Achievement Unlocked

Yeepee

http://streisand.okhin.fr is, according to Mr. Claude Guéant, French Minister of Interior Affairs a website that must be blocked along with https://copwatchnord-idf.org.eu (yeah, I know, they must learn how to do SSL) which is a copwatching website that has been previously censored (with a different domain name).

I need to add that I’m not a full supporter of this copwatching website, I do not like the tone of it and, while I think copwatching must be done, I do not think this is the best ethical way to do it.

So, the assignation is here and the lawyers of the main ISP are currently fighting it.

The funny part of this assignation is the §2.1.2 (page 6) where they said that collecting public information without the consent of the person concerned by those information is a violation of the 6th of January, 1978 law about personal data. Which is the case. But it’s also the case of almost all of the ‘official’ police files (as the CNIL [FR] repeatedly told them), and I’m not speaking about the shadow file that most probably exist.

The worst part is that, beyond the 34 mirrors listed (mine is the first one, Wooooot!!!), Mister Claude Guéant do want that all the ISP must extend the blockade list dynamically and without asking further details to a competent authority (so, a judge).

The way they’ll do that will probably be a DNS blockade. I’ll probably move my domain name to something else when it won’t be available. The funny part is, that my personal emails and calendar are hosted on the same domain name.

I am a terrorist (and?)

So, those days two events where directly directed toward people who wants to enforce and protect their privacy, or toward the ones that would maybe participate in an Anonymous group. One here, in France, another in the US.

The blowing of EDF

The first affair, that everyone’s discussing about, is a thing that started 6 months ago. When the landing page of EDF (The main company that’s selling electricity in France, public business but in a market open to concurrency) was hit by a DDoS. That was in June, and the thing hits the news[FR]. It was not that long after the serious problem in Fukushima, and there was a lot of pressure around nuclear power at this time. The DCRI (French secret police), following the leads they had, found that people was using a public pad hosted by piratendpad.de, the German Pirate Party, to synchronise the attack. They asked for an access to the logs to their cross borders colleagues, and then the police raided the server, just some days before an important local election for the German Pirate Party (where they made a big score by the way). The story was covered in the press, particularly on Ars Technica.

Last week, they finally went after two guys linked to Anonymous (but who does not?) and put at least one of them in custody for 60 hours in a row (the interview of the guy is at owni[FR]). The police said 45h and that he waited for 15h in a cell. That still 60h of custody. That’s more than the legal limit of 48h, so it’s a special exception for fighting terrorism (yeah, US got Patriot Act, we got at least 2 LOPPSI, and 2 other National Security Law during the last ten years). Oh, and the goal of the DCRI is to catch terrorist (and to put everyone under a CCTV cam). The evidence was that the guy IP was found in the webserver logs (so, he just visited the website of the company that sold him electricity, probably to pay his bill for instance… Surely, he is a terrorist).

The thing that worries me here, besides the fact that they do not understand the internet, is that they used terrorism allegation. terrorism is destroying critical infrastructure and killing people to spread terror in a part of the world. A DDoS on a public website (even if I disapprove it) must not be a threat to a power plant. Especially if it’s a nuclear one. So, there was no risk at all of destroying critical infrastructure to spread terror, so not terrorism. If their was a risk (meaning, a computer of the plant LAN connected to the internet), first a DDoS on the public (and non-related) website would not have destroyed the plant, but that’ will be the evidence that those people are idiot and incompetent and dangerous, they should do jail time.

The FBI poster about terrorism

Fear. Uncertainty. Doubt

The governments are doing this because they’re afraid. They’re panicking, they do not understand what’s slipping between their hands. They’re loosing the battle, so they’re panicking. What they want, besides controlling everything and everyone, is killing Anonymous and other hackers movement. One efficient way to do it, is to use the Fear of the people, by using Uncertainty of facts (there’s a possible terrorism risk) and by disseminate Doubt in the people minds (are hackers good or evil?). That’s why they want to control the information, and the media. It’s so bad for them that a lot of media do like us since the Arab Spring and the Occupy Movement all over the world.

They want to makes us terrorists, because everyone have an unrational fear of terrorism. Terrorism is perceived as a high profile threat, with an extremely high probability for terrorism event to occur, while it’s not. I mean, there’s more people killed on the road each year in France (about 6 000), that by a terrorism act since the last ten years. But it’s a risk a government can pretend to fight by chowing things like policeman equipped with shotgun and assault rifle, servicemen in public space, invasion of privacy for a greater good. That’s why they want us to be terrorists, it’s because they need it to control the cyberspace and they want to kick us out their world.

The thing they did not get is what we are already out of their world. John Perry Barlow wrote some time ago the Declaration of the Independence of Cyberspace, and that have never been so true. We fight government and corporations. We stand for people when all of you have fled from the battle. We will be the last line between them and our privacy, and that will be an epic battle. Not using guns and spilling bloods, but using speech to spill words, laws and regulations, computer and internet to spill data all over the place. This is the real cyberwar people told it exists. People, host, bots and cats from the internet, versus the control freak of the nation states and corporation.

I will fight for my freedom. And you should od the same. They called us terrorists so you are not at threat, we will takes the pressure, we can manage stress and staying awake for nights, you should join us and make your voice heard because you have something to say. The crypto ammunition box is now full open, come and get some. If you still need to know why and how, read the Cyphernomicon.


Why I won’t black out

Why I won’t black out

About this

First, a little introduction. You’ve got to know that if this text exists, it’s definitely not my fault but his. Proof:

11:41 < Gordontesos> alors blogue ! So, blog !

So, I’m a system administrator, a Telecomix agent, a total geek and probably someone that has some issues with people. I will probably hurt your feelings, but I do not want to take precautions and preserve people and, in fact, I do not care. I’m already making people cry with the stuff below, so learn to manage your feelings. Either you can think, and that won’t be a problem for you, either you can’t and then… well, why are you here?

Oh, no comments available. First, I’m too lazy to filter out spam, and I believe it must be my burden, not yours (so, I won’t use a captcha system which is almost useless, or a registration system). Instead of that, you can reach me on status.telecomix.org, on some IRC chans, on twitter, by mail (okhin AT okhin DOT fr), we can (and should!!) have divergent opinion, and if you want to answer, write your own part, kick me, destroy my argumentation and tell me where is it, that way I can exchange with you, publicly or not, your choice (but tell me before). We should debate and exchange, but I do not think a comment is the good way to do it.

And I’m not a native english speaker, so if you find grammar, typo or other stuff, send me an email with corrections and I’ll integrates them (and if you want credit for, you will got some).

Back to the topic

SOPA, PIPA, HADOPI, LOPPSI, LCEN, DADVSI, WHATEVER… Every now and then, governments try to lock up the internet, then people get angry and react and protest and put some black on their websites, their avatar and stuff like that. Even big companies try to do that. But guess what? You can still read this, even with the blackout. So, what’s happened?

A government (in the SOPA case, the US government) thinks that some websites can be dangerous for their citizens (or for national security, for their interest… whatever the reason used, it’s fallacious) and, those websites being out of US jurisdiction, they want to filter them out. To censor them. To deny people the right to access some information, even if it’s not under the US jurisdiction (because they want to shut down the DNS on .com, .org or other zones like that). They have been trying to do this for a long time (more or less every year in the last 10 years), mostly because they’re afraid of people being able to think by themselves. They’re trying to develop the idea that some thoughts are dangerous. They want to tell apart the harmless thoughts and the dangerous ones. They want to tell which citizen has the right to think freely and which one does not.

Don’t get me wrong. This is horribly bad and I’m fiercely opposing it. But I won’t black out anything. In fact, I’m working the other way around. I’m using my freedom of speech to expose my ideas in one persistent place, a thing I’ve never done before (and believe me, I’ve been living in the Cyberspace for a long time now).

Why?

First things first. I’m small. I have no impact on governments, because they are doing everything they can to deny me the right to speak my mind, the right to tell them why I’m in discordance with them. So google, or the ISPs, or the traffic operators, shutting down their operations. Yeah, that will show people what those so-called laws can do by provoking a worldwide net-panic. Me or my fellow hacktivists, bloggers or whatever, will have no impact on a political agenda, at least using political means. That’s not what we are good or trained for.

Second, black outing is just reacting. It’s a simple protest. I know it’s people’s right to protest, but I think their duty is to act. To do things. Not to fight a battle on the ground chosen by your opponents, because then you can’t win. They’re too big, they can ignore us (have a look at China for instance). Even in the Middle East, the situation does not change because of people going in the streets, but because of people starting thinking and doing stuff. I’m in favor of action. Decentralized, unorganized, chaotic action. Yeah, sure, blacking out will probably bring people to think about it, but look at the Occupy Movement. Or Indignados. Or whatever. 6 months later, they’re still out there and nothing has changed. Sure, I’m being pessimistic. But also rational. We’re good at rational stuff (you know, the "in case of emergency" plan your boss paid you to write, stuff like that, we’re the best one at that) and I’ve never been trained for managing feeling, political agenda and other stuff.

I respect the devotion of civil liberties groups such as the EFF or La Quadrature du Net, but they’re fighting a battle that was lost long ago. Lemme tell you what will happen next. The US government will tell us: ‘Ok, I got your point, SOPA is soooo bad. However, we need a way to fight pedophiles, drug dealers, IRS frauders, and that’s why we think this law is better than SOPA.’ And everybody will say ‘Yay, we’ve done it, they’ve changed their mind’. And when the dust comes to a rest, you will realize that you’re screwed, they have reduced your liberties, but they are the good guys because they make concessions. That’s how negotiations work, you just need to ask each and every marketer. To negotiate something, you have to lose something before entering the negotiation.

So, where does it leave us?

That leaves us to a point where governments write bills about freedom of communication. Either to defend it (there’s some discussion around Net Neutrality in the EU), or to amend it (SOPA, PIPA, WHATEVER). The thing is, they’re defining bills on freedom of speech, on Internet. They try to shove the meatspace into the cyberspace, into a place where we do not need them. Their role should be to give people access to their basic needs and freedoms. That’s all. That’s the purpose of states and law. From where I stand, the law is a concession made by individuals to be able to live into a community. It should not be something that hampers them, but rather something that empowers them (and protect them from inequalities).

So, those bills limiting our freedoms (and not for giving us a better community, but for spying on us and/or giving more money to lobbies), are outlawed from where I stand. I won’t give them power over me or substance by fighting these. If I’m doing so, I’ll open the door for another bill on the regulation of our freedom of communication. This is not acceptable. So when you black out, you’re telling SOPA is bad because of those (perfectly good) reasons. But you’re also telling ‘Hey, maybe they can make a better offer?’ And they will make you a better offer. But that’s not acceptable. They say they don’t negotiate with terrorists. We should not negotiate with them.

When someone bangs at my door, my phone or my mail, trying to sell me something I don’t want, I just tell him ‘No’. I do not need to argue about it, it’s No. I’m not interested in this kind of stuff. If he insists, I’ll slam the door at his face. If he comes back, I won’t open the door or answer the phone. We’ve already told them numerous times that we do not want bills about freedom of speech. Time to slam the door at their face (and to break their foot if they want to use it to force you to keep your door open).

Surfing under the radar 

Let’s take the initiative. Let’s move in unexpectable ways. Let’s do fun things, and let’s have a good laugh (not necessarily at them, humiliating them makes them stronger than denying them the right to exist). The point is that we have basically lost the battle when we have moved to centralized systems (yeah, I’m speaking about Google, Facebook and Twitter, but also of the .com registry). I plead guilty too: after all I have a national domain name (.fr) and a twitter account. I’m no better than some people outside. In fact, there’s a lot of them doing amazing stuff you’ve never heard about. So, they gave us the choice between the Blue and the Red pill. I’d rather do that.

The simplest way to do this is to enter the CypherSpace (yeah, CamelCase are sooo CyberPunk). Enter a Space of fully encrypted information (or noise). Abandon the clear text communication that anyone can listen, intercept, alter and/or block without you being able to detect it. Assume one or more pseudonyms or enter anonymous, they are mostly friendly people. Do not think about legality, because it will be forbidden (if it’s not the case, I gave them some months/year to make crypto system illegal). Speak your mind, frankly, without caution, you cannot avoid hurting people. Use TOR every day, always, even for getting your porn or your lolcats. Use OTR when you chat and [PGP][] when you mail. Move to decentralized platform (such as status.net for microblogging, diaspora for your social activities, host your own mail or ask a fellow hacker to do so, use seeks for your search needs). The tools needed to build this better place we all hope for already exist, so grow your own freedom. Don’t wait for states or companies to do it, because they won’t do anything else than selling you dreams.

You can go deeper (as they say in the movies). Build and use darknets and VPN to enforce even more anonymity. Have I told you about TOR? They have .onion. There’s also I2P and the .eep sites. You can set up a darknet easily using open software such as tinc, and you can encrypt it from end to end. You will go below the radar of the government if you use those tools on a day to day basis. Use them before it’s too late. Use them now. Mail your mother to wish her a happy birthday using a strong RSA 4096 bit key.

Host your domain name in out of range registry such as the 42 registry, the telecomix one, or start your own. Use free DNS resolvers (not opendns they’re liar, neither the google ones, they’re under the law of the US government) such as the one used by telecomix. Learn how those things works, try to build your own, ask for help, show them to your neighbor. Talk to them.

That brings me to the educational issue.

Crypto for the people

As I’ve said before, most of the tools needed to communicate safely and to bypass monitoring and censorship exist, and are easy to install (believe me, making a Syrian use Tor with bridges while they do not speak English and you do not speak Arabic is a proof that TOR is easy to use). People do not use it because they do not know it exists and they do not know why they would even need to use it.

That’s where enter education. You should teach your girlfriend, boyfriend, mother, father, duck, cat, etc. why they need to encrypt every and all bits of information (and noise) they emit and receive. That’s the hardest part and the most exhausting one, but organizations like EFF and La Quadrature Du Net are quite effective at it. As long as the people are open-minded and curious, showing them why they need to protect themselves online will be the hardest part. Then, they’ll ask the how-can-I-do-that question, and they will end up knowing a bit more how the Internet works, how a computer works, and being able to spread this knowledge to others. We need to be patient with the people that seek help. That won’t make you technically better (while you teach, you tend to learn slower, especially if you need to start from 0 every time you do it), but the documentation needed is still out there (but black-outed. See? that’s not a so good idea) and you can try to improve it, to translate it or to write it if it doesnot yet exist.

The real issue will reside in people who do not want to learn or understand. The ones that are happy like that, watching Fox news, TF1, feeding what used to be their brain with propaganda information telling them that everything is ok. You have two options. Try to save them, but that will kill you. You’ll cease to exist because all your spare time will be spent trying to give some dumb-ass some notions of self-respect, while they’ll consider you as a freak with dangerous thoughts. That will eat you, you’ve been warned. The other option is to live with that and to let them die. Yeah, that’s not fair, that’s not human, whatever, I do not care. But you can’t save people who do not want to be saved.

So, what will YOU do?


 Licence, copyright and version

This version 1.3.1 text has been written by okhin on the 18th of January of 2012. You can do anything with it, as long as you just tell people who wrote this text. If you really need a licence, it’s the WTFPL.

Kudos to zorun who mades me some proofreading.