCARD is a old protocol, that used to work on my Nokia 3210 (the phone that can break the world in half with enough velocity). You just need an ical server (and a webserver, but with nginx or apache out there… Plus, if you have roundcube, you already have one).

The best solution I can found until now is Davical. It’s light, it do the job, it works on Postgresql. The sad part is that it does not gives you a shiny interface to click on. But that’s why you need software, no? You need an RSS Reader to read RSS flux, you need a client mail to read mail, you need a calendar client to read calendar. Claws-mail have one, but I assume that if you’re reading this, you’re not on claws. I suspect mutt to have one, emacs-fan will tell you that emacs most probably have one calendar included.

If you want a client that won’t scare you, go for the Mozilla Sunbird or, if you’re already using ThunderBird, there is a lightning add-on.

Davical works with contact to. And the calendar can be read by a lot of other clients, just go through their wiki. Or use your new seeks node to find more about it.


Use a local office suite (such as libre office if you really need the weight of it. You can use some pad (etherpad one for instance), like the one on Telecomix for on line and collaborative editing. You can even set one up on your own server, yay \o/.

If all you want is hosting and sharing documents, you have two choices. Owncloud will give you the possibility to use a part of your server as a public (or private: your server, your rules) hard drive. I strongly suggest you to encrypt it. Or Unhosted which, as the name suggest, is based on ‘not hosting’ the data. Sounds promising, the fact that the data are encrypted before being stocked anywhere is promising, and, since it’s free software, you can add your own server.

So, no more google docs, ok people?

The last fix will be for the coders one.

Google reader

A RSS Reader. It’s extremely easy and there’s a lot of one. I personally use tinytinyrss. Again it needs a webserver, but then you’ll have all your RSS in the same place. You can probably find other project like this one, but it works quite well.

And you can import OPML (or whatever the acronym is) file format. The one used by google when you want to do a backup of your flux.

Google talk

And last but not least (also, quite an easy one). Google talk. Google talk is pure XMPP. Just like jabber is. You can find a lots of client for jabber, but go for pidgin-otr, you’ll then have the possibility of Encrypted chat with plausible deniability for the same price.

You’ll just need an account for that. EIther set-up your own jabber server (all the XMPP-server can talk to each other) or you use one. Use your seeks node to find a provider you like.

For hosting your own XMPP server, go for Jabberd. Simple, packaged for most distribution. You can then register there with your own nick and talk to other XMPP accounts.

Google Code

Get out of it now, and as fast as you can. There’s plenty of open source git forge out there, especially the most notorious one Gitorious. GitHub isn’t free (does not run on free software) but is a not that bad candidate. But you do not want me to feed you with half-freedom, right? So, gitorious.

What else?

I need to talk to you about Android, but I’m not fully satisfied with what I have now, so you’ll have to wait for your next fix of freedom.

If you’ve done everything here, you probably have nothing left on google. Close and destroy your account. If they ask you why, just answer:

I do what I want, I’m a Matser of Evilness, MOUAHAHAHAHAHAH!

Or RickRoll them.

If you find one server for only you is a bit overkill, then go talk to your friends and family, have them in your server. It will be funnier if you’re a lot. Do not sold them anything, have them understand that the services might or might not working. Do backup. Try restoring your backup. Encrypt them. And do not forget:

Computers and freedom are like sex. The more we are doing it at the same time, the better it get.

version 2.0 – I’ve forgot about reader and talk. Need to find a picasa

Achievement Unlocked

Yeepee is, according to Mr. Claude Guéant, French Minister of Interior Affairs a website that must be blocked along with (yeah, I know, they must learn how to do SSL) which is a copwatching website that has been previously censored (with a different domain name).

I need to add that I’m not a full supporter of this copwatching website, I do not like the tone of it and, while I think copwatching must be done, I do not think this is the best ethical way to do it.

So, the assignation is here and the lawyers of the main ISP are currently fighting it.

The funny part of this assignation is the §2.1.2 (page 6) where they said that collecting public information without the consent of the person concerned by those information is a violation of the 6th of January, 1978 law about personal data. Which is the case. But it’s also the case of almost all of the ‘official’ police files (as the CNIL [FR] repeatedly told them), and I’m not speaking about the shadow file that most probably exist.

The worst part is that, beyond the 34 mirrors listed (mine is the first one, Wooooot!!!), Mister Claude Guéant do want that all the ISP must extend the blockade list dynamically and without asking further details to a competent authority (so, a judge).

The way they’ll do that will probably be a DNS blockade. I’ll probably move my domain name to something else when it won’t be available. The funny part is, that my personal emails and calendar are hosted on the same domain name.

I am a terrorist (and?)

So, those days two events where directly directed toward people who wants to enforce and protect their privacy, or toward the ones that would maybe participate in an Anonymous group. One here, in France, another in the US.

The blowing of EDF

The first affair, that everyone’s discussing about, is a thing that started 6 months ago. When the landing page of EDF (The main company that’s selling electricity in France, public business but in a market open to concurrency) was hit by a DDoS. That was in June, and the thing hits the news[FR]. It was not that long after the serious problem in Fukushima, and there was a lot of pressure around nuclear power at this time. The DCRI (French secret police), following the leads they had, found that people was using a public pad hosted by, the German Pirate Party, to synchronise the attack. They asked for an access to the logs to their cross borders colleagues, and then the police raided the server, just some days before an important local election for the German Pirate Party (where they made a big score by the way). The story was covered in the press, particularly on Ars Technica.

Last week, they finally went after two guys linked to Anonymous (but who does not?) and put at least one of them in custody for 60 hours in a row (the interview of the guy is at owni[FR]). The police said 45h and that he waited for 15h in a cell. That still 60h of custody. That’s more than the legal limit of 48h, so it’s a special exception for fighting terrorism (yeah, US got Patriot Act, we got at least 2 LOPPSI, and 2 other National Security Law during the last ten years). Oh, and the goal of the DCRI is to catch terrorist (and to put everyone under a CCTV cam). The evidence was that the guy IP was found in the webserver logs (so, he just visited the website of the company that sold him electricity, probably to pay his bill for instance… Surely, he is a terrorist).

The thing that worries me here, besides the fact that they do not understand the internet, is that they used terrorism allegation. terrorism is destroying critical infrastructure and killing people to spread terror in a part of the world. A DDoS on a public website (even if I disapprove it) must not be a threat to a power plant. Especially if it’s a nuclear one. So, there was no risk at all of destroying critical infrastructure to spread terror, so not terrorism. If their was a risk (meaning, a computer of the plant LAN connected to the internet), first a DDoS on the public (and non-related) website would not have destroyed the plant, but that’ will be the evidence that those people are idiot and incompetent and dangerous, they should do jail time.

The FBI poster about terrorism

Fear. Uncertainty. Doubt

The governments are doing this because they’re afraid. They’re panicking, they do not understand what’s slipping between their hands. They’re loosing the battle, so they’re panicking. What they want, besides controlling everything and everyone, is killing Anonymous and other hackers movement. One efficient way to do it, is to use the Fear of the people, by using Uncertainty of facts (there’s a possible terrorism risk) and by disseminate Doubt in the people minds (are hackers good or evil?). That’s why they want to control the information, and the media. It’s so bad for them that a lot of media do like us since the Arab Spring and the Occupy Movement all over the world.

They want to makes us terrorists, because everyone have an unrational fear of terrorism. Terrorism is perceived as a high profile threat, with an extremely high probability for terrorism event to occur, while it’s not. I mean, there’s more people killed on the road each year in France (about 6 000), that by a terrorism act since the last ten years. But it’s a risk a government can pretend to fight by chowing things like policeman equipped with shotgun and assault rifle, servicemen in public space, invasion of privacy for a greater good. That’s why they want us to be terrorists, it’s because they need it to control the cyberspace and they want to kick us out their world.

The thing they did not get is what we are already out of their world. John Perry Barlow wrote some time ago the Declaration of the Independence of Cyberspace, and that have never been so true. We fight government and corporations. We stand for people when all of you have fled from the battle. We will be the last line between them and our privacy, and that will be an epic battle. Not using guns and spilling bloods, but using speech to spill words, laws and regulations, computer and internet to spill data all over the place. This is the real cyberwar people told it exists. People, host, bots and cats from the internet, versus the control freak of the nation states and corporation.

I will fight for my freedom. And you should od the same. They called us terrorists so you are not at threat, we will takes the pressure, we can manage stress and staying awake for nights, you should join us and make your voice heard because you have something to say. The crypto ammunition box is now full open, come and get some. If you still need to know why and how, read the Cyphernomicon.

I won’t install you any software anymore.

I won’t install you any software anymore.

Yeah, you read that right. I would not install you any software. Never. For once, I’m usually paid for it already, and it’s the lamest part of my job,the one that I hate the most: making things works for people who do not want to understand how it works. My work, as an IT worker is to do everything that’s possible to keep the flow of information flowing in the company I work for. It includes updating and maintaining complex system architecture, but alos interacting with people who do not want to bother to understand. They think they’re beyond this, trying to sell stuff and that computers are just in the middle of their way to get things done, that there is a kind of secret sect of computers trying to undermine their job.

I’ll be glad if it was the case, at least computers could try to teach people what they’re doing wrong. But they are simply information treatment machine, they do exactly what you asks for. They do not takes initiative or working in your back. They are delicate machine we engineered to ease your life, not to make it harder. I admit we did not get some stuff right, we have problem with some UI that goes in your way to work. But then, you come at me and just yell, just as if it’s an evidence and that we exist only to makes you happy (go get a life if that’s the case):

It does not work.

Yeah. Right. Not a bug report. Redirect to /dev/null. ‘It’ could be a lot of stuff (from the keyboard to the mainframe your connected on, I’ve got at least 10 systems that you use everyday without noticing, and each one of them can be a It. Or any part of it could be the It. It’s like heading at the Financial office and yelling at them:

There’s a problem.

They will probably ignore you, and they’ll be right to do so. And you’ll do some reasearch trying to find what’s wrong, what part of the fianncial report you read seems wrong to you, and why. That will takes you probably a good part of your day, then you can formulate a problematic to submit them. Why don’t you make it for computer? They are full of warning and errors, the one that get clicked off faster than light. Softwware and computer parts have name and version number extremly easy to find, and explicit (at least for me), error message. SO why don’t you send me a documented bug report as you’re going to do with any other problem you’ll ever encounter?

You gonna say ‘I do not know zip about computer’. That’s right, that’s not a problem per se, but it means you do not want this situation to evolve. You’ll come two weeks later with teh exact same problem without having done the effort to learn about it and to try to work around. And you do not know nothing about financial problems, but you’ll try to understand how it works and learn. So you’re next argument "I’m not here to learn", is a fail. You learn everyday you work, that’s why you’re betetr now than two years ago.

So, mainly, I’m confronted everyday with people that do not want to learn. That’s why I won’t install you software, becasue if y’oure doing it yourself you will learn and understand how things works.

Let me explain you

I will, however, spend a huge amount of time to answer all your questions. You’ve got to understand that most of teh question you’ll ask will probably looks trivial to me and that’s why I’ll slap you hard on your head with Read That Fucking Manual, use man, man man works too and other go seeks onthe internet, the answer is in the first page. I’m doing it beacuse those questions are of no interests for me, and because you’re going to learn to learn by yourself.

I’m a fierce defenser of free knowledge. So I try to share it with people willing to. You do not want to learn or to make the necessary mental effort to do so? You can die. I won’t move to helps you. One day, maybe, you will coem at me asking me how to go around the fracking DRM, or how to surf without being monitored. I’ll try to not hold gruudge and I’ll try to explain you again the exact same thing you do not want to know before. So, I won’t event try to explain things to people who do not asks questions. It’s a loss of time for both of us, I have better things to do, and you have some porn to watch.

Because this is the main problem. You think computer or knowledge is not necessary as long as you do have what you want. But a brainless citizen is no more a citizen than a cow (and cows are really stupid) or a sheep. Following the amss because the mass must probably know what’s good for them. Following them, happy to be a sheep in the sheep yard until you see the knife of the butcher. Until it’s too late and you’ll die in terror sith the rest of the sheep, while the black sheep will yells "I told you so. I warned you. And you did not wanted to listen, you have what you deserve". The black sheep won’t laugh, or be happy. Evene if you throw shit at his face all the time, even if you’ve laughed at him because he was awkward inhigh school, choosing to talk to computers instead of regular sheeps.

This is what I feel, each time someone told me ‘What’s ACTA?’ or ‘I’m bothered with you’re computer bullshit’. I’m sad because this is what have led us here. With private interests going over public ones. With banks ruling countries. With music industries trying to protect themselves and writing laws, and closing down websites. That’s why I was raging against you when Megaupload was shut down by foreign companies. I was sad because we tried to warn you. You necessarily got the message (with Telecomix, we’ve hit most of the national newspaper and radio of Europe, even the Wall Street Journal had written on us, and on ACTA) so you knew. You just did think that this kind of shit won’t happen because it’s a sad thought and that will change your mood and the way you look at the world.

You do not want toget burned by the world outside. That’s understandable. But then stop complaining about it. Or try to fix things.

This is what we do

We. Hackers. The weird kids in town. I can speak for all of them, so will wpeak for me. I grew up in a world that do not suit me. I’m rather tall and extremly thin. I was alone most of my time at school, at least until my graduation. So I spent all the time you spend in parties, hitting on girl, getting wasted, to learn. I assemble my computer myself, I learned Linux the hard way (back in the time, early Internet here, I needed to use another computer to get the documentation) with noone to help me. I’m not complaining, I learned a lot. And I’ve done this because I wanted to understand how things works. I wanted to unscrew everything and to adapt it to my needs. You were doing the exact opposite things: adapting your needs to your environment. You wanted the thing everybody wants, you let people decides for your future.

We, in the meantime, tried to understand how the world was working to change it. We want to change it because it is broken, it does not work in a way that suits humanity. So we learn. When a law appeared in a parliament that we think will destroy some liberties, we learn about the democratic process in the EU, the US Senate, the French parliament, we learned about laws, we read and process the huge amount of paper that no one was supposed to read, we find flaws and we sued them to try to subvert the system. We thrive by knowledge, this is our weapon, this is our life. That’s why we have a lot of conference and formal or informal meetings, that’s why I enjoy going at the CCC to meet people and learn what they did last year.

A world without a total openness and free sharing of knowledge is a world we reject fiercely.

Twitter and censorship

Twitter and the censorship

In a controversial post entitled Tweets still must flow((And they stole the third datalove principles, yay for us)), twitter said that they will now be able to censor some tweets regarding on the locality of the reader. That mean that someone in China won’t be able to see this tweet about Tien An Men celebration, or that a tweet with a svastika will not be readable in France or in Germany. And then, the whole twitter sphere get mad, yelling while running in circle.

And the storm will cease, people will forget and move on the next big thing. Twitter will expand and open a new office in China, because they’re doing business. It’s their objective remember? Business, after all twitter is a profit driven company that want money. They do not want your freedom or your safety, they want your money.

I always think that twitter wasn’t that bad, at least, toward my privacy. After all, my friend list is public (anyone can see it, even people without a twitter account), my lists and tweets are also public and they do not have any bits of personal information about me, except my pseudonym and an email to join me. Twitter is one of the few corporation that deal correctly about privacy (I can share my location, but it’s not active by default, I can use my GSM, but it’s not active by default, etc.) So, they provide a service to everyone (they even tolerates bots, even the one that only speaks to computers, that mean control command for botnets). It’s not purely neutral (it’s not distributed), but it’s a good start.

Then things changed

In the beginning (yeah, last year, maybe the year before), twitter had a great documented API that anyone could use to do anything they want, as long as they respect certain limitation in volume. Limitation a normally constituted human cannot be able to reach. So everybody could write a twitter client, or an app that use this twitter API. Then they decided they wanted more control over what people where doing with twitter. Things have moved since the green movment in Iran and, now that Twotter has grown, they want more control.

First things they do, was to forbid third party clients, like the one I’ve used to use to access twitter on my old Nokia phone. 2 years later, I still have no idea of how I can access twitter from the OVI store, so I cannot use it. They makes some huge change on the Twitter API too, without maintaining complete public documentation, this has break a lot of compatibility with, for instance, They still never explained how the trending Topics and they responds to legitimate questionning about this important future (that’s how you know what’s happening now and near you) with ‘trust us, we’re not censoring anything (and look at the support page about trending topics:, there is no precise enough answer that could be used to infirm or confirm tweets.

I’m not saying they’re censoring Trending Topics however. They sell trending topics (you can see sponsored one in top of your list). They want control over the trends because that’s how they earn their lives and that’s what they sell to Nike, Disney or BlueCoat for instance. Since two years now, and after 2 major change in the interface and the way they display content, they have exerced a lot of control on how things are moving, they’ve penetrate a lot of new market (in Middle East, Africa, South America, etc) where activists use twitter to circumvent censorship because it’s a US based company, and then the US law are the only one that can be used to censor twitter.

The Wikileaks case

Look at wikileaks for instance. In November 2011, Twitter was forced by the US Justice Department to hand over all the information they had about three people, suspected to be linked to the organisation. A secret order in fatc, that would be revealed to the people under investigation once the investigation is done. Twitter defend the case, but they finally had to give out those information (but they could warn the users they were under investigation). The story is in the NY Times if you need more details. Google do not fight those, they just maintain a page where they put the request from a judge they received, ordered by country. For facebook, I’ve still never heard of such thing.

The things happening there is that a US Company own parts of your identity and they are under the US law (with the patriot Act). That gives to this governement a reach to all the twitter user. Including ones that are not even US citizen neither on the US soil. This is not a twitter problem, this is a legal problem. The centralized system everyone use fall under specific national laws that supersede the local one (amongst the target of the wikileaks thing, there were an Icelandic representative, from a country which have the strongest law arsenal to defend the source protection and the whistle blowers).

Things get big

Twitter has received a lot of money from different sources. They wnat to grow bigger. They want to get in Pakistan, Iran, China or India. They want to have local offices, or not to be banned by a country because ‘terrorists uses it’. So they say they will follow the law of each and every country they will be used. It means that, if Bashar el Assad, the still ruling dictator in Syria, aks for content he do not like must be removed in Syria, they will obey (they will follow the local law). You’ll still be able to see those horrible video and massacre live, but people on the ground won’t be able to talk to each other, because they won’t be there.

My point is, you’re yelling because you’re afradi Twitter will censor things. You should not be afraid of that. You should be afraid that twitter had previously censored tweets due to justice decision that should not apply to you. You should be afraid that all of those datas are centralized, teh same way megaupload, Google or Facebook are. You should be ashamed to reinforce it by using it to protest. You should be ashamed because you have not used a decentralised solution, either by using one that already exists such as or, or by setting one up with friend ( installation is documented). I know it’s hard, and I am to blame to because I use twitter, but move to a free cypherspace, you’ll see, they’re some nice people hanging there, is you’re looking for me, I am just right here:

Data must flow Enter the decentralized cypherspace

The version 1.0 of this post was written on 2012/01/27 by okhin. Relaesed under no licence or the WTFPL.

Let’s talk about Privacy, Intimacy, Anonimity and Identity

Let’s talk about privacy, intimacy, anonimity and identity

I wanted to write about those topics for a while because I think they’re important topics, eseentially nowadays due to the ever growing ubiquitous surveillance. I think that most of them are not perceived the same way by everybody, so i’ll try to write down and define what I put behind the concept of identity, privacy, anonymity and intimacy.

So, we’re going to start with some definitions, see how they are linked etc. I wo’nt use many links, because it’s what I think it’s probably not original and unique, but that’s how I fell things are working. Also, we are going to eat Information Theory.

The identity problematics

We walk in the world as an emitter and receiver of signal (part noise, part information). This signal is directed toward one((unidirectional communication, also named unicast by network engineers)), some((multidirectionnal communication, named multicast in network operation)) or all((wide communication, or broadcast)) receivers in range.

The etymology of ”Identity” comes form the latin identitas (sameness) annd indicates what information are emitted by the same entity, thing. That means two things. There’s a track to previous information emitted by this entity, and the receiver can link the emitter to this entity. The identity is then the sum of all the information about an entity an emitter can perceive, and an entity can have multiple identity, in general one for each space (public or private) the entity evolves into.

One thing about information, if they’re not archived and indexed, they will disappear with time. Who remember who Jessi Slaughter is?

What’s my name?

The name is the unique handle of an identity. It can be a unique number, a common name, a description, etc. The name of an entity is how you will access all the information you can find about it. This is the bit of information you need to know to find out who an entity is and then accessing all the information available about this identity in the space you’re standing.

If an entity has no name, and is in fact anonymous, then you won’t be able to find any information about it. But then, the ‘Girl with Nice Boobs who was at the party yesterday’ and the ‘Bunch of people that sing in the subway’ in a name. A temporary one, but it’s still a name. You can discuss about those person with other people who were in the same space at the same time, but the information will probably be wuickly dissolved in the flux of data we live in.

A name stand for an identity. Or should. The tricky part is the homonyms. Two (or more) different identities covered by only one name. To find out which entity you’re communicating with, you will try to find context that is, previously stored information that you can then use to find out which entity your dealing with. You deal Homonimy the exact same way that Usurpation. Using the information you can find about an entity, you can know who they are to you, independently of their name.


The trust is the biggest thing in social relation. It exists in principally three states. You trust an entity, you distrust it or you have no idea of the trust you should have into the entity. The trust is the accountability. When something you trust gives you an information, you know the information is correct. If someone you trust claims a name, you won’t check his history back to confirm or infirm it. Someone you trust is alos someone who will probably not takes information about you out of the space you are communicating.

The people you distrust is easy, you won’t believe them and try to verify every information they send because you can find a source of information you trust to confirm or infirm their identity.

The world is small anyway, so you can probably build a trust chain to this entity and confirm or infirm the identity link for an entity you do not trust.

Trust is not bidirectionnal and is personnal. That’s not because you trust me that I trust you. ANd that’s not because I trust someone taht you should trust it by default, but it will gives it more trustability (because you trust me and I’m telling you that this entity is really who they claim to be), so that will help you to decide if you want to trust this entity.

What’s privacy then?

Privacy opposes to publicity. If something is not in the public space, that means it’s in a private space (or that it’s in no space, which is not possible due to some contrsaints such as physics).

So, what is public then? From etymology it is linked to the people((From the latin poplicus which is a derivative from populus, the people)). That mean everybody can access and see a public thing. At least, there is no authorisation needed to access something public.

For instance, when you walk in the street, you are in a public space. When you enter a bar or a restaurant, you’re still in a public space. When you pay the fee to access a museum or a night club, you are in a public space (it’s not an authorization, it’s a cost). When you surf the web reading at datas that do not requires a password to access to, you’re in a public space.

That mean that everybody in the same public space as you can access all the information you’re emitting. Wether it being you’re apparent age, skin color, gender (not your sexual identity however), the thing you’re saying or the song you’re singing. If you are in a public space, everybody can access and see and track all the information you’re emitting there.

So, the privacy opposes itself to the publicity. That is, you’re in privacy, and so in a private space, when you access a non public place. A place that requires you to have an authorization of a kind. It could be a good old key for your house or your locker, a password to access a private sharing space online, a simple door closed with a sign on it stating ‘Access forbidden’ is a delimitation between a public and a private space.

Privacy is then a matter of limiting access to the information you emit. If you have the key to enter a private space, you can access the private information.


The intimcay, again from etymology, comes from the inside. This is what’s inside an entity, that’s all the information you’re not emitting. It’s when you opt-out totally, with no emitter of information you cannot control, and all the one you control shut down. You generally add your closest friend into this intimacy, as long as all the ‘special’ people, those are people that won’t tell those information to anyone.

The intimacy is the part of yourself that no one knows about, except the specials ones. Intimacy is way more than privacy, privacy is intresting, as it allow you to communicate with people of choice without being put in danger for what your saying. It allow you to have multiple identities and to use them in multiple social circles. Intimacy is what’s out of all social circle.

let’s explore the world!

We now have our concepts defined. Almost. So, now, let’s go online, because everything is funnier if you add network and computers to it.

Let’s enter the world of information

So, it’s easy to get a grasp on the private/public problem in the physical space. I can live with a bunch of people in an open space like a loft, or a squat, but still have some private space (the one I close with a key I own). What’s hard is when you add some layers, and, for instance the cyberspace. I can sit in a private space (my room, locked) and accessing a maybe-public space.

The thing is, independently of the thing you’re gonna access, every bits of information that goes out of your device of choice will go through different intermediaries before reaching the data you want to access. The origin and the destination of the packets are know, as long as a lor of other stuff. Those information are needed to route the packets through the diferents network, but they are data you emit in the public space (anyone on the route of yourpacket can see it and access to this information).

Wether you’re accessing your facebook page (which is more or less private, dependings on the settings you choose), your webmail (which is private, given the fact that only you is supposed to have the password needed to access it) or your mails, reading a website, downloading a video using P2P protocols, etc, you will emit a lot of information that a lot of people (or computers) can read.

So, remember what I told about the lock in the previous part? You need to put a lock on the information you want to keep private. You can’t lock all the information in the packets, some of them are needed to grants you access to the resource you’ve asked for. Those are mainly routing and protocol information, because that’s the way computers works, they need to talk a lot to each other to get things done. But the others informations, the ones you want to keep private, you can lock them to deny anyone the possibility to read them without a key of a kind.

That’s the cryptography goal. Forbidding a data being physically readable by anyone and restricting it to whoever got the key.

So, you’re in the private space only when you use string cryptography. yeah, encrypt everything you want to make private. If something goes online without encryption, it belongs to the public space.

A wild corporation appears!

Corporations, at least internet ones, suck at two things. Security (but that’s the burden of everyone) and transparency. When you land on a ‘secured’ website of a company, they will require you to proove your identity while they’re doing the same (using ssl certificates). They’re not asking you for a key (an authorization), they’re using your identity as a key. They’re using the whole set of data they can build about you as the key to access their services. You cannot know what data they have on you, you cannot opt-out those data, they’re building a strong identity of you. And they’re following you everywhere they can, without telling you.

So, they build an identity about you, one you don’t know anything about and they’re building it using data from a private space that they’re not supposed to share with everyone else (except if you explicity opt-in). They’re archiving everything information you emit, stocking it in extremly redundant servers becasue tehy do not want to lose any bits of identity about you. And then, they will replace the wall of the private space they made by polarised window, giving everyone who can afford it to penetrate theprivate space without the key and without your consent. When someone goes into your place without authorization, generally you call the authorities or shoot the trespassor. You’re not allowed to do it for corporation taht sells personnal data, some of them they shoudl not have.

I mean, they do not need your name for running their business. The only reason they need it is becasue they want to cross check into other database – private space – what you’re doing when not undr their radar. That’s what real-name policies are, they’re a meta identification token spanning all the databases taht uses the same policy. And that’s why they’re so bad.

The financial data stored in non banking websites is bad to. They do not need it. They need to know, in the worst case, who buys what to who and when. Not the bank name, the card number or any othr details on it.

So, corporation are robbing your identities. They lure you in confy private space, then put you on national broadcast. I’m not even speaking about the risks of a data leak or a breach in the infrastructure. People accuses hacker when information about them isleaked. But hackers did not archived this information in frist hand, they did not make huge files to track people and to spy them and to rape and destroy their privacy. What hackers do is finding a part of a public space that was hidden behind a curtain. So, next time someone is doxing you, asks the company why they had those information about you in clear text.

You can access a company server, if they store all the private information (or what they define as private) in an encrypted format you won’t be able to read it. That’s the way to go, if you want an information to be private, then encrypt it. If it touch toyour intimacy, do not publish the information. The internet and computers have an endless memory of extreme precision.

Protect yourself. Encrypt everything that moves. Give momentum to everything that do not move.

Version 1.0 of this entry was written by okhin on 2012/01/26. Use it as you wish. Or follow the WTFPL.

Megaupload is dead. So what?

Megaupload is dead. So what?

So, a justice court from a country abroad has decided that megaupload must be put to an end, along with their sistersite Megavideo, and so they’ve took it down yesterday evening. This is sad, and it’s a bad day for individual freedom. But it is not unexpected and you were warned this would happen and you choose to do nothing. But first, let’s look at what has been put offline.

 God bless Megaupload

Megaupload (for the one of you who don’t know what it was), was described as a filesharing website where everyone can find what they want. Be it illegal porn, clandestine copy of movies or TV show, applications or other software, cracked or fully legal, and every thing that can be put in a digital format and brings online (and believe me, that’s pretty much everything you can use with a computer or a smartphone). So, it looks like a good idea. Except for two or three little and neglectible point of details.

First, Megaupload is a company. Yeah, you’ve got free account, but they do everything they can to makes you buying a premium to have unlimited download (at least, as long as you paid the monthly 10$ fee for it). Yeah, Megaupload is a company whose jobs is to makes you pay to access files. Doesn’t it make you think about something?

Second, extreme centralization. They have more than one server, and kind of work like in a cloud, but your files are still in only one place. You share a link to access it, not a file. It’s more convenient you say (but sharing a .torrent is convenient to, and easy to do). So megaupload begins to have all of the illegal files the majors and governements were looking for in only one place. Big, obvious and easy target (since it’s a company).

Third, you know Megaupload because you want to see How I Met Your Mother. So, you were paying a media company because you did not want to pay for another media company. You were enforcing a monopoly because you are against a monopoly. You were saying that the whole media industry produces shit, only because that gives you legitimity to pay for the same shit (but to another one). Megaupload was a form of global licence, and it’s a bad idea (unless you can defines precisely who is an artist and who is not and tells me exactly how you can redistribute it with equity).

Fourth, you were using megaupload because you were scared by a government which tries to hunt down pirates that use peer to peer filesharing. Those system are extremely resilient, there are multiple copies of the same files all over the network and it cannot basically be shut down by a single justice decision. Yeah, Megaupload was a solution that government indirectly promoted by scaring people.

And I can continue for a long time, but people told me that endlessly raging is useless. I’ll just redirect you to a good article written by Bluetouff on which wrote all of this, at the end of the year. (and yeah, use a seeks node to find more about it, I won’t do it for you).

Rage against the machine

So, last night it was shut down. And a lot of people were raging after it, accusing governement to tackle their liberties. Yeah, right. But that was a lot of people told you like, two days ago about SOPA and the black out stuff. Or the precedent years about ACTA, or when they try to makes you understand why HADOPI or ARJEL are extremly dangerous for our liberties (and for no community gain). So I tweeted this (and launched an easy troll I must confess):

Et donc #megaupload ferme et vous êtes perdus? #Decentralisez. #onvousaveeprevenus #alleemourir / And so #megaupload close and your lost? #Decentralize. #wetoldyouso #godie

Some people were answering and told me that they were fighting for their liberties. In fact, they’re not. Else, they would have fought fiercely when copwatch was taken down. Or when all of the websites we try to mirror with streisand (and I do not have all of them here) where taken down by one state or another. Or when Wikileaks was under an heavy attack from institution. If people really want to fight for their freedom, they’ll be in the street with the Occupiers, they will be asking their governement answers and justice for the infamous acts of some police forces. They will use their right to throw out their governement to choose a new one.

But instead, people (most of them, a lot of people are acting, in more or less usefull way, in more or less fun way and in more or less legal way) were just saying, "I do not care. I can still use Megaupload to see that stuff." Or Allostreaming (they will be shut down soon to, French governement has assigned all the major ISP to think about an effective blockade (details here). But now that megaupload is gone, what will you do? You’re to scared to use P2P, Direct download is now dead, streaming will follow, and (you can bet on this) major companies will provide you a not so good implementation of a global licence and you’ll accept that and you’ll be screwed. And they’ll win.

You made this happen

Yeah. You. Not someone else, not the major, not the governement or banks or aliens. You. By trading your liberties for confort (look at the iPhone, you cannot have anything that may looks like pornography on it. And Apple will soon sell school books. Same for google and for each and every monopolistic dragon that sleep on a treassure of data to mine. Each time you enter a URL in the google search bar, each time your’d rather download copyrighted material instead of free and opened one you’re playing their game. We warned you. Richard Stallman has been doing this for a long time and he was right, the EFF or LQDN were trying to give people enough knowledge about those shadow agreements to empower those people.

But you always choose the easy way, trusting companies or governement because they won’t hurt you. This is the cute cat theory. AS long as you can access your porn and your cute cats, you won’t protest. Yeah, that means those websites will be the last ones to be shut down by governement. And that’s why activists uses them to communicate. But then, you’ll focus only on cute cat access, not on information access. There is almost no media coverage of the Occupy movement here, but people does not care because some star does something trashy (or an election campaign running but without any programms from the candidates at least than 100 days to the election) and they control the focus and you are happy with it.

That’s why I’m a bit raging and yelling at people Y U NO DOING SOMETHING BEFOR IT HAPPENS!?! [insert cat picture here].

We spend an amazing amount of energy to try to warn you, for nothing. You let this happening.

Well, in fact, I was quite suprised that the US government shut down the Megaupload stuff. I mean, when you do politcian politics, you learn tha the people only need bread and games (since Caesar in the antic roma at least). But I think that with the crisis, a lot of people do not have bread anymore, so they probably thinks they can stop the games now because citizen will have other things on their mind. It’s either because they think they’ve lost the battle of the control and are tired to play games, or they think we have abandonned the ship and it’s time to show us who’s the boss.

What can you do?

Hang yourself. Really. If, at this point, you still don’t know what you can do, go hang yourself.

Or you can try to beat them at their own game. They do want us to pay to watch/listen at stuff? So be it. But then, do something usefull with your cash. Instead of giving them 10$ a month, give this cash to crowd funding entertainment project, like Pioneer One (a web serie that follow high standards of quality, and they’re at their 6th episode, only funded by crowd funding). Go on kickstarter they have a lot of project that can use your 10$. ANd most of them will reward you for that (being your name in the generic, a special edition, or whatever). There is more and more media licenced under Creative Commons, you can find a lot of free (as in freedom) music online. And some quality one. You can go to a concert. Stop feeding them. Stop copying their shit you would not pay for.

And if you still want your dose, the media junkies must go on The Pirate Bay. No governement has managed to shut them down. They are not a company. Their distribution system (bittorent) is decentralized. No one has still be condemned yet for using the .torrents. Don’t be afraid by them, they aren’tworth it.

Think. Use your brain. Use your civil duty to think. Change, have fun doing it and then change the world.

Licence and stuff

This version 1.2 of the txt has been written by okhin on the 20th of January of 2012. You can do anything with it, as long as you just tell people who wrote this text. If you really need a licence, it’s the WTFPL.

Why I won’t black out

Why I won’t black out

About this

First, a little introduction. You’ve got to know that if this text exists, it’s definitely not my fault but his. Proof:

11:41 < Gordontesos> alors blogue ! So, blog !

So, I’m a system administrator, a Telecomix agent, a total geek and probably someone that has some issues with people. I will probably hurt your feelings, but I do not want to take precautions and preserve people and, in fact, I do not care. I’m already making people cry with the stuff below, so learn to manage your feelings. Either you can think, and that won’t be a problem for you, either you can’t and then… well, why are you here?

Oh, no comments available. First, I’m too lazy to filter out spam, and I believe it must be my burden, not yours (so, I won’t use a captcha system which is almost useless, or a registration system). Instead of that, you can reach me on, on some IRC chans, on twitter, by mail (okhin AT okhin DOT fr), we can (and should!!) have divergent opinion, and if you want to answer, write your own part, kick me, destroy my argumentation and tell me where is it, that way I can exchange with you, publicly or not, your choice (but tell me before). We should debate and exchange, but I do not think a comment is the good way to do it.

And I’m not a native english speaker, so if you find grammar, typo or other stuff, send me an email with corrections and I’ll integrates them (and if you want credit for, you will got some).

Back to the topic

SOPA, PIPA, HADOPI, LOPPSI, LCEN, DADVSI, WHATEVER… Every now and then, governments try to lock up the internet, then people get angry and react and protest and put some black on their websites, their avatar and stuff like that. Even big companies try to do that. But guess what? You can still read this, even with the blackout. So, what’s happened?

A government (in the SOPA case, the US government) thinks that some websites can be dangerous for their citizens (or for national security, for their interest… whatever the reason used, it’s fallacious) and, those websites being out of US jurisdiction, they want to filter them out. To censor them. To deny people the right to access some information, even if it’s not under the US jurisdiction (because they want to shut down the DNS on .com, .org or other zones like that). They have been trying to do this for a long time (more or less every year in the last 10 years), mostly because they’re afraid of people being able to think by themselves. They’re trying to develop the idea that some thoughts are dangerous. They want to tell apart the harmless thoughts and the dangerous ones. They want to tell which citizen has the right to think freely and which one does not.

Don’t get me wrong. This is horribly bad and I’m fiercely opposing it. But I won’t black out anything. In fact, I’m working the other way around. I’m using my freedom of speech to expose my ideas in one persistent place, a thing I’ve never done before (and believe me, I’ve been living in the Cyberspace for a long time now).


First things first. I’m small. I have no impact on governments, because they are doing everything they can to deny me the right to speak my mind, the right to tell them why I’m in discordance with them. So google, or the ISPs, or the traffic operators, shutting down their operations. Yeah, that will show people what those so-called laws can do by provoking a worldwide net-panic. Me or my fellow hacktivists, bloggers or whatever, will have no impact on a political agenda, at least using political means. That’s not what we are good or trained for.

Second, black outing is just reacting. It’s a simple protest. I know it’s people’s right to protest, but I think their duty is to act. To do things. Not to fight a battle on the ground chosen by your opponents, because then you can’t win. They’re too big, they can ignore us (have a look at China for instance). Even in the Middle East, the situation does not change because of people going in the streets, but because of people starting thinking and doing stuff. I’m in favor of action. Decentralized, unorganized, chaotic action. Yeah, sure, blacking out will probably bring people to think about it, but look at the Occupy Movement. Or Indignados. Or whatever. 6 months later, they’re still out there and nothing has changed. Sure, I’m being pessimistic. But also rational. We’re good at rational stuff (you know, the "in case of emergency" plan your boss paid you to write, stuff like that, we’re the best one at that) and I’ve never been trained for managing feeling, political agenda and other stuff.

I respect the devotion of civil liberties groups such as the EFF or La Quadrature du Net, but they’re fighting a battle that was lost long ago. Lemme tell you what will happen next. The US government will tell us: ‘Ok, I got your point, SOPA is soooo bad. However, we need a way to fight pedophiles, drug dealers, IRS frauders, and that’s why we think this law is better than SOPA.’ And everybody will say ‘Yay, we’ve done it, they’ve changed their mind’. And when the dust comes to a rest, you will realize that you’re screwed, they have reduced your liberties, but they are the good guys because they make concessions. That’s how negotiations work, you just need to ask each and every marketer. To negotiate something, you have to lose something before entering the negotiation.

So, where does it leave us?

That leaves us to a point where governments write bills about freedom of communication. Either to defend it (there’s some discussion around Net Neutrality in the EU), or to amend it (SOPA, PIPA, WHATEVER). The thing is, they’re defining bills on freedom of speech, on Internet. They try to shove the meatspace into the cyberspace, into a place where we do not need them. Their role should be to give people access to their basic needs and freedoms. That’s all. That’s the purpose of states and law. From where I stand, the law is a concession made by individuals to be able to live into a community. It should not be something that hampers them, but rather something that empowers them (and protect them from inequalities).

So, those bills limiting our freedoms (and not for giving us a better community, but for spying on us and/or giving more money to lobbies), are outlawed from where I stand. I won’t give them power over me or substance by fighting these. If I’m doing so, I’ll open the door for another bill on the regulation of our freedom of communication. This is not acceptable. So when you black out, you’re telling SOPA is bad because of those (perfectly good) reasons. But you’re also telling ‘Hey, maybe they can make a better offer?’ And they will make you a better offer. But that’s not acceptable. They say they don’t negotiate with terrorists. We should not negotiate with them.

When someone bangs at my door, my phone or my mail, trying to sell me something I don’t want, I just tell him ‘No’. I do not need to argue about it, it’s No. I’m not interested in this kind of stuff. If he insists, I’ll slam the door at his face. If he comes back, I won’t open the door or answer the phone. We’ve already told them numerous times that we do not want bills about freedom of speech. Time to slam the door at their face (and to break their foot if they want to use it to force you to keep your door open).

Surfing under the radar 

Let’s take the initiative. Let’s move in unexpectable ways. Let’s do fun things, and let’s have a good laugh (not necessarily at them, humiliating them makes them stronger than denying them the right to exist). The point is that we have basically lost the battle when we have moved to centralized systems (yeah, I’m speaking about Google, Facebook and Twitter, but also of the .com registry). I plead guilty too: after all I have a national domain name (.fr) and a twitter account. I’m no better than some people outside. In fact, there’s a lot of them doing amazing stuff you’ve never heard about. So, they gave us the choice between the Blue and the Red pill. I’d rather do that.

The simplest way to do this is to enter the CypherSpace (yeah, CamelCase are sooo CyberPunk). Enter a Space of fully encrypted information (or noise). Abandon the clear text communication that anyone can listen, intercept, alter and/or block without you being able to detect it. Assume one or more pseudonyms or enter anonymous, they are mostly friendly people. Do not think about legality, because it will be forbidden (if it’s not the case, I gave them some months/year to make crypto system illegal). Speak your mind, frankly, without caution, you cannot avoid hurting people. Use TOR every day, always, even for getting your porn or your lolcats. Use OTR when you chat and [PGP][] when you mail. Move to decentralized platform (such as for microblogging, diaspora for your social activities, host your own mail or ask a fellow hacker to do so, use seeks for your search needs). The tools needed to build this better place we all hope for already exist, so grow your own freedom. Don’t wait for states or companies to do it, because they won’t do anything else than selling you dreams.

You can go deeper (as they say in the movies). Build and use darknets and VPN to enforce even more anonymity. Have I told you about TOR? They have .onion. There’s also I2P and the .eep sites. You can set up a darknet easily using open software such as tinc, and you can encrypt it from end to end. You will go below the radar of the government if you use those tools on a day to day basis. Use them before it’s too late. Use them now. Mail your mother to wish her a happy birthday using a strong RSA 4096 bit key.

Host your domain name in out of range registry such as the 42 registry, the telecomix one, or start your own. Use free DNS resolvers (not opendns they’re liar, neither the google ones, they’re under the law of the US government) such as the one used by telecomix. Learn how those things works, try to build your own, ask for help, show them to your neighbor. Talk to them.

That brings me to the educational issue.

Crypto for the people

As I’ve said before, most of the tools needed to communicate safely and to bypass monitoring and censorship exist, and are easy to install (believe me, making a Syrian use Tor with bridges while they do not speak English and you do not speak Arabic is a proof that TOR is easy to use). People do not use it because they do not know it exists and they do not know why they would even need to use it.

That’s where enter education. You should teach your girlfriend, boyfriend, mother, father, duck, cat, etc. why they need to encrypt every and all bits of information (and noise) they emit and receive. That’s the hardest part and the most exhausting one, but organizations like EFF and La Quadrature Du Net are quite effective at it. As long as the people are open-minded and curious, showing them why they need to protect themselves online will be the hardest part. Then, they’ll ask the how-can-I-do-that question, and they will end up knowing a bit more how the Internet works, how a computer works, and being able to spread this knowledge to others. We need to be patient with the people that seek help. That won’t make you technically better (while you teach, you tend to learn slower, especially if you need to start from 0 every time you do it), but the documentation needed is still out there (but black-outed. See? that’s not a so good idea) and you can try to improve it, to translate it or to write it if it doesnot yet exist.

The real issue will reside in people who do not want to learn or understand. The ones that are happy like that, watching Fox news, TF1, feeding what used to be their brain with propaganda information telling them that everything is ok. You have two options. Try to save them, but that will kill you. You’ll cease to exist because all your spare time will be spent trying to give some dumb-ass some notions of self-respect, while they’ll consider you as a freak with dangerous thoughts. That will eat you, you’ve been warned. The other option is to live with that and to let them die. Yeah, that’s not fair, that’s not human, whatever, I do not care. But you can’t save people who do not want to be saved.

So, what will YOU do?

 Licence, copyright and version

This version 1.3.1 text has been written by okhin on the 18th of January of 2012. You can do anything with it, as long as you just tell people who wrote this text. If you really need a licence, it’s the WTFPL.

Kudos to zorun who mades me some proofreading.