Telecomix

Precompiling

It’s been almost two years that I’m hanging with the Telecomix crew of amazing people/jellyfish. And I think it’s the first time I’m writing about it. I’ve discussed it a lot recently, mainly because a lot of media here wanna speak with us, also because I heard of, at least, two more long term project about Hacktivists.

Also we have an interesting discussion inside the ‘core‘ team, about the whereabouts of the cluster, along with more and more interesting questions coming from people.

Hence, this post. And, well, since Telecomix is the sum of the people inside it, it is not an insight of a unique mind, but more a part of this hydra of jelly.

Follow the white rabbit

One question I have a lot is how do I ended up in Telecomix. The answer I generally do is that it just happened. I was not looking for entering such a group of people. I do not think any one with a sane mind, would voluntarily enter a group that will eat your time and nights, will put you in front of a lot of unwanted attention (and I’m not speaking about the media here), will raise the expectation that people will have about you and will confront you to tough choices (going to sleep or having people killed).

If you put it that way, no one will accept it. Besides some wannabe heroes maybe. And sociopaths (but heroes are sociopath anyway).

So, I ended up in Telecomix at the same time I decide to enter a hackerspace. I entered in this place, meeting a lot of people. The Telecomix name was already in the media (due to Hosny Moubarak shutting down the intertubes in Egypt) and I was helping with some Streisand already.

I think you do not enter inside Telecomix. It’s not a place mainly because a place would let you leave it, so you cannot neter it. You do not join it for it has no registering system (and anyone telling you there’s one might want to lure you, but that’s not the point, not now). You just evolve into something that is Telecomix. Your mindset change, and evolve into it.

So, you just wake up one day, and it’s like: ‘OMG!!!!!! I’M TELECOMIX NAO!!!!!’. Once the caffeine is getting slow into your organism, and after the morning passed, you just found that all people in there are more or less normal people.

There’s no crypto-anarchists, speaking in tongues, bashing everyone that do not use strong crypto system, and crypto social conventions; there no supra-intelligent AI that tries to take over the world; there’s no pure-hackers that feeds on data and caffeine; there’s no one that want to save the world.

Enter the Matrix

Well, that’s partly true. We do have bots that can be quite schizophrenic and sociopath some time. There’s a lot of different and unique person, from all over the cyberspace. There’s sociologist, computer scientist, slackers, hackers, beer makers, paranoiac and conspiracy theories adept, politic-minded and a-politic ones, and I suspect some aliens to participate in the cluster.

Some might wonder what’s a regular day in a hacktivist group. I don’t know, I can barely speak for mines and, well, a lot of people will be disappointed I guess. Have you seen the movie Hackers? No? You should, it’s fun. But it’s not like that.

I spend a lot of time simply sitting in front of a computer, starring at console-like screens (and yes, I do take pleasure having a computer that no one else besides me can understand or use). I do that for my work, and for my hobbies.

If you can get behind the screens, you’ll see that I’m connected on a lot of chat rooms, not saying that much quantity of things. Even when writing stuff, either for work or, like this piece of text, for my personal use, I’m on a console. Sipping some black coffee, while not noticing that it’s two in the morning, you can spend a lot of time chatting with people, while writing some software, scanning some infrastructure, or just crawling the intertubes. That’s what I do all day. My job requires it, I do enjoy it, and I’m doing it with the Telecomix crew.

This is my daily routine. Waking up too late, spending way to much time on IRC and intertubes, spending not enough time with people around, going to sleep too late. And hanging around in hackerspaces and conferences also, to make things and to exchange knowledge and skills with people in the meat space. Oh, and playing a lot of games (pen and paper RPG, video games, etc), and spending time with the media when they ask for it.

So, you see, I have a kind of regular life. I’m not crawling undercover in highly secured area to steal a computer, I’m not hacking through governement systems just to find your credit card. I’m just trying to find new way to let the data flow, because that’s what matters to me.

Meet the cluster

Asking an agent what is Telecomix will get you in an abyss of perplexity, for none of us have the same definitions. For one, we do asks this questions ourselves quite a lot, and the answer still changes and we have no consensus (but we’re not looking for it).

We agreed on the fact that we’re not an organisation, meaning we have no identified head, agenda, plan or funding. We believe we are a too much centralized acentric cluster. Why too much? Because people rely on us instead of trying to build their things. Or at least, it is the perception I have from the inside.

We can do a lot more of thing if we had 35h a day and/or a way to work for Telecomix as a full-time worker. But then, I think we’re gonna loose a lot of fun. And that’s the important part in Telecomix. The fun. We’re in here to have a lot of good time, doing things we like, things that are important (like decentralize the planet), but you can do that at this rhythm only if you have the opportunity to laugh and having fun.

This is the part where people can feel uncomfortable. We’re not changing the world because we must. Hell, who the fuck are we to think we must change the world? The only one that can do that is you. We’re changing the world because it’s fun. The most amazing things we’ve done, we’ve done it only because we’ve enjoyed doing it.

I do enjoyed working on VPN and darknets issues for Syrians. I haven’t done it because someone had to step-up, this is not my fight and this revolution belong to the Syrians. I’ve done it because I wanted to learn about it, I wanted to tests how communication networks can works under harsh conditions. When the network was attacked by Hosni Mubarak, the cluster just tested if we could work using the old lines, and how to spread it.

We just having fun with weird and unexpected situations, because if we were doing it because we thought we must do it and that no one would step-up, we will burned ourselves.

The hardest lesson

And this is hard to learn. When working with a group of people where there’s always someone connected and discussing interesting issue, while helping people through the world trying to communicate and getting arrested and probably killed for having done so, you’ll go through ugly mental states. Caffeine and stress doesn’t mix well, if you add sleep deprivation you’ll go technical.

The strength of a cluster is redundancy. Working with so different people, working on so different topics (from ham-radio, to darknets, to drones, to ACTA) grants you the possibility to just leave and disconnect.

You won’t feel comfortable, especiallay when there’s live at stakes. But you’ll be up to no good after 36h of wake, filled with caffeine and alcohol and Cameron knows what. You need a life out of the cluster, or you’ll become a bot.

The strength of this small group of hacktivist (we’re 220 connected on #telecomix at the time of writing this) are the differences of its members. We often disagree on a lot of topics, but that’s not a problem, we’re in a doocracy and if I want something to be done, I just need to do it myself. And we have a lot to learn from the ones that are different.

Living with people that shares your ideal, and all your opinion, is boring. We had some crisis, and we’ll have more of them because that’s how a chaotic and unplanned system should grow.

Execute

And we have no plan. We have no agenda. We have some back channel that exist mainly for technical purposes. Those purposes includes shouting your rage about someone, hopping that someone will get agree with you, finding that you’re alone and that you’re an asshole and a bastard and then just calm down, find the /ignore command again, and going back to normality mumbling some things about cthulluh returns or equivalent.

The thing is, I perceive Telecomix as an idea. A powerful, always changing one. Or as a virtual bar, where you’ll have free virtual drinks, served by nice-looking waiter, waitress and octopus, all being virtual. But you’ve got the point. Or not. I do not care.

I’m not sure I’ve been anywhere with that, but I think I’ve enjoyed writting it. That makes me wonder if you’ll have fun reading it. Not sure it makes sense.

Let’s git push this for the sake of it.

Companies and hacktivism

Companies and hacktivism

Google’s case

On the 12nd of March, I was at the Cyber-censorship event organized by RWB and sponsored by Google. There was a nice panel after that, with a lot of activists from Belaruss, Egypt, Tunisia and Syria among others. And, well, could not restrain myself, but I’ve expressed some worries about Google, Skype and others companies providing tools used by activists to communicate and about the lack of openness of them.

The Google representative that was there answered briefly that

"[He] do not understand the criticism about the lack of openness of Youtube, everyone can access it".

Well, that’s not true. For instance, tehre’s a video posted by Fhimt.com was locally censored for no apparent reason (the story is on reflets.info). And that’s only one case. I’ve got another one of an allegedly leaked video of torture of syrian that is ‘not available’ (but given the numbers of views and other thing, it was available), and while building the TBS I saw that about twenty videos we once got in the past, are not available anymore.

So, yeah, youtube.com is available in most part of the world. But not the content of it, and Google gives no reason of the specifics (except for ‘copyright claims’), they give no guarantee that anything that is available now, will be available tomorrow.

Worst, when reading their terms of use they restrain the avaibility of the contents to the only authorized Google apps (youtube.com being one), that means that, yes TBS is violating the clause 4.C and H of the terms of use:

You agree not to access Content through any technology or means other than the video playback pages of the Service itself, the Embeddable Player, or other explicitly authorized means YouTube may designate.

You agree not to use or launch any automated system, including without limitation, "robots," "spiders," or "offline readers," that accesses the Service in a manner that sends more request messages to the YouTube servers in a given period of time than a human can reasonably produce in the same period by using a conventional on-line web browser. Notwithstanding the foregoing, YouTube grants the operators of public search engines permission to use spiders to copy materials from the site for the sole purpose of and solely to the extent necessary for creating publicly available searchable indices of the materials, but not caches or archives of such materials. YouTube reserves the right to revoke these exceptions either generally or in specific cases. You agree not to collect or harvest any personally identifiable information, including account names, from the Service, nor to use the communication systems provided by the Service (e.g., comments, email) for any commercial solicitation purposes. You agree not to solicit, for commercial purposes, any users of the Service with respect to their Content.

So, it means that, everything that is on youtube is subject to the good will of Google. If they decide for one reason or another that you must not see a content on youtube, then they will destroy it and you have no legal way to make an archive of it. Not without a commercial agreement.

Hence, the youtube services is, indeed, free of charge and accessible. But it is not free at all, because you cannot do a lot of things with it.

I mean, Google could be an amazing archiving tool, they have an insane amount of data at end, and they could archive them, providing to the citizens that content on Google (email, video, docs, search results, whatever) will always be available using, for instance, documented and free standard. But they aren’t and they won’t.

They won’t because, besides what Google can say, they are a company. And the only goal of a company is to earn a big pile of cash. They can have an ethics, they can pretend their going social, whatever. In the end, what will dictates their move is the quantity of money they will have at the end of the month.

That’s why they moved in China, despite the censorship over there. They saw 300 millions people that can use Google, that’s 300 millions people that can be submitted to compartmental analysis to serve theme efficiently targeted advertisement (which is the Google job).

Google is not about freedom of information, so they accepted a partial censorship from China authority. Then, they discovered they where targeted by a huge attack, the Aurora attack, probably commanded by China’s authority to go after some intellectual property of Google, so they went out.

They didn’t move because their tool was censored. They moved because their business was under attack. They’ve done some PR move about the China being uncooperative, violating their property (no shit?) and forcing them to do insane censorship (oh, really? So, you’re not censoring yourselves?) and then they moved to Hong Kong, acting like the good guys.

The good guys will have stay there, will have disobey and will have provided activists there online tool to preserve their anonymity and their security, fighting the laws and regulation of the Chinese government.

The Skype case

Skype is even worse. Even without being now a Microsoft product, Skype is designed on closed and obfuscated protocols that are designed to go through most of the firewall on both side of the call. The utility allow for Desktop Sharing that grants execution on distant host, your address book is stored somewhere, the cryptography is based on secret algorithm not documented anywhere, so it is Security through obscurity which is as bad as no security (even worse, because it gives a false feeling of security).

The only strength of Skype is to have a good marketing team, and to be available on whatever platform you can think about (the free of charge thing is the same for all VoIP providers).

One big problem with Skype, is the auto-update thing. It is used a lot to deploy malware, notably in Syria where activists get killed for organized themselves (so, yes, a government using such malware can now the people you’re calling and can arrest you and them, alongside with their friend and families). I’m not saying Skype is collaborating with government, just that a closed proprietary software that will get installed on all the computers, that can install things on his own without warning users, that can get through all firewall and that do things in your back is called a trojan over here.

Worst, now Microsoft bought Skype. And Microsoft have a lot of patents. There is one that need all your attention right now. The patent 2010153809 labelled ‘Legal Intercept‘. So, in short, Microsoft as patented the technology required to give any government the capability to intercept any communication using one of their software. Most of the government now have law to authorize such things. There was law for that in classic-phone system, as long as on GSM, and I always thought it’s legal for them to intercept any communication they need to build a case against you as long as the legal system allow them (and it will). The thing with Skype is, it was supposed to be end to end encrypted, so, mainly, the snoopers cannot have a verbatim of the talk.

With this patent, however, Microsoft is telling that any government can now intercept communication in Skype. So, basically, anyone who have access to the Microsoft tool for lawful intercept can now intercept Skype communication. So, the encryption is now broke and will never be recoverable.

The weird thing is that the Syrian government, for instance, has law that grants him access to spy on its people. With this kind of patent, they do not even need DPI and hackers tobreak it, just to ask Microsoft to give them the key of the system.

Facebook Google, Twitter and the One identity problem

As I saod before, most of the website you use have only one goal: serves you with the data they want you to access (because they’re paid for that), not the one you want. And, for this to be efficient, they need to know you in a lot of details.

They do not care about you having a pseudonym or a real name (except for Facebook). What they do care about is the fact that you must have only one name. They need it, because they wants to track you everywhere you go to build of profile of you they can sell to whoever pays for it (or access their data using more creative way).

For instance, Google has changed their Privacy Policy, requiring that you use only one account for all their services (and that all of those services will share data with all the services). So, youtube will now about what you wrote on gmail and what’s on your blog (if you use blogger).

Facebook, and its ‘like’ button is even worse. If you’ve got a facebook cookie in your browser (which, if you have a facebook account, is the case) and even if you’re disconnected, the simple fact of loading the ‘like’ button (which is a script) will tell it to facebook.

Twitter is now selling your public tweets (and all the informations associated to each tweet, including localisation if it’s active). I still do not understand who will buy something that is already free because it’s public, so I suppose they, in fact, sell analysis and profile that match some criteria to target them with advertisement. Or by selling them to a governmental agency that is willing to pay to watch their citizen. Don’t think it’s not the case, government are spending a huge amount of money on CCTV camera and other way of spying on their people.

So what?

The thing is that those company have product almost in every country, their product is free of charge because the users are the product, but still, you have it every where. They can live with insane traffic, they’re translated in the much common languages, they are easy to use, multi-platform and idiot-proof. And that’s why people uses them to share pictures of their sex life or of their last trip to Vietnam, to share videos of riots and uprising or about clever cats playing on a keyboard, to harass underage girls or to share an amazing animation clip.

Those tools are everywhere because they are big, they’ve made internet popular, they’re in part responsible for the development of those smart-phones and of the eradication of the dumb-phones.

And given that, and the fact that the last websites you will access in case of crisis are Google, Facebook and Twitter while news sites will be closed to protect the government, activists can and will uses them. And some of them will get killed for this, because those website do not provides way of communication that are really anonymous.

Google told they’re making an effort to be as ethical as possible. If they really was, they’ll open the code they use on their servers, they’ll open and disclose their algorithm, they’ll provide way of enjoying fully their services without building a profile.

Surely, they’ll earn less money. But they will still earn some. Plus, some people should have remain alive and free instead of being jailed for having uploaded content on facebook or Google.