Fear

I plead guilty. I used to use fear as a tool to try to seed concern in people mind when I was explaining why it is needed to use cryptography on the internet (and elsewhere as well).

The thing is, fear is an extremely powerful feeling. I think it's rooted somewhere in the evolutionary process, I don't think there's species who don't know fear (and if it were they either are sharks or have since then disappeared, eaten by things they should have fear).

And it's not one you should use to make people do things. If you use fear to try motivate people, they will be stressed, and some of them will panic (we do not answer rationally to stress and fear) and will run away, screaming in despair, spreading the fear like an arson jumps from trees to trees and finally destroying the whole forest.

By using fear, people who will do what you're saying, won't do it because they feel it will improve them, they will do something because they have no choice. And if they can run away from it, they will just do it and will avoid to - for instance - use the internet.

Developing fear into people, is the best way to get the worst out of them, this is exactly the mechanism developed by fascist to gain power, and you know that since Star Wars:

Fear is the path to the darknet. Fear leads to anger. Anger leads to hate. Hate leads to suffering. - Yoda

And since fear is irrational, it doesn't help people to understand how things works. That's exactly what states (nation or corporate) are doing now with the Cyberwar, the Darknet and all the creepy stuff.

It enables the states to plant uncertainty (and doubt) in the mind of people, to make them unable to understand how things works, and then to control them (people are now afraid of opening stuff to understand how they work).

I once thought it was possible to use a little bit of fear to raise consciousness into people mind, but it's like firing up a match in a gasoline tank, even if you're careful, in the end, it will blow up.

Death on the internet

We were discussing the issue with @microouvert the other day - she says I'm now on the cuddle bear sides. We hear a lot of things about the NSA/GCHQ/DGSI/FSB/insert any new acronyms I might forget here, and the way they do surveillance.

We hear a lot about the surveillance (and then control, and restriction of liberties) made by GAFA members, less than the NSA thing but still. The thing is, it's not the issue at hand.

You won't fight spying by using fear. I've noted two different behaviour when trying to "warn" (and scare) people about the danger of mass surveillance. Either people go for the "Nothing to hide" stance, or they go for the "Jumping into a bunker and wait for the world's end" stance. None of them is good.

The issue we ave to manage, and the only way we can find to dismantle the mass surveillance, is by fixing society. And you fix society by empowering people, not by giving them tool they don't understand, and don't know what to do with.

In most of the cases, the fact that Google, the DGSI, or your neighbour is spying on you is not a matter of life and death. Most people are not field activists, journalists, hackers, or other - sadly - risky activities to do. Most people just keep on with their life, doing the extraordinary things they doing every day. They do not need to be scared by global surveillance, they already have a lot of thing on their mind to manage.

I'm not saying that global surveillance society is not scary. It is, and it keeps me up at night. We need to fight it but we can only fight it by a social change.

I mean, I've looked through some toys shop recently (yeah, something about Unixmas) and there's more and more spy tools. There's more and more stalker apps on both Android and Apple store (while you still can't access porn on the second). Spying your neighbors, your partners or your kids is hype, fun and cool.

This is way more worrying than the fact that NSA is spying on French citizens. The acceptance that it's normal to invade the privacy of other is an issue. And when you protect yourself from that, you are a freak, you're an outcast of the society.

It's not a political change that we need. I don't believe a political change will happen soon, and will do any good. We need a social change. We need people to empower themselves and discover that internet is a great tool to organise.

Internet isn't about surveillance

Internet is about communication. And organisation. That's what we need to tell to the world.

Surveillance is, basically the gathering, storage and analysis of human activities - data and metadata. This is not what internet is doing. Internet is doing one thing: packet switching, which is carrying a message from a point A to a point B.

The storage does not happens on Internet, it happens at the fringe of internet: on your computer, in some datacenters, or elsewhere. But Internet does not maintain a databases with all the packets ever created.

Internet is about communication, and organisation. It enables people to benefits of different way of organisation since it provides different way of communication, and communication is what we - social animals - are doing to thrive, live and survive.

This is the thing we need to teach to people. That they should not worry about internet because internet is not actually spying on them. It's helping them to communicate, to organise, to reach out.

And that's something all people are doing. Either they want to organize a family meal, a party or a riot, they are organising things. And they're doing it using social networks, improving they're social network. Ok it's on facebook, twitter, Google+ or whatever spying agency tool provided to them.

What we need, is to open the eyes of the internet consumers to turn them in internet actors. What we need, is to reassure them, and guide them through the early step of understanding what is internet and how it works. What we need is disassemble the toxic memes of surveillance, cyber-insecurity and Darknet - which isn't about encryption, but about opposing the dirty internet to the good internet.

And you can't do that by using fear. You need to light a spark in the mind of people, not to burn them alive in fear. We don't need "Told you so", or "Paranoiac" stance - I'm not saying that you should use some caution, just that most of people don't need it.

So, stop saying there's some danger on the internet. It's a lie. There's only IP packets on the internet. Everything else is in our society. And we need to change it.

And yes, I'm turning to the optimistic cuddle bears from the intertubes team. It will allow we to do some memetic warfare in a more efficient way.

Welcome to searx

You might have noticed some change on my seeks node since it's not a seeks node anymore, but instead it's a searx node.

Searx is a project started by asciimoo after Taziden gave a talk at Camp zer0 about going forward with seeks and opening it up to a wider base of developper.

The idea is that seeks ‑ currently written in hardcore C++ ‑ is a prototype and an exploratory project about search and decentralization of search, and that we can now build almost from scratch a search engine which will implement the concept behind seeks but in a more developper friendly way, for instance in python.

We already had a lot of discussion with people hanging on #seeks@irc.freenode.net about this and, technically, there's two tool to develop. An easily extensible metasearch engine which will feed a DHT of result shared with different nodes.

And then asciimoo wrote searx, a meta search engine, easily extensible. Now, we "just" have to connect it to a DHT. But I'll save that for later.

So, how did I installed it? I've fought a little bit with uwsgi and nginx, but now it works. Here's how:

Setup

Getting the code, the dependencies and everything else

Create a searx user for it's a good practice (don't run things as root) and do some git cloning and virtualise you're environment. Oh, before I forgot, I'm running a debian stable and I try to keep the distribution clean (so no pip install outside of virtualenv)

cd /usr/local
git clone https://github.com/asciimoo/searx.git
chown searx:searx -R /usr/local/searx
cd /usr/local/searx
virtualenv searx-ve
. searx-ve/bin/activate/

Now, you have a running virtual environnement in ''/usr/local/searx/searx-ve'' and the code in the parent directory. You need to install some dependencies, so launch that command and go get a cup of coffee.

pip install -r requirements.txt

Now, the code is alive. You can test it by running the flask instance:

python searx/webapp.py

And you can proxy requests to ''http://localhost:8888'' from your favorite webserver. It works.

Uwsgi

Since it's not daemonized, and you've got only one worker, I wanted to have something more maintainable. So I needed something like uwsgi (or gunicorn, or whatever) to run the apps right from nginx.

Since debian splitted uwsgi config in a lot of modules, don't forget to install python module (I was stuck with that a lot). So, let's install uwsgi and required dependencies.

apt-get install uwsgi uwsgi-plugin-python

Next step is to create an app. In debian, uwsgi has the same apps-{available,enabled} file structure than on nginx or apache. Here' my config file for searx:

vim /etc/uwsgi/apps-available/searx.ini

[uwsgi]
# Who will run the code
uid = searx
gid = searx

# Number of workers
workers = 4

# The right granted on the created socket
chmod-socket = 666

# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python

# Application base folder
base = /usr/local/searx

# Module to import
module = searx.webapp

# Virtualenv and python path
virtualenv = /usr/local/searx/searx-ve/
pythonpath = /usr/local/searx/
chdir = /usr/local/searx/searx/

# The variable holding flask application
callable = app

Once that's done, symlink this file in apps-enabled and start uwsgi.

cd /etc/uwsgi/apps-enabled
ln -s ../apps-available/searx.ini
/etc/init.d/uwsgi start

By default, the socket used by uwsgi will be in ''/run/uwsgi/ap/searx/socket''. This is where nginx will chat with uwsgi.

Nginx

Hard part is done, if you already have nginx installed, just use yet another vhost.

vim /etc/nginx/sites-available/searx

server {
    listen 80;
    server_name searx.example.com;
    root /usr/local/searx

    location / {
            include uwsgi_params;
            uwsgi_pass unix:/run/uwsgi/app/searx/socket;
    }
}

Then activate the newly created sites and restart nginx.

ln -s /etc/nginx/sites-{enabled,available}/searx
/etc/init.d/nginx restart

And go visit searx.example.com or whatever your FQDN is) on port 80, it would works.

I suggest you to install some SSL? but it's beyond the scope of this tutorial.

Have fun.

Context

Finally, the French governement is going to react to the NSA mass spying. Just after the first article published by Le Monde (there might be a paywall). Technically, it's nothing really new since we've read the same for Mexico, England and Germany those last days - use your search-engine fu to find related articles.

Oddly enough, 6 month after the first revelations, the French Foreign Ministry has summoned immediatly the NSA^WUS ambassador to talk about it. AT the time I'm writing this, the results of the meetings are not yet public (and I don't even know if the US Ambassador will answers at all) but, in the end, nothing will change.

Also, we currently have, in France, yet another debate around yet another expulsion of yet another school girl (directly from school) and a lot of discontent about or Ministry of Interior. I'm not thinking the summoning of the US ambassador is done only to try to heave people forgetting about this issue, but the timing is troubling.

First, the obvious - Why do the NSA is spying on French

This is the first time that a national newspaper of broad audience (Le Monde) is directly releasing and analysing Snowden's document. Before today, it was only comment and translations of foreign newspaper and some analysis done by smaller press apparel.

Le Monde is used to do this kind of release since it was the partner of Wikileaks for the CableGate and, at least parts of, the Warlog. And they've got a lot of attention when they did that, so I suppose that this article, and the apparently starting collaboration between Snowden's news agency and Le Monde, is starting to gather political momentum.

And the french governement is craving for achievments. There's a lot of miscontent right now - not enough to pull people in the streets, but enough to increase the extrem right wings voter pool - and they might want to do something good. Political momentum from NSA scandal might be the good one to convert into good reputation.

However, they always seems to discover the fact that the NSA had spies on French citizens and officials. They know it since, at least, June and I won't admit that they didn't had strong suspicion before that. This is just something they're doing to occupy the news space, and try to divert people from ongoing issues - hate speech, immigration, economic situation, jobs issues, pick one or many of them and you can even add to the list.

Friends and foes

NSA says they're spying on anyone to find terrorists. So, it means that:

1. They do not trust us and think that there's a risk big enough to have a terrorist-strike on the US soil coming from the french soil. If that's the case, it means they do not trust their allies. So why are we even part of NATO?
2. They trust us, but they think our own spying services are lame. I can get it, but then, since we're allies, they're probably sharing intel with us. As they're doing with the UK secret services: GCHQ (GCHQ seems to be the NSA's reach in EU).
3. It's not about terrorism, or a risk of war. Then it's mainly an economic issue and the NSA uses its powers to take over some market for the benfits of US companies - the ones who works with the NSA.

The economic angle

The economic angle is something interesting. In the french IT industries, we have mainly two actors favored by the state. Former State companies - France Telecom aka Orange, Bull but it was a failure, etc - and big names well established - and for the computer stuff it will be US companies.

One single example is quite interesting. Since France is part of NATO, we must comply to some interoperability on different levels such as ammunitions, information system and managemenbt and strategies.

I like the ammunition aprt, because it explains well what interoperability is. The NATO calibers are standards. And if you want to have your rifles, guns, rocket laucnhers, whatever approved and used on NATO battelfields, you must be able to fire them.

It doesn't means you must use the Colt's M16, just that you're own rifle must be able o fire the NATO ammos. In France we use the FAMAS (French automatic Rifle), the US use the M-16. That's interoperability.

For the information management, NATO requires the sale level of interoperability. You must be able to send and receives data to and from any NATO system. The US used their own version of Microsoft Windows Hardened for their specifid needs.

The France use the Bull system. No, it's a joke. Mouhamar Khadafi use the Bull/AMESYS system we sold him. We prefer using the Microsoft system for our critical infrastructure whoch is the army. We're able to manufactures great tools and weapons and we can even sold them to dictators without blinking, but for our own needs, we'd rather relies on the armed arm of the NSA: Microsoft. The Open Bar contract has been exposed in Avril 2013, just some month before the Snowden revelations.

And we now know that Microsoft is a big part of Prism since the 9/11/2007. The fact that the french military's head didn't even thought about it is an issue. And I would suspect Microsoft to have used the NSA to spy and influence the deal.

The strategic angle a.k.a they do not trust us

In the diplomatic game, you can't really rely only on the good behavious of your allies. Especially since allies or your allies can be your ennemies. For instance, Turkey is an ally of the US since it's part of NATO. But I'm not sure all the Turkey's allies are allies of the US.

Same goes for Pakistan.

So, a paranoid and schyzophrenic state like the US is spying on its allies. That's standard diplomatic procedures, and that's what embassies are for. However, in this specific cases, the NSA is going way further than a simple state spying. They're spying everyone - I mean, we're talking of about 7M phone calls from France in a month - that's a lot.

Also, France has been criticizing the US on some key political and foreign issues such as Iraqi intervention, and the US stance toward the whole Israel/Palestinian SNAFU. So, they might be interested on some data, and since we host some movment which threatens US interests, they woudl suspect that France can host the next team for a suicide bombing toward US interests. That's why they would want to spy on the French citizens.

The interesting part of it is: did the French government benefited of it? Or any other governement. Or companies. For now, there's nothing in the documents leaked by Snowden that would give us a solid proof for that.

They knew it

I really think that the french government knew it and benefited from the NSA mass surveillance program. But, before jumping to this conclusion, we need to ellaborate a little bit on how it works.

The presentation in Le Monde, highlight a fact a lot of people forget about. When routing on the internet, you're not going through the physical shortest route, but through the most efficient one.

I'm going for an analogy for those of you who do not know what routing is. If I want to go from Lyon to Bordeau by car, I can take the shortest path, made of - at best - national roads. You're going to go accross a ot of villages, and smallest road. Or you can go through the fast highway. It will cost you some kilometers (and money, but that's not the point) because there's some kind of mountain in between, but you'll arrive faster.

That's the same thing for internet. The physical shortes path, is probably not the one you're going to use. For instance for going from Latin America to Africa, the direct route is to jump to Europe (5Gbps) then to Africa (343Gbps), but in fact, you're probably gonna do one more hop through US & Canada (2.918 Gbps), then Europe (4.972Gbps) and then Africa. Way more faster, way more efficient.

If you want more data, have a look at Telegeography it's full of maps and data about the internet and telecomunication infrastructures.

Peer to beer?

Another thing are peering agreements. Peering agreements are what makes internet. It's an agreement between two exchange node ran by companies or other organisations - let's call them A and B. This agreement, determines how the traffic coming from the network A to the network B and vice-versa will be managed and paid. In most of the case, fair peering (which is: since traffic coming from A to B or from B to A are more or less equals or because both network will benefit from it, let's peer for free), more info about Peering can be found on the Internet, but globally it's an economic interest.

And it's been, in France at least, a long-raging battle between all of the operators. For instance, France Telecom vs COGENT back in 2005 FT cut their peering with Cogent, in 2003 it's a battle between France Telecom and Free, SFR and OVH battled around 2011 and a battle between Free vs Google is still raging as of today (and it's standing for a long time).

Also, and a funnier part when you look at it with this NSA angle, is that we have here the ARCEP - an equivalent of the US FCC - which is in charge to regulate and document the Telecommunication infrastructure. In 2012, they tried to force each party involved with peering in France to document their formal agreement of peering - Owni did a great piece about it - and what's fun was that, in fine, Verizon refused to collaborate with the state because it was too much of work. The very same Verizon who gave full access to its infrastructure to the NSA.

So, peering was done, back in the time, by private companies and by a public one. France Telecom (which then became Itineris, Wanadoo and Orange for its ISP part). They were building physical infrastructure with public money and were interconnecting it with US and UK infrastructure. I won't believe that noone there suspected or saw anything like some weird and unauthorized traffic coming through their equipment, especially since the french intelligence services must have put some things in place to protect themselves and to spy on the people and other states.

Especially since most of the interconnexion toward Africa has been done by french industrial (such as Alcatel Lucent, a US-French consortium, but more on them later). There's also a big road to middle-east going through Europe and Germany in particular (that's why routing to and from Syria often transit through Germany Exchange node - Info from 2007)

However, the french net-isolationism (especillay the will of the local companies to push for their product and to refuse to peer with their US counterpart) has favored emergence of the Uk, DE and NL Exchange. Have a look at this map and you'll note that France is quite low on the Exchange Node values, and datas found on Wikipedia don't show the France as a big peering country.

Complacency

But who's building those system? It appears that the previously mentionned Alcatel Lucent company is a good one. Have a look at the BlueCabinet wiki to understand why. They're providing submarines cables, infrastructures to 130 countries - including Burma and China - they're a mix between french and US interests and they're involved in a lot of French and European infrastructure.

So, if the NSA is collecting data going through France and given that a big part of the interconnection infrastructure in France uses at least a part of Alcatel-Lucent technology and that trans-atlantic cables are at least partially deployed by the US-French consortium, you really think the french secret services would have ignored that the NSA will use and deploy tools to spy on us? Especially when the states add shares into this Company? It's exactly the same issue when Frecnh governement claims they didn't knew about Amesys solding arms of mass surveillance to Lybia. They're lying.

You would argue that those tools don't need to be deployed on the french soil, they need to be deployed in main Exchange node like in UK, NL or DE. And US also. But it does not cover the landline wiretapping exposed by Le Monde today. So, they have a tap inside the network on the french soil - because the cheapest route on phone network between France and France is to route through France. And since most of it has been deployed by public companies, or subsides of french public companies, or subsides of governmental and military contractor, they know about it.

Because if they do not, it is extremely worrying. It means that any foreign power can come in, wiretap our whole infrastructure and uses it against us without our knowledge. And that's something I can't rationalize enough to admit it as true. It can be done - and it has probably be done - for some specific wiretap and people, but not on a scale of 7.4M of phone calls a month. At least the trafic generated by the leak of data must have been noticed.

Now, let's admit that french secret servcies knew about it. Why keep it secret then? An international scandal could profit for the state and could have lead to a stronger foreign policy and a bit more of defiance toward the US. It would have help defeat things like ACTA or the incoming TIPP, just because EU governement would have been suspicious enough, and it would have increased the power of France and developped for a better diplomatic situation reagrding the rest of the world.

They knew it, and they didn't used that knowledge to gain power over the US and to empower themselves? From people whose job is to use information to take over other interests, they would have done a poor job.

So, they might have something to gain by keeping it silent. I would go for access to the data. Our national intelligence backbone is not as good as the UK or the US ones (see the reports about Thalès interception platform) and is essentially directed toward phone calls - we have a long history of illegal wiretapping used as political scandal and it didn't lead to any change in the way wiretapping has been done since then.

I really think there is both cooperation and defiance into this spying affair between the NSA and French intelligence services. I also suspect that most of the intelligence services works in defiance of there own governement and in cooperation with both foreign intelligence services and companies.

And now what?

Nothing. Since everyone except citizens is wining on this mutual sharing of mass surveillance system informel deal I do not except things to change in a short term.

However, there is some good news. First, peering deals, and a lot of the necessary system to maintain internet, are out of reach of the different governement. The informal way that governs them doesn't helps for regulation and controls by governement (that's why they seek for it). You still have to keep your data out of big datacenter, but that's not that hard (have a look at yunohost for hosting most of your data) the social networking part is the biggest and hardest one I think - alongside with search engine, but at least you have duckduckgo.

Second, a lot of governement, starting by South American one are really upsets and are starting to act. The Internet Governance summit held recently in Brazil also gave some hopes about the Internet still staying out of control. I'm not sure it will be followed by impact, because the NSA spying is possible due to some key infrastructures issues, but it's a start.

I'm quite disapointed that the EU didn't follow the Brazil on this, since we have some good infrastructure and technologies to help. But then again, I do not think those US/EU commercial agreement will cease for the benefits of citizens or sovereignity they have too much industrial and bank pressure on them.

But as always, nothing will come from the politicians. They must knew about the NSA spying in France and they even collaborate or they're dangerously incompetent. They benefit from it because it's a coercion measure (the same way CCTV cams are) and industrial groups earns money doing it. Even if they o have gag orders. They would have been motivated for your privacy, they would have fight those gag orders.

And that's why nothing new will emerge from this meeting between the french foreign ministry and the - currently in shutdown - US embassy.

The issue at hand

Recently I've worked a lot on adding content to the TBS by parsing the intertubes auto magically. Fr instance, I have a tumblr and a twitter parser who allows me to gather data (especially in Egypt for instance). Even if those parsers are stupid, they works.

Another one I wante dto add, is the bambuser one. It's a streaming services used a lot by people in Middle East to broadcast covergae of protests. The Bambuer team is great, they already provided us an API key for the first versions of the TBS, but they mainly use flv format for videos.

And I want the TBS to be without flash, so it means HTML5 formats, and there's three of them: OGG (.ogv), WebM (.webm) and MP4 (.mp4). FLV is neither of those one.

I usually used to transcode them as a celery tasks, righ on the TBS, but the bambuser parsers gaves me 223 videos to transcode, and given my current configuration, and the CPU power needed to transcode from flv to ogv - it actually can take more than 4 days per video - I was stuck.

Also, since I don't have a lot of CPU cores, I had only one celery worker, so the broadcast wasn't updating itself, which was a shame.

Distribute work

So, the solution is to not transcode those videos myself. And that's were you can help. I've wrote a little webservice, using tastypie RESTFull API.

The principle is simple, you ask for a job, download the flv vids from my server, transcode it in one of the three HTML5 video format, md5sum it, put it somewhere I can retrieve it (a publicly accessible http/https server will be good) and then PUT me an update.

See? Simple.

SO, let's get into the dirty details.

First, you ask for a job to do by hitting this link: https://broadcast.telecomix.org/tsc/v1/jobs/todo/?format=json

It will answers you with a job to do:

{
  "objects": [
    {
      "id": 399,
      "md5sum": "dce2d12c90cfef2c78b6c5bde98b4c2c",
      "resource_uri": "/tsc/v1/jobs/399/",
      "start_time": "2013-09-18T16:16:32.587953",
      "state": "p",
      "token": "u5d98hOslRQbMJRVtCl6ocLzX5xeCFbneij75Y8j",
      "uri": "https://broadcast.telecomix.org//media//8695.flv"
    }
  ]
}

id: is the id of the job. md5sum: is the checksum of the file you need to transcode resource_uri: the URI you can use to check the details of the job (appends it behind https://boradcast.telecomix.org) . It's also where you're going to need to put stuff into, after you've done the job. start_time: is the time at which the jobs has been created. usuallay, you should have the oldest one to do. state: give you the current state of the job. It's p in this case, because the job is in Progress (since you're going to do it) token: it's the token associated to this job ID, and it's how I'll fight spam. If you do'nt have the job ID and the token, then you can't PUT anything. uri: is the absolute URI of the file I need you to transcode. Just GET this file.

And that's all. You can now transcode the file. For the sake of giving an example, I'm generally using ffmpeg and I invoke it like that:

ffmpeg -i input_file.flv output_file.ogv

It's enough, but if you're a ffmpeg Guru, you can probably find better ways. I try to stay as close as possible from the original format (in size especially), but a 320x240 size shoudl be enough if you really need a size.

I tend to prefer ogv over webm and mp4, for it's the most free codecs of the three, but do what you think is best I can manage the 3 of them.

Once you're done, send me a PUT on the resource_uri using only three args.

Technically, add the 'Content-type: application/json' header to your query. And the body needs to be a JSON formatted content, with only those three fields:

{
    'md5sum': "The md5 hexdigest hash of your transcoded file",
    'token': "The token associated to the job",
    'uri': "the URL whee I can get the file you transcoded"
}

Every other field, will leed to an error.

Once I got the PULL request, I'm going to GET your file. It would be nice to give me the 'Content-type' header associated to the file. In fact, if it's not one of 'video/ogg', 'video/webm', 'video/mp4' then, I'll drop the file and will reinitialise the job for someone else to do it. So, please, set-up your webserver accordingly.

And once it's done, you can get back to /todo and start another job.

If no more jobs are available, you'll get a 404. Then wait for some time (days or hours) for new jobs to transcode.

And a wild client appears

I was working with CapsLock at night to bootsrap a client to automagically do all the stuff.

You'll need ffmpeg − and, it seems you need to have a more recent than the one in Debian − and some basic python tools to run it.

Then just:

git clone https://git.legeox.net/capslock/tbs-client.git

And then run it using python in a classical fashion.

Neat, isn't it? Now, you have no excuse for not helping to transcode the datalove.

If you have any questions, just ping me.

Thank for your help, your cores and your bandwidth. Datalove uppon you.

-- UPDATE [2013/09/21]: One of teh field needed for the PUT (namely hash was wrong) UPDATE2 [2013/09/21]: Add the git repo for the client

[UPDATE: 2012/08/23 - Barbayellow translates their posts in english]

Context

Yesterday, I wrote this piece and Barbayellow, friend of mine and who happens to works for Reporters Without Borders, replied with this post

Basically he says that internet's not dead, it's just the hacktivists who are tired of fighting. I recommend you to read the whole posts, it's probably a bit subtler than that.

So, now, I'll answer and will do a less melodaramtic post I think.

Internet as we knew it

When I'm saying that internet is dying, it's the internet as we knew it. The ones that grants people, corporations and states to communicate freely, without the fear to be harmed for their opinion.

It's not the internet as it's in China (which is not Internet by the way, it's more a different network which some limited connectivity to the intertube) or in Iran or elsewhere.

The internet is just cables, with kittens inside carrying packets between computers. Basically, there's nothing inside of it, no content save for the kittens and the packets they're carrying around is inside the internet, it's just on computers connected to the cat system.

The internt, as it used to be, is a multipeer to multipeer multidirecctional communication system. It grants all things connected to the Internet to exchange freely cats and packets at no costs (besides the facts that if we give you a kitten in transit and it's not for you, you'll pass along until it find it's recipient).

The internet is then a wonderfull tool for news addict, trolls, kittens lovers, citizens who needs a way to organize themselves out of the street ( because the streets are monitored and a more dangerous place than the internet), social organisations of all kinds benefits from this.

This is internet. Internet is neither Google, nor Facebook, nor any other form of government. Those are just things connected onto the internet and who produces and eats a lot of kittens (yeah, kittens are eaten when they land on your computer).

All was good, kittens were purring into the internet, and we loived them and cares for them. The only thing we forgot at this time was that any who can stare at a kitten, can see the packet he's carrying. And then decides to shot him death or not, depending on the content of the packet.

That's when the net neutrality was endangered.

The answer was blatantly simple: math. Using math, we can do cryptography and, cryptography is just packing every packet in a Unicron suit. All the packet then looks the same and kittens are now carrying unicorn around.

The governement, who were not able to mass murder kittens, decided that cryptography was a tool that only good people - which means them - would be able to use, letting bad people - you - using old packet system while they were going to use kittens.

Cypehrpunks - big Unicorns fan - decided that the cryptofascism was to be fighted and opposed Exportation law on cryptosystems. Phil Zimmeerman wrote PGP at this time for this specific reason: grants anyone the possibility to benefits from cryptography and to protect it's privacy - as well as sending cats carrying unicorns which is cool.

And that was the status-quo for a time. Governement and corporations benefited from the works written by cypherpunks, and were counting on the fact that few people likes unicorns and won't use the cryptography.

The web 2.0 bullshit and the cyberthreats meme

What really threatens the internet is the web 2.0 bullshit. The meme around that over-centralisation of each pieces of data in few places to create a big data environnment with savvy web services are dangerous.

Not because of the creation of those data (rememebre, more data, more kittens and kittens are cool), it was the centralisation of those data. It started slowly, with the homepage trand and then the blogosphere thing. Search engine and the host anything in da kloug.

A lot of money has been spent on this, not overnight but over a decade (and this is a small amountg of time for a slow moving thing that are governement). New buildings has been built, we have been sold assymetric access to the internet, to avoid citizens to hosts themselves the content, zetabytes storage systems now exists and dreamers and cypherpunks has been painted as bad people - antisocial peopl who will destroy the world just because they can.

Which is weird because cypherpunks are free software adept, they wnat to share as most as they can and this is specifically what a society is about (exchange). And that's what internet could have been.

The other worrying meme, and a little more recent one, is the cyberwarfare one. It's a meme stating that it's perfectly normal that criticial systems such as nuclear power plant be connected to internet and that, given that fact, there is a riskq that someone find a flaw and exploit it to destroy the power plant (the flaw exist, each and every system have at least one).

So, everything on the web 2.0 is now centralised, authentified and must be monitored becasue, you know, someone might destroy the world using it's knowledge.

This is where we are now. The leaks about NSA aren't new, we knew that - and assumes that was true - for a while (Echelon, Karnivor, stuff like that already leaked in public). There's some computers who copy every kittens they foudn and store the packet if there's no unicorn.

And, if there's a unicorn, they keep it for a later use, when math will advance and makes all those unicorn suits vulnerable (believe me, this day will come, have a look over here if you want).

They also tortures kittens to have access to metadata (where the kitten where born, where it would have dies, at which time, does he have siblings, stuff like that).

Some governement tooks extra steps and shots kittens who embed unicrons on sight (that's why we can disguise unicorn as a regular packet, that's steganography).

Governement founds that this kittens torture business is good for them, they secretly deployed it and are using it since then, trying to sorts the good citizens from the bad ones.

Cryptoanarchy in the tubes

The thing about Internet being dead is just that. The old internet, decentralized, neutral, with cryptograpohy everywhere is now dead. Transit operators works with governement who tries to protect themselves from the citizens (instead of protecting the citizens).

Yes, you can use strong cryptography. You should do it. But it will be efficient until a certain point. As long as you crave for centralised services, the strong cryptography is useless - you just need to asks Facebook your lifestream to see that.

Yes, some organisation, and some people who are aware of those issues can use the strong encryption systems but, teh governements keeps those data, waiting for a breakthrough that would makes it useless and will grant the governement way of using what you then wrote against you.

Yes, some people still maintain strong crypto aware servcies for activists, and you should try to set some up. It will takes you time and money to get it done. Also, government will prosecute and intimidates you, trying to send you in jail for a long time.

So yes, the free and neutral internet is dying. We now have a neo feudal system that looks like internet. Yes, people with special needs are still able to use internet with huge cryptosystems. Unicorn haven't disappearred and kittens do flow, but it's still costly. And it's a cost that few people will pay. And the wealth and interest of Internet lies in the user, their differences, the thing they share. If there's no one on internet, then you have no internet.

And with the social stigma of not being on Facebook (for instance), it's harder to have people using alternatives - and there's plenty of good and functionnal alternatives out there.

So yes Barbayellow, the Internet has we knew it is dead. And yes, activists will be able to communicate more or less freely. But that's not the point. Internet is dead because people won't pay the necessary costs to be free.

Yes, I agreee, it's a political struggle. You know me, we disagree on the means to fight this struggle, especially when you have to face economics giant and security fanatics hiding in secret part of the governement.

The only way to get back a free, neutral and decentralised internet is to implement accountability and transparency. It's by destroying the centralisation memes and the cyberthreats one. It's by destroying Secrecy and to enforce Privacy by default. But that's not something cypehrpunks can solve, it's smething citizens should implement.

And yes, I'll fight until we have that. But Internet is dead.