Companies and hacktivism

Companies and hacktivism

Google’s case

On the 12nd of March, I was at the Cyber-censorship event organized by RWB and sponsored by Google. There was a nice panel after that, with a lot of activists from Belaruss, Egypt, Tunisia and Syria among others. And, well, could not restrain myself, but I’ve expressed some worries about Google, Skype and others companies providing tools used by activists to communicate and about the lack of openness of them.

The Google representative that was there answered briefly that

"[He] do not understand the criticism about the lack of openness of Youtube, everyone can access it".

Well, that’s not true. For instance, tehre’s a video posted by Fhimt.com was locally censored for no apparent reason (the story is on reflets.info). And that’s only one case. I’ve got another one of an allegedly leaked video of torture of syrian that is ‘not available’ (but given the numbers of views and other thing, it was available), and while building the TBS I saw that about twenty videos we once got in the past, are not available anymore.

So, yeah, youtube.com is available in most part of the world. But not the content of it, and Google gives no reason of the specifics (except for ‘copyright claims’), they give no guarantee that anything that is available now, will be available tomorrow.

Worst, when reading their terms of use they restrain the avaibility of the contents to the only authorized Google apps (youtube.com being one), that means that, yes TBS is violating the clause 4.C and H of the terms of use:

You agree not to access Content through any technology or means other than the video playback pages of the Service itself, the Embeddable Player, or other explicitly authorized means YouTube may designate.

You agree not to use or launch any automated system, including without limitation, "robots," "spiders," or "offline readers," that accesses the Service in a manner that sends more request messages to the YouTube servers in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser. Notwithstanding the foregoing, YouTube grants the operators of public search engines permission to use spiders to copy materials from the site for the sole purpose of and solely to the extent necessary for creating publicly available searchable indices of the materials, but not caches or archives of such materials. YouTube reserves the right to revoke these exceptions either generally or in specific cases. You agree not to collect or harvest any personally identifiable information, including account names, from the Service, nor to use the communication systems provided by the Service (e.g., comments, email) for any commercial solicitation purposes. You agree not to solicit, for commercial purposes, any users of the Service with respect to their Content.

So, it means that, everything that is on youtube is subject to the good will of Google. If they decide for one reason or another that you must not see a content on youtube, then they will destroy it and you have no legal way to make an archive of it. Not without a commercial agreement.

Hence, the youtube services is, indeed, free of charge and accessible. But it is not free at all, because you cannot do a lot of things with it.

I mean, Google could be an amazing archiving tool, they have an insane amount of data at end, and they could archive them, providing to the citizens that content on Google (email, video, docs, search results, whatever) will always be available using, for instance, documented and free standard. But they aren’t and they won’t.

They won’t because, besides what Google can say, they are a company. And the only goal of a company is to earn a big pile of cash. They can have an ethics, they can pretend their going social, whatever. In the end, what will dictates their move is the quantity of money they will have at the end of the month.

That’s why they moved in China, despite the censorship over there. They saw 300 millions people that can use Google, that’s 300 millions people that can be submitted to compartmental analysis to serve theme efficiently targeted advertisement (which is the Google job).

Google is not about freedom of information, so they accepted a partial censorship from China authority. Then, they discovered they where targeted by a huge attack, the Aurora attack, probably commanded by China’s authority to go after some intellectual property of Google, so they went out.

They didn’t move because their tool was censored. They moved because their business was under attack. They’ve done some PR move about the China being uncooperative, violating their property (no shit?) and forcing them to do insane censorship (oh, really? So, you’re not censoring yourselves?) and then they moved to Hong Kong, acting like the good guys.

The good guys will have stay there, will have disobey and will have provided activists there online tool to preserve their anonymity and their security, fighting the laws and regulation of the Chinese government.

The Skype case

Skype is even worse. Even without being now a Microsoft product, Skype is designed on closed and obfuscated protocols that are designed to go through most of the firewall on both side of the call. The utility allow for Desktop Sharing that grants execution on distant host, your address book is stored somewhere, the cryptography is based on secret algorithm not documented anywhere, so it is Security through obscurity which is as bad as no security (even worse, because it gives a false feeling of security).

The only strength of Skype is to have a good marketing team, and to be available on whatever platform you can think about (the free of charge thing is the same for all VoIP providers).

One big problem with Skype, is the auto-update thing. It is used a lot to deploy malware, notably in Syria where activists get killed for organized themselves (so, yes, a government using such malware can now the people you’re calling and can arrest you and them, alongside with their friend and families). I’m not saying Skype is collaborating with government, just that a closed proprietary software that will get installed on all the computers, that can install things on his own without warning users, that can get through all firewall and that do things in your back is called a trojan over here.

Worst, now Microsoft bought Skype. And Microsoft have a lot of patents. There is one that need all your attention right now. The patent 2010153809 labelled ‘Legal Intercept‘. So, in short, Microsoft as patented the technology required to give any government the capability to intercept any communication using one of their software. Most of the government now have law to authorize such things. There was law for that in classic-phone system, as long as on GSM, and I always thought it’s legal for them to intercept any communication they need to build a case against you as long as the legal system allow them (and it will). The thing with Skype is, it was supposed to be end to end encrypted, so, mainly, the snoopers cannot have a verbatim of the talk.

With this patent, however, Microsoft is telling that any government can now intercept communication in Skype. So, basically, anyone who have access to the Microsoft tool for lawful intercept can now intercept Skype communication. So, the encryption is now broke and will never be recoverable.

The weird thing is that the Syrian government, for instance, has law that grants him access to spy on its people. With this kind of patent, they do not even need DPI and hackers tobreak it, just to ask Microsoft to give them the key of the system.

Facebook Google, Twitter and the One identity problem

As I saod before, most of the website you use have only one goal: serves you with the data they want you to access (because they’re paid for that), not the one you want. And, for this to be efficient, they need to know you in a lot of details.

They do not care about you having a pseudonym or a real name (except for Facebook). What they do care about is the fact that you must have only one name. They need it, because they wants to track you everywhere you go to build of profile of you they can sell to whoever pays for it (or access their data using more creative way).

For instance, Google has changed their Privacy Policy, requiring that you use only one account for all their services (and that all of those services will share data with all the services). So, youtube will now about what you wrote on gmail and what’s on your blog (if you use blogger).

Facebook, and its ‘like’ button is even worse. If you’ve got a facebook cookie in your browser (which, if you have a facebook account, is the case) and even if you’re disconnected, the simple fact of loading the ‘like’ button (which is a script) will tell it to facebook.

Twitter is now selling your public tweets (and all the informations associated to each tweet, including localisation if it’s active). I still do not understand who will buy something that is already free because it’s public, so I suppose they, in fact, sell analysis and profile that match some criteria to target them with advertisement. Or by selling them to a governmental agency that is willing to pay to watch their citizen. Don’t think it’s not the case, government are spending a huge amount of money on CCTV camera and other way of spying on their people.

So what?

The thing is that those company have product almost in every country, their product is free of charge because the users are the product, but still, you have it every where. They can live with insane traffic, they’re translated in the much common languages, they are easy to use, multi-platform and idiot-proof. And that’s why people uses them to share pictures of their sex life or of their last trip to Vietnam, to share videos of riots and uprising or about clever cats playing on a keyboard, to harass underage girls or to share an amazing animation clip.

Those tools are everywhere because they are big, they’ve made internet popular, they’re in part responsible for the development of those smart-phones and of the eradication of the dumb-phones.

And given that, and the fact that the last websites you will access in case of crisis are Google, Facebook and Twitter while news sites will be closed to protect the government, activists can and will uses them. And some of them will get killed for this, because those website do not provides way of communication that are really anonymous.

Google told they’re making an effort to be as ethical as possible. If they really was, they’ll open the code they use on their servers, they’ll open and disclose their algorithm, they’ll provide way of enjoying fully their services without building a profile.

Surely, they’ll earn less money. But they will still earn some. Plus, some people should have remain alive and free instead of being jailed for having uploaded content on facebook or Google.

Achievement Unlocked

Yeepee

http://streisand.okhin.fr is, according to Mr. Claude Guéant, French Minister of Interior Affairs a website that must be blocked along with https://copwatchnord-idf.org.eu (yeah, I know, they must learn how to do SSL) which is a copwatching website that has been previously censored (with a different domain name).

I need to add that I’m not a full supporter of this copwatching website, I do not like the tone of it and, while I think copwatching must be done, I do not think this is the best ethical way to do it.

So, the assignation is here and the lawyers of the main ISP are currently fighting it.

The funny part of this assignation is the §2.1.2 (page 6) where they said that collecting public information without the consent of the person concerned by those information is a violation of the 6th of January, 1978 law about personal data. Which is the case. But it’s also the case of almost all of the ‘official’ police files (as the CNIL [FR] repeatedly told them), and I’m not speaking about the shadow file that most probably exist.

The worst part is that, beyond the 34 mirrors listed (mine is the first one, Wooooot!!!), Mister Claude Guéant do want that all the ISP must extend the blockade list dynamically and without asking further details to a competent authority (so, a judge).

The way they’ll do that will probably be a DNS blockade. I’ll probably move my domain name to something else when it won’t be available. The funny part is, that my personal emails and calendar are hosted on the same domain name.

Twitter and censorship

Twitter and the censorship

In a controversial post entitled Tweets still must flow((And they stole the third datalove principles, yay for us)), twitter said that they will now be able to censor some tweets regarding on the locality of the reader. That mean that someone in China won’t be able to see this tweet about Tien An Men celebration, or that a tweet with a svastika will not be readable in France or in Germany. And then, the whole twitter sphere get mad, yelling while running in circle.

And the storm will cease, people will forget and move on the next big thing. Twitter will expand and open a new office in China, because they’re doing business. It’s their objective remember? Business, after all twitter is a profit driven company that want money. They do not want your freedom or your safety, they want your money.

I always think that twitter wasn’t that bad, at least, toward my privacy. After all, my friend list is public (anyone can see it, even people without a twitter account), my lists and tweets are also public and they do not have any bits of personal information about me, except my pseudonym and an email to join me. Twitter is one of the few corporation that deal correctly about privacy (I can share my location, but it’s not active by default, I can use my GSM, but it’s not active by default, etc.) So, they provide a service to everyone (they even tolerates bots, even the one that only speaks to computers, that mean control command for botnets). It’s not purely neutral (it’s not distributed), but it’s a good start.

Then things changed

In the beginning (yeah, last year, maybe the year before), twitter had a great documented API that anyone could use to do anything they want, as long as they respect certain limitation in volume. Limitation a normally constituted human cannot be able to reach. So everybody could write a twitter client, or an app that use this twitter API. Then they decided they wanted more control over what people where doing with twitter. Things have moved since the green movment in Iran and, now that Twotter has grown, they want more control.

First things they do, was to forbid third party clients, like the one I’ve used to use to access twitter on my old Nokia phone. 2 years later, I still have no idea of how I can access twitter from the OVI store, so I cannot use it. They makes some huge change on the Twitter API too, without maintaining complete public documentation, this has break a lot of compatibility with, for instance, status.net. They still never explained how the trending Topics and they responds to legitimate questionning about this important future (that’s how you know what’s happening now and near you) with ‘trust us, we’re not censoring anything (and look at the support page about trending topics: https://support.twitter.com/groups/31-twitter-basics/topics/111-features/articles/101125-about-trending-topics, there is no precise enough answer that could be used to infirm or confirm tweets.

I’m not saying they’re censoring Trending Topics however. They sell trending topics (you can see sponsored one in top of your list). They want control over the trends because that’s how they earn their lives and that’s what they sell to Nike, Disney or BlueCoat for instance. Since two years now, and after 2 major change in the interface and the way they display content, they have exerced a lot of control on how things are moving, they’ve penetrate a lot of new market (in Middle East, Africa, South America, etc) where activists use twitter to circumvent censorship because it’s a US based company, and then the US law are the only one that can be used to censor twitter.

The Wikileaks case

Look at wikileaks for instance. In November 2011, Twitter was forced by the US Justice Department to hand over all the information they had about three people, suspected to be linked to the organisation. A secret order in fatc, that would be revealed to the people under investigation once the investigation is done. Twitter defend the case, but they finally had to give out those information (but they could warn the users they were under investigation). The story is in the NY Times if you need more details. Google do not fight those, they just maintain a page where they put the request from a judge they received, ordered by country. For facebook, I’ve still never heard of such thing.

The things happening there is that a US Company own parts of your identity and they are under the US law (with the patriot Act). That gives to this governement a reach to all the twitter user. Including ones that are not even US citizen neither on the US soil. This is not a twitter problem, this is a legal problem. The centralized system everyone use fall under specific national laws that supersede the local one (amongst the target of the wikileaks thing, there were an Icelandic representative, from a country which have the strongest law arsenal to defend the source protection and the whistle blowers).

Things get big

Twitter has received a lot of money from different sources. They wnat to grow bigger. They want to get in Pakistan, Iran, China or India. They want to have local offices, or not to be banned by a country because ‘terrorists uses it’. So they say they will follow the law of each and every country they will be used. It means that, if Bashar el Assad, the still ruling dictator in Syria, aks for content he do not like must be removed in Syria, they will obey (they will follow the local law). You’ll still be able to see those horrible video and massacre live, but people on the ground won’t be able to talk to each other, because they won’t be there.

My point is, you’re yelling because you’re afradi Twitter will censor things. You should not be afraid of that. You should be afraid that twitter had previously censored tweets due to justice decision that should not apply to you. You should be afraid that all of those datas are centralized, teh same way megaupload, Google or Facebook are. You should be ashamed to reinforce it by using it to protest. You should be ashamed because you have not used a decentralised solution, either by using one that already exists such as https://status.telecomix.org or https://identi.ca, or by setting one up with friend (status.net installation is documented). I know it’s hard, and I am to blame to because I use twitter, but move to a free cypherspace, you’ll see, they’re some nice people hanging there, is you’re looking for me, I am just right here: https://status.telecomix.org/okhin.

Data must flow Enter the decentralized cypherspace


The version 1.0 of this post was written on 2012/01/27 by okhin. Relaesed under no licence or the WTFPL.

Megaupload is dead. So what?

Megaupload is dead. So what?

So, a justice court from a country abroad has decided that megaupload must be put to an end, along with their sistersite Megavideo, and so they’ve took it down yesterday evening. This is sad, and it’s a bad day for individual freedom. But it is not unexpected and you were warned this would happen and you choose to do nothing. But first, let’s look at what has been put offline.

 God bless Megaupload

Megaupload (for the one of you who don’t know what it was), was described as a filesharing website where everyone can find what they want. Be it illegal porn, clandestine copy of movies or TV show, applications or other software, cracked or fully legal, and every thing that can be put in a digital format and brings online (and believe me, that’s pretty much everything you can use with a computer or a smartphone). So, it looks like a good idea. Except for two or three little and neglectible point of details.

First, Megaupload is a company. Yeah, you’ve got free account, but they do everything they can to makes you buying a premium to have unlimited download (at least, as long as you paid the monthly 10$ fee for it). Yeah, Megaupload is a company whose jobs is to makes you pay to access files. Doesn’t it make you think about something?

Second, extreme centralization. They have more than one server, and kind of work like in a cloud, but your files are still in only one place. You share a link to access it, not a file. It’s more convenient you say (but sharing a .torrent is convenient to, and easy to do). So megaupload begins to have all of the illegal files the majors and governements were looking for in only one place. Big, obvious and easy target (since it’s a company).

Third, you know Megaupload because you want to see How I Met Your Mother. So, you were paying a media company because you did not want to pay for another media company. You were enforcing a monopoly because you are against a monopoly. You were saying that the whole media industry produces shit, only because that gives you legitimity to pay for the same shit (but to another one). Megaupload was a form of global licence, and it’s a bad idea (unless you can defines precisely who is an artist and who is not and tells me exactly how you can redistribute it with equity).

Fourth, you were using megaupload because you were scared by a government which tries to hunt down pirates that use peer to peer filesharing. Those system are extremely resilient, there are multiple copies of the same files all over the network and it cannot basically be shut down by a single justice decision. Yeah, Megaupload was a solution that government indirectly promoted by scaring people.

And I can continue for a long time, but people told me that endlessly raging is useless. I’ll just redirect you to a good article written by Bluetouff on reflets.info which wrote all of this, at the end of the year. (and yeah, use a seeks node to find more about it, I won’t do it for you).

Rage against the machine

So, last night it was shut down. And a lot of people were raging after it, accusing governement to tackle their liberties. Yeah, right. But that was a lot of people told you like, two days ago about SOPA and the black out stuff. Or the precedent years about ACTA, or when they try to makes you understand why HADOPI or ARJEL are extremly dangerous for our liberties (and for no community gain). So I tweeted this (and launched an easy troll I must confess):

Et donc #megaupload ferme et vous êtes perdus? #Decentralisez. #onvousaveeprevenus #alleemourir / And so #megaupload close and your lost? #Decentralize. #wetoldyouso #godie

Some people were answering and told me that they were fighting for their liberties. In fact, they’re not. Else, they would have fought fiercely when copwatch was taken down. Or when all of the websites we try to mirror with streisand (and I do not have all of them here) where taken down by one state or another. Or when Wikileaks was under an heavy attack from institution. If people really want to fight for their freedom, they’ll be in the street with the Occupiers, they will be asking their governement answers and justice for the infamous acts of some police forces. They will use their right to throw out their governement to choose a new one.

But instead, people (most of them, a lot of people are acting, in more or less usefull way, in more or less fun way and in more or less legal way) were just saying, "I do not care. I can still use Megaupload to see that stuff." Or Allostreaming (they will be shut down soon to, French governement has assigned all the major ISP to think about an effective blockade (details here). But now that megaupload is gone, what will you do? You’re to scared to use P2P, Direct download is now dead, streaming will follow, and (you can bet on this) major companies will provide you a not so good implementation of a global licence and you’ll accept that and you’ll be screwed. And they’ll win.

You made this happen

Yeah. You. Not someone else, not the major, not the governement or banks or aliens. You. By trading your liberties for confort (look at the iPhone, you cannot have anything that may looks like pornography on it. And Apple will soon sell school books. Same for google and for each and every monopolistic dragon that sleep on a treassure of data to mine. Each time you enter a URL in the google search bar, each time your’d rather download copyrighted material instead of free and opened one you’re playing their game. We warned you. Richard Stallman has been doing this for a long time and he was right, the EFF or LQDN were trying to give people enough knowledge about those shadow agreements to empower those people.

But you always choose the easy way, trusting companies or governement because they won’t hurt you. This is the cute cat theory. AS long as you can access your porn and your cute cats, you won’t protest. Yeah, that means those websites will be the last ones to be shut down by governement. And that’s why activists uses them to communicate. But then, you’ll focus only on cute cat access, not on information access. There is almost no media coverage of the Occupy movement here, but people does not care because some star does something trashy (or an election campaign running but without any programms from the candidates at least than 100 days to the election) and they control the focus and you are happy with it.

That’s why I’m a bit raging and yelling at people Y U NO DOING SOMETHING BEFOR IT HAPPENS!?! [insert cat picture here].

We spend an amazing amount of energy to try to warn you, for nothing. You let this happening.

Well, in fact, I was quite suprised that the US government shut down the Megaupload stuff. I mean, when you do politcian politics, you learn tha the people only need bread and games (since Caesar in the antic roma at least). But I think that with the crisis, a lot of people do not have bread anymore, so they probably thinks they can stop the games now because citizen will have other things on their mind. It’s either because they think they’ve lost the battle of the control and are tired to play games, or they think we have abandonned the ship and it’s time to show us who’s the boss.

What can you do?

Hang yourself. Really. If, at this point, you still don’t know what you can do, go hang yourself.

Or you can try to beat them at their own game. They do want us to pay to watch/listen at stuff? So be it. But then, do something usefull with your cash. Instead of giving them 10$ a month, give this cash to crowd funding entertainment project, like Pioneer One (a web serie that follow high standards of quality, and they’re at their 6th episode, only funded by crowd funding). Go on kickstarter they have a lot of project that can use your 10$. ANd most of them will reward you for that (being your name in the generic, a special edition, or whatever). There is more and more media licenced under Creative Commons, you can find a lot of free (as in freedom) music online. And some quality one. You can go to a concert. Stop feeding them. Stop copying their shit you would not pay for.

And if you still want your dose, the media junkies must go on The Pirate Bay. No governement has managed to shut them down. They are not a company. Their distribution system (bittorent) is decentralized. No one has still be condemned yet for using the .torrents. Don’t be afraid by them, they aren’tworth it.

Think. Use your brain. Use your civil duty to think. Change, have fun doing it and then change the world.


Licence and stuff

This version 1.2 of the txt has been written by okhin on the 20th of January of 2012. You can do anything with it, as long as you just tell people who wrote this text. If you really need a licence, it’s the WTFPL.