Disparaître - Sous les radars des algorithmes (2021) - full transcript
Whether cybercriminals, online giants or intelligence services - they all prey on users' personal data. Because control over this information is an important instrument of power in the 21st century. The documentary uses concrete case studies to present possible solutions for protecting privacy on the Internet.
This next song is about all the
private pictures you put on the web.
Of yourselves, your loved ones,
everything you are and want to be.
A giant worm gobbles up your data,
the storm of metadata
is brewing online...
Tech firms
like social media companies,
YouTube, etc. tell us:
"Express yourself, be yourself,
tell us your story, post your
images, give us your words.
This is for you."
Beware! I think everyone has a
feeling that something is going on,
but despite that, we close
our eyes, we move on.
Every day, we leave digital traces
when we browse, talk online
or travel.
Even the most innocuous data
exposes us to many risks.
Their business model is to collect
as much information as possible
so that they can then sell that data
to who wants to find exactly you.
We don't have the same way of
protecting ourselves if the threat
is because you have a jealous
husband or a jealous wife,
or if it's your boss at work
or if, as it happened to me,
you're working with Wikileaks
on NSA and CIA documents.
This is a great warning
to the rest of the world.
Our civil liberties are eroding
in front of our eyes.
Young students, ordinary citizens,
journalists, dissidents,
we all have specific levels
of online threats.
But there are solutions, so how
can we learn to protect ourselves,
each at our own level?
When I hear people say "privacy
is dead", I think that's nonsense.
I don't believe it at all.
I think there are many, many ways
that you can remain confidential
even in this hyperconnected world
with a lot of state surveillance.
Max Thommes is an actor
and musician living in Berlin.
He is an avid user
of social networks
and the services of Big Tech.
He has recently become aware
of the tracking of his data.
In Germany today, he knows that
the risks for him are limited,
but he is worried about Big Tech's
growing threat to our freedoms.
CHAOS COMMUNICATION CAMP
GERMANY
To learn how to protect his privacy,
he's going to the
Chaos Communication Camp.
Every four years,
this event brings together a group
of hackers and coding enthusiasts
from across Europe
to share and build
a more open internet.
Hey! Good to see you!
- Yes!
- I have some questions.
Please.
I'm trying to not be
too much on Facebook
and not to get every link
from Facebook,
but then you showed me
that even when I am logged out,
it's still tracking. How could I
protect myself from that?
Compartmentalisation done well.
In my case, I separate Facebook
in a specific browser, so that
Facebook doesn't communicate or
share cookies with the others.
This way,
if a website has trackers,
it will not link your activity on
this website with Facebook.
We had this talk in the afternoon
about Facebook
because we try to get away from it,
but still no one does.
On the one side,
we don't know
what is a better Facebook,
so we, as a society, have a
hard time figuring out
which kinds of rights and
empowerment we are losing
because of the Facebook imprint.
My theory is that we should be in
control of our algorithm, our data,
and know exactly where we're
sharing it and how it is treated.
That cannot be sustainable by
the current Facebook business model.
Another question:
one big thing that
I am really trying to conquer,
is how could I get rid of Google?
The way we try to approach Google
is also to compartmentalise.
Accept that if you have
to use one of these tools,
because you can't avoid it,
at least you can show them
only a small portion of your life
and not your whole life.
COMPARTMENTALISATION
COMPARTMENTALISATION
Typically, I would recommend
diversifying the tools you use,
so rather than relying
for example on Google
for e-mail, for maps, for search,
for translation, you can find
different privacy conscious
tools for each of these needs.
I would highly recommend
that you start with the apps
where you don't rely on anyone,
like your browser.
If you've been using Google Chrome,
you could use Firefox, Chromium,
you could use Tor browser. There are
so many different ones out there
and after you find a new browser,
why don't you try
a new search engine?
You could change for example
to DuckDuckGo.
Some people try some other ones,
they try Searx, they try Qwant,
there are so many privacy conscious
search engines.
In Berlin we had some resistance
to Google coming to Kreuzberg.
Did you hear?
It drew a lot of attention
onto how Google was
infiltrating our life.
Yes, that was amazing.
Even for Google,
I think they never thought
this could happen.
Indeed, in 2018,
Google had to abandon a
major campus project in Kreuzberg
due to public pressure.
I think Berlin is a fairly free city
and Berliners have made it clear,
in large demonstrations and
by challenging politicians,
that nobody in Kreuzberg wants
a Google headquarters.
Like most artists,
Max needs social networks
to promote his performances,
but he's increasingly wary of them.
This morning, he has a meeting with
members of Reclaim Club Culture.
This collective brings together
actors from Berlin's nightlife
who want to organise themselves
independently.
There have been many scandals about
the exploitation of personal data
and the surveillance of users. Our
idea is to launch a big campaign,
where we invite clubs
and the entire Berlin cultural scene
to choose together
an alternative on which
they could post their events.
We've done some research.
There is a project in development
called Mobilizon,
which would be an alternative
to Facebook Events.
I'm mostly in contact with artists
and I'm sure that
a city like Berlin,
which has a unique cultural offer,
would be a great
starting point for the initiative,
and then export it to other cities.
CASABLANCA, MOROCCO
The protection of privacy
affects us all.
In the forefront
are teenagers, who are
big consumers of the social networks
Instagram, Snapchat and Tiktok.
In Casablanca, teachers at the
French high school Louis Massignon
decided to show their pupils
the hidden side
of their favourite applications.
Hello!
Today we're going to work
on social networks.
Have any of you ever read
the terms and conditions
of a social network?
I've never read the terms of use
because they're very complex words
and it's really long,
so I've never taken the time.
I think if everyone accepts them,
I'll accept them too.
So,
this is an English lawyer
who has rewritten
these conditions in a language
that is very accessible
to young people.
"While you stay responsible for the
information you post on Instagram,
we may keep, use
and share personal information
with companies
connected to Instagram.
We are not responsible for what
these other companies
do with your information."
In addition to the data
you're going to post,
you're going to add metadata:
the time you logged in,
how many times
you liked this or that content, etc.
They will sell this data
to companies
that can then sell it
to other companies.
We'll go on to the second extract.
Go on, can you read it, please?
Officially, you own
the photos and videos you post,
but we are allowed to use them.
We can also let other people
use them anywhere in the world.
Others can pay us to use them,
but we won't have to pay you
for them.
Go on.
It's uh, it's really shocking.
It's like we provide...
we provide the wood, we build
the fire, but we don't get the heat.
Exactly.
That's right, but they will
have given you the chimney.
You can use Instagram for free,
but the data is theirs
and they will use it.
It's always like that.
When you sign up for the app,
you have a choice,
opt out or opt in. We all opted in
here because we all have Instagram.
We gave our permission
without even reading this contract.
And I know that when
I send a message, for example,
to Sofia, that message
is not just between us.
It's a private
message that's not really private.
It's like sending a postcard and
the postman can read it.
Students' privacy
is very important to us
because if we don't protect their
privacy, who will?
The risks that they can face
on the use of their data
are really of three types.
There is mainly
the exploitation of the data
by Big Tech or the companies
that have partnerships
with these large companies.
There is also the risk that
their data will be used by hackers
who have gained control over
their account or their logins.
And then, of course,
there is the risk of data
being used between students
for online harassment
or other purposes.
Cyberbullying on social networks
is a scourge that affects
many young people.
To try to prevent this,
teachers are teaching their pupils
to protect their accounts better.
During the previous session,
you remember,
we played a sort of game.
You had to look for flaws
in your classmate's or
friend's account.
Can I have some feedback on that?
I personally did the experiment with
Ritcha on her Instagram account.
Her Instagram account is private,
except that it shows her first name
and in her bio there's her age,
there's her profile photo
and her face.
And she doesn't have any posts
except for stories
where you can see where
and when she travels.
OK, and so what do you
think of her account?
It's fine.
It could be better,
but I'm not the best example either.
If you have the time to look through
each of the privacy setting options,
there are some gems in here.
So, you can decide who
sees your posts.
For example, by default
it might be set to public
and you may want to reduce it
just to the people that you've
accepted to your page.
You can control which users
are seeing your information.
Here it says "Do you want search
engines outside to link to
your profile? Yes or no?"
and by default it's set as "Yes".
This is a great place to secure the
options that are important to you.
I don't post,
but there are some people
who think it's fun to use
the same emoji all the time. For
example, a whale emoji,
to say you're fat,
and so we can block these comments.
It's called a filter that allows you
to hide offensive words or insults.
It's a feature of some
social networks
that allow you
to not receive insulting
or pornographic images
or insulting words in any language,
so it's a feature
that needs to be activated
on your social networks.
I was in a minor fight with someone.
People didn't really turn against me
but just hearing people talking
behind your back...
Yeah, it's super annoying.
You may want to block the person,
restrict the comments,
block all the accounts,
but the person can still,
for example, post on their page,
or in group conversations,
and it clearly makes
me uncomfortable.
I've created a double identity
on social networks especially,
and with my friends,
so I have two different names.
I even have two e-mail addresses.
I've created two digital identities
on every social network.
I have an account with my name,
the account where all the people
from school follow me,
and another one just
for those I really trust.
But you say that you don't post much
on your main account,
but on the other one.
Does that mean you're more open
through your second identity?
Yes, I'm more
comfortable posting on there.
HIGH SCHOOL
MEUDON, FRANCE
Lilian is among those who grew
up with the climate crisis in mind.
At 19, this computer enthusiast
is involved
with environmental activists,
a group that is especially targeted.
Today, on the eve of a
civil disobedience action,
he is training activists
to secure their data
and communications.
I saw that quite a few
people weren't coming in the end.
Yes, two people cancelled.
So it's going to be
quite participative.
We make three small
groups and ask people
what they've already planned
to do on the day
in terms of security and then we'll
move on to the password part.
The aim will really be to make them
understand how a password works.
So we're going to do a workshop
on the fundamental rules
of computer security
when we do an action.
We're going to talk about passwords,
which are the fundamental
element in computer security,
so we'll see how they work,
the various attacks to which
you can be vulnerable
and how to deal with them.
The big problem is that
people often re-use
the same password
for several accounts,
and if one account is compromised,
they all are.
I have three versions
of one password.
I doubt it's the right thing to do.
Me too.
The solution is to use
a password manager.
Passwords.
On average, we should all learn
between 70 and 80 of them by heart.
A password manager
generates and stores
complex passwords
and automatically re-enters them
each time you log on.
So, to protect your
password manager
you will be asked to create
a new strong password.
So we thought of a trick, which is
that everyone takes a book,
picks 3 or 4 words from it and
uses these to formulate a password.
This sentence will
protect all your other passwords,
so the goal is to find
a bit of a wacky sentence.
Unbelievable.
This one is very good.
You won't forget it.
Take three random words,
turn a page and point to one.
It has to make no sense at all,
but the sentence
has to be easy to remember.
It's the only password
you'll have to remember.
Did it work? Did you type it in?
Basically, it will allow you
to store all these very long
and very complicated
passwords for each app
directly in your phone.
Make sure no camera is filming your
password while you're chatting.
Unkown to many,
environmental defenders
are the most targeted worldwide,
given the whole picture,
of all activists,
and their adversaries are
most likely to be corporate
and secondarily governments.
When you're up against oil
and fossil fuel companies
and you're up against huge
agricultural companies,
they have hackers on their payrolls.
They're a kind of private militia.
You can get people to do
hit jobs for you
and lots of these guys,
they know what they're doing.
For environmental activist
groups and associations,
with the advent of "smart cities",
automated video surveillance systems
will consider suspicious
behaviour to be things like
standing still
in public spaces
for more than 20 minutes.
There is an active search
to prevent
civil disobedience actions.
Often it's people
who are preparing actions
who don't want any leakage,
before or after the action.
We're here in a totally
non-violent way.
I'd like to make that clear.
So, the aim is to communicate
with each other in a secure way.
There are instant messaging
applications like Signal
with messages that disappear
after a few hours
or a few days at the most.
USE SIGNAL
DELETE BROWSER HISTORY
So, the phone network
is pretty simple:
you walk and your phone
connects to the nearest antenna.
With a small antenna
you can pick up all the phone calls
from dozens of metres away.
So you absolutely mustn't
send text messages
or make normal calls
because you have no anonymity,
they can listen in to everything.
If you don't need
a phone, don't bring it.
And if you do, if it's really
necessary, you must be careful,
even buy a seperate phone,
which is the best solution.
For example, I have two phones,
this one is my private life
and this one has minimal functions,
and if I go on an action, this one
stays at home. I bring this one.
If we take away the plus 7 degrees
that are now predicted for 2100,
we are faced with another problem:
the mass extinction
of biodiversity
and the living world.
Let's look at the most important
thing for tomorrow
since you could easily
put your whole group at risk.
The first rule is
that if you don't need your phone,
you don't bring it tomorrow.
And if you have to,
you delete the apps and everything
that could identify the people
that you have organised things with,
that you have talked to.
And you absolutely
have to use Signal.
BERLIN, GERMANY
Meanwhile,
Max is exploring Mobilizon,
the alternative to Facebook Events
that is soon to be launched.
Today, along with other artists,
he is meeting with
Mobilizon's developers
to discuss how the platform
will work.
So, why are we still on Facebook
as artists, everyone?
There is a monopoly
on Facebook Events
and it's used by
every club in Berlin
and since we are like a
network of clubs, we thought
let's spread this goal
of a Facebook exodus,
because we see a large potential
in not persuading individual users
to make the change to
alternative social media platforms,
but actually to set an example.
Yeah.
We had 15 years of getting used
to hosting
and delegating everything:
the data storage,
the server maintenance to Facebook,
but if you want a Mobilizon Instance
then you have to
host it somewhere and you have
to pay for the server hosting,
but this is what freedom
really costs.
These are the hidden costs
that Facebook and so on
would hide from us and compensate
with stealing our privacy.
So if I got it right, it means
that we could do our own
local server,
what you call an "instance"
and downlad the software to it,
and give it a name
like "Mobilize Berlin",
and then we could
invite Berlin artists
and clubs to come
to our platform and then
they could federate: that means
communicate with the other servers
in Germany or worldwide, right?
Yes exactly. That's the federation
model, it's a philosophical shift.
The most famous "federated" platform
is the social network Mastodon.
FREE SOFTWARE
Since its creation in 2016,
several million users
have chosen to migrate from Twitter
to this free alternative.
FEDERATION
Federation means that there is not
a single authority that's in control
of the whole network. It means
that there are multiple authorities.
If you are familiar with e-mail,
e-mail is another federated network.
You have servers
like Hotmail, Outlook,
Yahoo, Gmail. You sign up somewhere,
you get an e-mail address
that starts with your user name and
ends with the server you are on
and that system allows you to
e-mail anyone on any e-mail server,
just by using that address.
So Federation is
a method by which these
authorities are spread out.
As opposed to for example Twitter
or Facebook where they have
one server and millions of users.
On Mastodon,
because it's decentralised,
you have a large
number of small servers.
Each is owned and operated by a
different individual or organisation
and you get the ability to follow
or interact with anyone
who is on any other server as well.
Max goes to the Mensch Meier,
a Berlin nightlife institution.
The club has long refused
to use Facebook,
but has had to do so
to attract more people.
It would be an ideal candidate
to join the Mobilizon adventure.
Well, we think that
it could be possible
to get people away from Facebook,
or at least try,
in the underground of
Berlin's music scene or art scene,
to get a lot of people
to use a different tool.
The hope is there, let's see
how far we can go with that.
Yes, Mensch Meier is a club
that is very political
and one of the things that was
very important for you was
not to use Facebook
as a promotion plateform
for your events.
So why was that in the beginning?
Facebook started
generating sites for us
that we did not want
and of course there is a little line
which says "unofficial page"
and what I did,
I started claiming them.
And at first it was enough
to give them our phone number,
but at one point, it was not enough
to have our phone number,
they wanted the bills for the water
and the energy of this place,
to prove that we
actually were this place. Yes.
What?
Yes. It's like they wanted
more of our data.
Do you think there's a possibility
for a Facebook exodus?
To get a really big community
to use an alternative?
That could be a possibility
with this Mobilizon
that we try to build here.
So,
FREE SOFTWARE ADVOCATE
should I perhaps
explain a little bit
some of the concepts?
So, the Fediverse is an
open protocol
for communication across services.
Mobilizon is an event
management service
which is part of this Fediverse.
Within the Fediverse, you have other
services. A popular one is Mastodon,
which is a Twitter alternative.
You have PeerTube,
which is a YouTube alternative.
Pixelfed, I believe is the name,
is an Instagram alternative,
Funkwhale is
a music streaming alternative.
They're based on the same protocol
and can communicate with each other.
So I can be using
Mastodon and you can be making
events for Mensch Meier
on Mobilizon and I can get your
events in my Mastodon stream,
even though I'm not using Mobilizon.
We could think about some goodies
that you get if you join it.
I mean, because we are of course
still interested in not
giving too much power to Facebook,
that's already too powerful.
So maybe there could be some
extra form of content
for the events or some extras.
- Free shots?
- Or whatever.
Free shot for every sign up.
All the Fediverse tools,
so the software
in this large federation
which all use the same protocol
to communicate with each other,
finally create a sort
of new internet,
in which we would have
lots of elements
which each have different functions,
but in which we would finally
recreate a full social universe.
The impulse for starting Mastodon
was my personal belief that
there should be a global
communication platform like Twitter
but it should not be in the hands
of a single company.
The idea that it's in the hands
of the people,
that it's decentralised,
is better than that.
It's more local.
It is a noticed fact that Mastodon
is a friendlier platform
than others.
You are part of this global network,
but you also have this special
view towards your neighbours,
the people who are on
the same server as you.
So you get this
community feeling from that.
It's easier to feel at ease
in environments that are
generally much more friendly,
where there is no
attention-grabbing,
because even if we don't realise it,
in the end it inevitably
impacts our behaviour.
And so, in fact,
these are much healthier spaces.
Hello Mr Meillassoux.
My name is WeiKei,
I am a researcher from Hong Kong.
I have been following your work
about digital security.
I was hoping to meet to talk about
our situation with China.
I trust that you will be discrete.
I have been as careful as I could
but it's still scary.
Like thousands of Hongkongers,
WeiKei thought she was safe online,
but the "Umbrella Revolution",
the resistance movement against
China, has changed everything.
Now,
Chinese services can monitor
the communications
of all Hong Kong citizens.
So tell me more:
how is the situation in Hong Kong?
It's getting worse and worse.
You know, the police are
becoming more and more violent.
The conversation
has broken down completely
and we are very worried.
OK.
And you have some kind of a plan?
I think the first step for me
would be
to learn how to secure myself
and then I will be able to reach out
to other people.
I'm actually thinking about a
campaign for the general public
and I wonder if you would have any
contacts of people I can speak to.
Because of my experience
living in China,
I am quite familiar with how
the Chinese government actually
infiltrates in the general public
and how they pinpoint
certain individuals.
I worry that one day, it will
also happen to Hong Kong.
For people to continue
with their work
to fight for our rule of law,
for our freedom of speech,
they must learn how to
protect themselves.
- Hello?
- Hello, this is WeiKei.
So, what sort of occupation
are you involved with?
I work as a researcher,
but then, after the uprising,
I became involved in digital
security training, so I'm doing
a lot of campaigning and contacting
people who are actually high risk.
And so, now you're back to learn a
little bit more about threat-models?
Yes, threat modeling is
something quite new to me.
OK.
It will help determine your risk.
There are five questions
that you can ask yourself.
First question: what is it that
you want to keep private?
THREAT MODELLING
Threat modelling.
This is getting
through the process of thinking:
who do I need to protect from,
what do I need to keep safe,
and what is the worst case scenario?
And you start realising:
well, OK,
my adversary is this.
What do I think this
adversary is capable of?
Is it capable of wiretapping my
internet communications or not?
Is it capable of
getting data out of the provider
that I use or not?
Is it capable of hacking or not?
HONG KONG, JUNE 2019
The adversaries that I'm facing
are actually state actors,
so they do have financial means
and technical power.
I think my risk would be
exposing my contacts.
That's my deepest worry.
The worst scenario for me
would be to get caught.
I would be subject to interrogation
and in the worst scenario, tortured.
These things are all too common
in mainland China.
LONDON, UK
Internet surveillance
has become a major problem
for journalists.
By contacting them, their sources
risk leaving traces online,
which could then be used to identify
and prosecute them.
To address this issue,
Julian Assange co-founded
WikiLeaks in 2006.
This secure platform
allows whistleblowers
to transmit sensitive documents
while preserving their anonymity.
WikiLeaks has brought
to public attention
the abuses committed by the US army
in Iraq and Afghanistan.
This might be the one here.
It has windows on the side,
that's a prison van
but I don't know if it's
coming here. It could be him!
Now at the top of
the US government's target list,
since 2011 Julian Assange
has been under threat of extradition
to the US, where he now faces
175 years in prison.
The first contact problem:
this is one of the big issues
that we face in journalism.
ANONYMOUS CONTACT
If we just think about a scenario:
you're a whistleblower
and you've got important information
that you want to disclose to me,
you use, let's say
your Gmail address,
which has your name and
that you've used for years,
or a normal open line phone call.
That has created a permanent
record between you and me.
I offer different levels
of security.
So someone who is safe
to contact me,
contacts me on Twitter, Facebook,
by e-mail, and that's it.
A person who could
potentially have problems if someone
knew they had contacted me
can reach me on Signal.
And someone who faces a
very high-level threat,
typically someone
who was or is working
for an intelligence service
and who would like
to pass me a file,
they can use Secure Drop,
which is a program
set up specifically
for contacting
investigative journalists
anonymously and securely.
GERMAN PARLIAMENT, BERLIN
GERMAN PARLIAMENT, BERLIN
In 2010, I was working for
Der Spiegel in London with
journalists from the New York Times
and The Guardian,
in what we called a bunker
at the Guardian headquarters.
We wrote the first reports
on the war in Afghanistan together.
When you read them again today,
it's really amazing
what you could write
in simple e-mails back then.
And WikiLeaks, they kept sending us
very annoying and
repetitive requests
so that we would encrypt everything
and be ever more careful.
And we laughed among ourselves
about these "big paranoids",
like "ha-ha-ha",
but we worked together. It was
a real journalistic collaboration
and today I ask myself:
what did I do differently from
Julian Assange at that time?
I'll go even further:
who is next on the list?
I mean,
what did we do differently?
FREE JULIAN ASSANGE
If you're a whistleblower,
first of all, what you need
to be careful with
and be very mindful of
is how you try to record the
information that you are seeing,
because if you just plug in
a flash drive or USB
and try to copy or whatever,
that immediately is a red flag.
The company has probably
got a system that monitors
who's removing information from its
systems. Most of the big companies
do now. They call it
"insider threat technology".
If you have compromising documents
that are of public interest,
but you don't really know
what to do,
the first thing you need to do is to
identify the right contact person.
Identify the journalist
who will be able
to release a document
while minimising the risk.
What I would usually suggest
is that the person,
if they can buy a cheap new laptop,
a notebook or something like that,
go to a café, a public wifi network,
download the Tor browser,
connect to the Secure Drop page,
then you can make contact with us
through that by sending a message.
From there we could probably take
the next steps to try and figure out
how we can get further
information from you
without compromising
your security or safety.
BERLIN, GERMANY
To prepare the launch of
the Mobilizon platform,
Max invited his artist friends
to a "CryptoParty".
During this informal evening,
novices can discover
alternatives to Big Tech
and learn the basics
of online security.
CRYPTO PARTY
Picture, where am I? Picture,
who am I? Picture, where am I going?
Picture, where was I? Who was I?
Picture, does it still make sense?
I take pictures of myself, always
of myself, selfies, selfies.
I take pictures of myself, always
of myself, selfies, selfies.
Thank you very much
for coming to this nice evening.
Most of you are probably not
that deep into the topic
so it's nice to find out
a bit more about
what internet privacy is, because
I think it's a very important topic
that we all should face
in these times.
We're going to talk about browsing.
Are you familiar with what a VPN is?
A VPN? A Virtual Private Network?
No?
Many people use VPNs for privacy
reasons by connecting to a VPN
and then going to the internet
from the VPN.
One of the benefits of that
is that your IP address
looks like it's coming from the VPN,
not from your home network
and that protects
in some sense your identity.
Have you heard of Tor before?
Do you know
how it differs from a VPN?
So, Tor is an acronym. It stands
for The Onion Router.
In some sense, it's similar
to a VPN in that your connection
to the actual internet looks like
it's coming from somewhere else.
But with Tor,
it doesn't connect to one node,
we call it a node,
it rather connects to three nodes
and then it goes into the internet.
These layers are why
it's "the onion router".
You can have some anonymous
connection to the internet.
Of course it's not anonymous if you
log in to your Facebook account.
The next table focuses on
the de-googling of Android phones.
There are indeed alternatives
for most applications. For example,
Google Maps can be replaced
by Open Street Map or Qwant Maps,
so that you don't have to share
your geolocation with Google.
OPEN STREET MAP
FOR ANDROID
The step that I don't understand:
since I have an Android
and a Google account, my
whole phone is connected to Google.
They know my information anyway.
Indeed,
not sending any data to Google
requires a more complex operation.
The Android operating system
must be replaced entirely
by an operating system
such as Lineage
which is free and open-source.
FREE OPERATING SYSTEM
In general, CryptoParty
recommends free and open source.
You've never heard this term before?
Once again?
Free and open source.
Basically, it belongs to all of us,
so the source code is available
for other people to take,
to use, to modify,
to share with other people.
It's maximally transparent.
FREE AND OPEN SOURCE SOFTWARE
In French, I describe free software
using the three words
"Freedom, Equality, Fraternity",
because that's exactly what
free software is about.
"Freedom" means each user is
free in using the program.
"Equality" because every user
has the same rights.
"Fraternity" because we encourage
users to cooperate with other users.
One fairly common kind
of malicious functionality
is to spy on the user.
You must suppose that any
non-free program you run
is sending data about you
and your activities
to some company
and perhaps to a government.
I work with marginalised
communities. You know,
in America, you find young people
in the inner city who are told by
tech firms, social media companies,
these different platforms:
"Express yourself. Be yourself. Tell
us your stories. Post your images.
Give us your words. This is
for you." YouTube, etc.
And you know,
the law enforcement front door.
Law enforcement has contracts with
companies that aggregate the data
and can spin in and analyse it
and slice it any way that they want.
And we have these gang conspiracy
charges in the United States
and in that the police just need
circumstantial evidence to tie
you to criminal activity,
and most of it is through
a network effect.
So if I post something
on social media
and you "like" that thing,
if I have your number in my phone,
that's enough. Your door is going
to be kicked in in the morning.
They'll pull you out of bed
and you'll be arrested.
When you're put in harm's way
by using some software,
you're not excited to use it, you
won't think: "Oh, I don't know,
how do I move? Can I
get my friends to move?"
or "who's also on there?". You think
"where do I go? I'm ready to go".
So I think open source
is the people's software
and eventually the people
will use it because
there's no friction, no cost to it.
They're actually
very hungry and so excited
that there are things now that
they could use, technology,
that makes it so much easier
to protect their identity,
to protect all they hold dear,
and to just enjoy everything about
who they are and what they are.
CASABLANCA, MOROCCO
In recent years,
the world of education has begun
a major digital transition.
In Casablanca, the French
high school Louis Massignon
embarked on the adventure in 2017.
The teaching staff had to choose
between different options,
in particular those proposed
by Big Tech, against the backdrop
of the student
data collection issue.
We tested five or six solutions
within the school.
There were several solutions,
paying solutions,
open-source solutions...
We looked at the pros
and cons of each solution.
The tech giants have
inevitably offered us
immediate, practical,
concise, integrated, ergonomic,
friendly and pleasant solutions.
However, what guides our action
and that of all teachers
is pedagogical freedom.
But what these tech giants
were offering was
a turnkey solution, and a turnkey
solution is generally restrictive.
In terms of respect for privacy
and the data that is collected,
free software was a good fit,
and so we have always been
inclined to favour
open source solutions rather
than proprietary solutions.
OneNote,
which is a Microsoft solution,
was also proposed,
but it is not
well adapted to schools,
and as for Google Classroom,
we quickly realised that
we had to use Google's e-mail
and drive to run our classes.
It required us
and to assign an e-mail address
to each pupil,
which is not
suitable
for secondary and
primary school pupils,
and so the teachers rejected it.
The staff finally chose
the Moodle platform
and the Big Blue Button software,
an alternative to Zoom.
But this didn't
meet with unanimous approval.
Free software does indeed
have the reputation of being
less easy to handle.
Moodle is actually a bit
off-putting at first.
It's not very sexy,
it's not very intuitive,
it's a bit abrupt at first
precisely because it allows teachers
to be extremely creative.
We can all do absolutely anything
we want. It's infinitely adaptable.
With computers, you can do
anything, that's what's magic.
When I arrived, I felt that
security wasn't great here.
I sent an e-mail
to all the teachers,
and 50 percent, half of the people
gave me their password.
And the technique is very simple:
you scare people.
You just say:
"Your account was hacked.
Go there to change your password".
People click. They don't even
see that the URL is wrong.
They type in their password,
you get their old and new password.
It's just stuff like that,
IT is just stuff like that.
Today, we're going to look at what
we call digital hygiene.
So is there anyone among you
who can define what a cookie is?
If you want to enter a site
or something,
they send you
a little message to give
your agreement to access
the site, and generally we accept.
OK, so the cookie
is simply a small file
that will be on your computer
in your internet browser.
And it's used a lot in the field
of internet advertising,
because it can
track you from site to site.
So the message
you were talking about
is the authorisation message.
You're giving your consent
for cookies to be stored
on your computer.
And that's why, generally speaking,
the best practice in digital hygiene
is to go straight to the settings
on this kind of site
and uncheck them.
NORMANDY, FRANCE
As an IT manager in activist groups,
Lilian may have access
to sensitive information.
One of his tasks
is to protect the personal
data of activists,
which makes him a prime target.
We can draw a parallel between
ecology and the defence of privacy.
On the environmental side,
we're heading towards
global warming.
We're already seeing
huge consequences.
It's the same with privacy.
Big Tech has a monopoly and
their tools are easy to use,
but for people, change
can be very unsettling.
I don't think about it any more,
it's become part of my daily life,
to act like that, to have all these
measures that protect my privacy.
Today we'll look at Qubes 0S.
It would be great if it were
accessible to everyone.
SECURED OPERATING SYSTEM
But it's quite technical to use
and it's really for people
who need a second identity
for militant activities
or civil disobedience.
The idea is to keep
a second identity separate
in a different space
in your computer.
It's based on this idea.
You will have a workspace
to send and receive e-mails,
and if you ever need
to communicate
anonymously with someone,
for example,
you will anonymise your IP.
Changing your
IP address is a first step.
Here, Lilian uses obfuscation.
This strategy
consists of deliberately
leaving false traces online
to cover up the tracks.
In everyday life, you can choose
to give false information
when registering on a website
or to disguise your IP address.
The red window means we're browsing
the internet normally.
There's no protection, we're
connected directly.
That is our real current IP address.
Using this, someone could trace
our location, our operator,
and a state could, for example,
ask an operator to obtain
our name and address.
And here we go through a VPN.
It's an intermediary lending us
their IP address,
so we're on the same computer,
on the same internet,
but with a completely
different identity.
If you have to obfuscate
your location or your identity
you need to be careful that
you're doing it right
and it's very easy to make mistakes.
If you look
at hackers' prosecutions,
cases brought against
people that have hacked into things,
they get caught because of one error
in obfuscating their identity.
Like the one time that their VPN
wasn't actually running.
It exposed their IP and location
to the operator and authorities.
Hello. This is WeiKei.
Oh, Hi WeiKei. How are you?
Great.
I think it's very important that I
set up an online alias with you
because I use Twitter and Telegram
to contact other activists
and politicians to see what kind
of information
they are posting.
OK, so you must keep your online
life in two separate compartments,
that is two separate
online devices and logins.
Get a privacy enhanced email
address with, let's say, ProtonMail
to subscribe to various
social media.
Almost all social media
and chat apps, they're going
to ask for your phone number
to sign up and verify the account.
Then you can buy a used phone
at a second hand store
but be sure you only pay cash.
It's called a burner phone.
You have to buy a prepaid
SIM card for the burner phone.
Second, for your online alias
to encrypt your communications
you have to get yourself a VPN.
So you could search which is
the best in Hong Kong.
And you have to pay that
in cash as well.
So using the online alias
that you construct, it can
give you a false sense of security,
you still have to be cautious.
Use it only for your communications
with those involved
in your activities,
and do that from a public
wifi hotspot, not from your home.
The choice of operating
online pseudonymously:
if you are operating
in countries where
the state or adversaries do not have
authority over the online provider
that you are using. For example,
in a country that doesn't have
good human rights records,
it's very unlikely that
the authority will manage
to subpoena data out of
Twitter or Facebook.
Be cautious of the fact that using
some types of internet networks
like Tor or VPN could flag you.
In some countries,
using those technologies
is actually illegal.
So it could be even a point of
attack from a legal point of view.
Since 2020,
a new Chinese law directly
targets Hong Kong opponents.
In response,
WeiKei now runs workshops
for activists
on online safety rules.
Well, thank you for coming here.
Today we're going to talk
a little bit about security.
But before I get into it,
I want to talk about
the new security law.
Who has heard about this
security law in Hong Kong?
As soon as the government
doesn't like you for any reason,
they can send you to China,
to be tried under the Chinese court
and that's the end of you.
So you know, we also need
to escalate our security tools.
It's actually really important
to encrypt your communications
and encrypt your mails.
Sure. It's about your comrades too.
If you're busted,
your friends are busted.
From what I heard from
other activists in my circle,
they don't even know what
encryption is. It's scary.
If I'm communicating
through the internet
from this computer,
I can send that unencrypted
and then anyone on the way,
my wifi, my local router, the ISP,
whatever else
it went through, all those things
could potentially read it.
But if I have it encrypted,
with PGP, it can't be read easily.
So,
we use 2 keys: 2 numbers.
One that is simply messing up
my message to you,
like crumpling it up.
For the sake of understanding.
So, If I pass it on,
all the people here
in between can only pass it on.
And when you receive that, you have
the secret key, the other number
to decrypt it. It's like an opener,
the key that opens
and this is where we have to
learn how to do this.
In terms of
escalating measures or protocols,
I think these are something
you can teach us.
What's more important
is that people do it and cooperate.
I think that there is a
psychological barrier.
If people can get over this barrier,
I think it's doable,
it's never too late.
You can take the first step anytime.
Many of them don't do that
because they think it's already
too late, that they're already
being targeted.
It's not necessarily the case.
In civil society,
there's a lack of ressources
and expertise,
compared to a very high
capacity of the adversary
to breach into electronic devices
and intercept communications.
Then you need to start thinking away
from this strict digital security
aspect and more
about the operational security.
When you think about operational
security, you think about changing
your behaviour
to mitigate the damage.
So I'll use a certain
type of device for certain types
of communications that are at a
higher risk of getting intercepted.
And I'll separate that
from my personal life.
These considerations
often help much more than
buying hardware which are
regarded as more secure.
DAMASCUS, SYRIA
An operational security error
is what could have cost
Dlshad Othman his life.
Like WeiKei,
this unremarkable Syrian
has seen the political situation
in his country change abruptly.
Like her,
he opposed an authoritarian regime
with unlimited capabilities.
At the beginning, I was this person
who not only believed, but who
was confident that actually
digital security or these tools can
be enough to help you protect
yourself and my focus was on
teaching these tools, how to use it,
click here, open here,
install this tool.
But then something happened to me
when I had to leave the country
because of an
operational security mistake
by a Western journalist
and my information was revealed
to the Syrian government.
It was so important
for Syrian activists
to talk to Western journalists
so they could tell the world
what was going on.
So the Syrian electronic army
started targeting known
Western journalists.
The journalists got a link,
a fake link, and they clicked on it
and the Syrian electronic army got
full control over their machine.
At that time,
a lot of people got caught
because it was easy and
the Syrian government had
the capabilities to
analyse internet traffic
and identify users and arrest them.
It was 1 a.m.
when I received a Facebook message
telling me that this journalist
got arrested,
so I needed to do something.
There's no way you can get a
burner phone and SIM card in Syria.
You can't, you need to sign a
contract, they know who you are,
your fingerprints, all these things.
So now they know who I am
and they know my name
so they can go to
the mobile provider service
operator and ask for my location
to find where I am.
I went to the city centre,
the centre of Damascus.
It was 1:30 a.m. and I took
the SIM card and crushed it,
threw it away,
and then I became totally offline.
No wifi, no internet,
no GSM, nothing.
LONDON, UK
Julian Assange's extradition
trial opens in London.
In Belmarsh high security prison,
these five weeks of hearings,
closed off to cameras,
are presided over by
Judge Vanessa Baraitser.
The US request
the extradition of Mr Assange
for the unlawful publication
of classified documents
related to the Afghan and Iraq wars
allegedly endangering the life
of informants working for the US.
The prosecution of a journalist for
publishing confidential documents
is a historic first in the West.
The profession is concerned about
the legal example it could set.
WikiLeaks put in place
a rigorous process
to remove the names of sources from
all documents before publication,
associating with local media
partners in different countries.
WikiLeaks pioneered in
several journalistic fields:
by publishing
source documents online,
initiating large
journalistic partnerships
and creating a secured platform
for whistleblowers
that was replicated by
all major newspapers.
With WikiLeaks, how does it work?
You sign a confidentiality agreement
saying that you will
respect the embargo,
you will respect
the security protocols,
you communicate
through secure messaging
and then you have access
to the document
in a secure way
and ideally you use Tails.
Tails is a removable
operating system.
It fits on a USB key, an SD card.
You restart your computer on Tails
and then all communications
go through Tor.
It's a computer that's not
linked to your identity,
so it gives you an
additional layer of anonymity.
When the threat model is
as extreme as it can be,
we usually try and work in
what we call an air-gaped
environment, which is to
have computers that have never and
will never connect to the internet
and we will only open certain
encrypted communications
on those air-gaped machines.
In New York in the Intercept office,
they built a secure
compartmented facility where
it's almost like Alcatraz.
There's metal through the walls
and it blocks all signals coming in.
With WikiLeaks, my threat model
was the highest I've ever had.
It lasted a week since the
documents were then made public,
so there was nothing else
to get into my computer,
but when you work on NSA
or CIA documents,
they're the best in the world
at intercepting telecommunications.
Before his arrest in April 2019,
Julian Assange lived for seven years
as a refugee in the Ecuadorian
Embassy in London.
Being tracked 24/7,
he became the most monitored
journalist on the planet.
I was employed by a private security
firm at the Ecuadorian Embassy.
In 2015, our chief declared that
we were now working in the "Premier
League", for "American friends".
We installed camera surveillance
with stream capacities and
microphones in all the rooms
of the embassy.
Our "American friends"
seemed to be obsessed
by monitoring the meetings with
lawyers and other journalists.
More extreme measures such as
kidnapping or poisoning Mr Assange
were also considered.
Well the embassy,
having Julian inside,
became probably the most surveilled
place in the world.
In what we could describe as
a "big brother" experiment,
where the only person
that could never leave
the place was him.
Where every single corner
of the embassy was
recorded.
They put a special,
very sensitive hearing device
under the bottom of
the fire extinguisher
and in the lady's toilet
behind the towel rail.
ASSANGE'S FATHER
Julian and the lawyers used
to meet in the ladies' toilet
because they thought
that it was not bugged.
So we would write notes
to each other.
And of course, when you pass
a note to each other
you had to ensure that
you turned it over so
that the camera could not see
what was written on it.
The only 100% secure way to
communicate with another human
is to get a piece of ceramic tile
or a piece of glass and put one
piece of paper on it so there's no
indentation under it from what
you write on the piece of paper.
You then put your head
under a towel, cover it,
and you write your message.
Even if there's a camera in the room
they can't see.
If there's a recording device,
they can't hear anything.
You finish writing and the
other person goes under the towel.
You let them read it
and reply if they need to.
Then you rip up the piece of paper
and you burn it and
pound it into dust,
and scatter it to the winds.
It's like going back to what
John Le Carré calls "Moscow rules",
which is the old trade spycraft,
where it's meeting in person,
using secret marks to show that
the drop place is safe or insecure
and you've been followed.
It's old school spying
to get around this new electronic
spying we're all subject to.
When it was created,
the internet promised
a new space of freedom.
But today, it is mostly controlled
by big companies
and states.
To preserve our privacy,
we have to learn to protect
ourselves.
The problem is that
no major political force
has managed to articulate
a vision for
what this digital world
might look like,
where it's not run by these rather
unimaginative firms
who only think of
selling advertising.
The madness is how
we have organised the entire system,
where we cannot conceive
of infrastructures
with a different political economy,
where data
might be owned by citizens
together and not by the firms that
offer us the infrastructures.
Those kinds of questions
are missing from the debate.
The focus is now on Brussels.
Indeed, the European Union
is the institution that has shown
the greatest willingness
to bring order to the Wild West
of personal data.
By joining forces
at the European level,
with the Member States,
we can really set a
new global standard.
The General Data
Protection Regulation
which regulates
the tracking of users,
including by means of cookies,
has already
marked a historic turning
point at the international level.
But as a last resort, I think
we will have to dismantle
the Big Tech companies.
Before we get to that,
there are other solutions:
developing competition
and pushing companies to make
data protection the strength
of their business models.
Other services are possible
and some of them can be funded
and offered and built differently
with different respect for privacy,
with a different
political economy of data.
That's happening in local enclaves.
But there has to be
a logic that informs that,
and you need resources,
you need billions going into this.
And for billions to flow into this,
you need to have a very different
set of policy priorities at the
national and the European levels.
BERLIN, GERMANY
It's D-day for Max and his partners.
After two years of preparation,
they launched their independent
platform mobilize.berlin.
Now connected to thousands
of other platforms,
it is a new step
in the development of
the free internet.
Today we are here
to celebrate Mobilizon
and launch the website.
So we invite you to go onto
the platform's address,
it's online, there's some
really cool features,
it's connected to the Fediverse,
that's the future of open source,
free and decentralised
social networks. That's it. Sign up!
Think about where our freedom
comes from.
The only reason we have any freedom,
is because of people in the past
who have been willing to make
some practical sacrifices
for their freedom.
We don't need thousands or
millions of people to be heroes
and take grave risks.
We just need thousands,
maybe millions of people
to suffer a little inconvenience.
But it all depends on saying "No".
If you occasionally say,
"No I won't do that
because it would mean giving up
some of my freedom",
you will be advancing the campain
to win back our freedom
in the digital domain.
A new form of global interaction
must be created.
A new era is upon us,
where we raise our hand
and go and challenge the giants.
Because mankind will not
be free as long as Facebook
rules.
Steve Jobs, Bezos
Modern times Super Heroes,
Elon Musk and Microsoft
Shitstorm, community
Clickbait, now or never
Thumbnails
Giffs and lols, life work balance,
head space full of trolls
Algorithms
On the run
Data stream, network,
cyber addiction
My life you want to hack
I will crack life,
Snacking your leftover data
My life you want to hack
I will crack life, snacking your
leftover data, hide myself in you...
private pictures you put on the web.
Of yourselves, your loved ones,
everything you are and want to be.
A giant worm gobbles up your data,
the storm of metadata
is brewing online...
Tech firms
like social media companies,
YouTube, etc. tell us:
"Express yourself, be yourself,
tell us your story, post your
images, give us your words.
This is for you."
Beware! I think everyone has a
feeling that something is going on,
but despite that, we close
our eyes, we move on.
Every day, we leave digital traces
when we browse, talk online
or travel.
Even the most innocuous data
exposes us to many risks.
Their business model is to collect
as much information as possible
so that they can then sell that data
to who wants to find exactly you.
We don't have the same way of
protecting ourselves if the threat
is because you have a jealous
husband or a jealous wife,
or if it's your boss at work
or if, as it happened to me,
you're working with Wikileaks
on NSA and CIA documents.
This is a great warning
to the rest of the world.
Our civil liberties are eroding
in front of our eyes.
Young students, ordinary citizens,
journalists, dissidents,
we all have specific levels
of online threats.
But there are solutions, so how
can we learn to protect ourselves,
each at our own level?
When I hear people say "privacy
is dead", I think that's nonsense.
I don't believe it at all.
I think there are many, many ways
that you can remain confidential
even in this hyperconnected world
with a lot of state surveillance.
Max Thommes is an actor
and musician living in Berlin.
He is an avid user
of social networks
and the services of Big Tech.
He has recently become aware
of the tracking of his data.
In Germany today, he knows that
the risks for him are limited,
but he is worried about Big Tech's
growing threat to our freedoms.
CHAOS COMMUNICATION CAMP
GERMANY
To learn how to protect his privacy,
he's going to the
Chaos Communication Camp.
Every four years,
this event brings together a group
of hackers and coding enthusiasts
from across Europe
to share and build
a more open internet.
Hey! Good to see you!
- Yes!
- I have some questions.
Please.
I'm trying to not be
too much on Facebook
and not to get every link
from Facebook,
but then you showed me
that even when I am logged out,
it's still tracking. How could I
protect myself from that?
Compartmentalisation done well.
In my case, I separate Facebook
in a specific browser, so that
Facebook doesn't communicate or
share cookies with the others.
This way,
if a website has trackers,
it will not link your activity on
this website with Facebook.
We had this talk in the afternoon
about Facebook
because we try to get away from it,
but still no one does.
On the one side,
we don't know
what is a better Facebook,
so we, as a society, have a
hard time figuring out
which kinds of rights and
empowerment we are losing
because of the Facebook imprint.
My theory is that we should be in
control of our algorithm, our data,
and know exactly where we're
sharing it and how it is treated.
That cannot be sustainable by
the current Facebook business model.
Another question:
one big thing that
I am really trying to conquer,
is how could I get rid of Google?
The way we try to approach Google
is also to compartmentalise.
Accept that if you have
to use one of these tools,
because you can't avoid it,
at least you can show them
only a small portion of your life
and not your whole life.
COMPARTMENTALISATION
COMPARTMENTALISATION
Typically, I would recommend
diversifying the tools you use,
so rather than relying
for example on Google
for e-mail, for maps, for search,
for translation, you can find
different privacy conscious
tools for each of these needs.
I would highly recommend
that you start with the apps
where you don't rely on anyone,
like your browser.
If you've been using Google Chrome,
you could use Firefox, Chromium,
you could use Tor browser. There are
so many different ones out there
and after you find a new browser,
why don't you try
a new search engine?
You could change for example
to DuckDuckGo.
Some people try some other ones,
they try Searx, they try Qwant,
there are so many privacy conscious
search engines.
In Berlin we had some resistance
to Google coming to Kreuzberg.
Did you hear?
It drew a lot of attention
onto how Google was
infiltrating our life.
Yes, that was amazing.
Even for Google,
I think they never thought
this could happen.
Indeed, in 2018,
Google had to abandon a
major campus project in Kreuzberg
due to public pressure.
I think Berlin is a fairly free city
and Berliners have made it clear,
in large demonstrations and
by challenging politicians,
that nobody in Kreuzberg wants
a Google headquarters.
Like most artists,
Max needs social networks
to promote his performances,
but he's increasingly wary of them.
This morning, he has a meeting with
members of Reclaim Club Culture.
This collective brings together
actors from Berlin's nightlife
who want to organise themselves
independently.
There have been many scandals about
the exploitation of personal data
and the surveillance of users. Our
idea is to launch a big campaign,
where we invite clubs
and the entire Berlin cultural scene
to choose together
an alternative on which
they could post their events.
We've done some research.
There is a project in development
called Mobilizon,
which would be an alternative
to Facebook Events.
I'm mostly in contact with artists
and I'm sure that
a city like Berlin,
which has a unique cultural offer,
would be a great
starting point for the initiative,
and then export it to other cities.
CASABLANCA, MOROCCO
The protection of privacy
affects us all.
In the forefront
are teenagers, who are
big consumers of the social networks
Instagram, Snapchat and Tiktok.
In Casablanca, teachers at the
French high school Louis Massignon
decided to show their pupils
the hidden side
of their favourite applications.
Hello!
Today we're going to work
on social networks.
Have any of you ever read
the terms and conditions
of a social network?
I've never read the terms of use
because they're very complex words
and it's really long,
so I've never taken the time.
I think if everyone accepts them,
I'll accept them too.
So,
this is an English lawyer
who has rewritten
these conditions in a language
that is very accessible
to young people.
"While you stay responsible for the
information you post on Instagram,
we may keep, use
and share personal information
with companies
connected to Instagram.
We are not responsible for what
these other companies
do with your information."
In addition to the data
you're going to post,
you're going to add metadata:
the time you logged in,
how many times
you liked this or that content, etc.
They will sell this data
to companies
that can then sell it
to other companies.
We'll go on to the second extract.
Go on, can you read it, please?
Officially, you own
the photos and videos you post,
but we are allowed to use them.
We can also let other people
use them anywhere in the world.
Others can pay us to use them,
but we won't have to pay you
for them.
Go on.
It's uh, it's really shocking.
It's like we provide...
we provide the wood, we build
the fire, but we don't get the heat.
Exactly.
That's right, but they will
have given you the chimney.
You can use Instagram for free,
but the data is theirs
and they will use it.
It's always like that.
When you sign up for the app,
you have a choice,
opt out or opt in. We all opted in
here because we all have Instagram.
We gave our permission
without even reading this contract.
And I know that when
I send a message, for example,
to Sofia, that message
is not just between us.
It's a private
message that's not really private.
It's like sending a postcard and
the postman can read it.
Students' privacy
is very important to us
because if we don't protect their
privacy, who will?
The risks that they can face
on the use of their data
are really of three types.
There is mainly
the exploitation of the data
by Big Tech or the companies
that have partnerships
with these large companies.
There is also the risk that
their data will be used by hackers
who have gained control over
their account or their logins.
And then, of course,
there is the risk of data
being used between students
for online harassment
or other purposes.
Cyberbullying on social networks
is a scourge that affects
many young people.
To try to prevent this,
teachers are teaching their pupils
to protect their accounts better.
During the previous session,
you remember,
we played a sort of game.
You had to look for flaws
in your classmate's or
friend's account.
Can I have some feedback on that?
I personally did the experiment with
Ritcha on her Instagram account.
Her Instagram account is private,
except that it shows her first name
and in her bio there's her age,
there's her profile photo
and her face.
And she doesn't have any posts
except for stories
where you can see where
and when she travels.
OK, and so what do you
think of her account?
It's fine.
It could be better,
but I'm not the best example either.
If you have the time to look through
each of the privacy setting options,
there are some gems in here.
So, you can decide who
sees your posts.
For example, by default
it might be set to public
and you may want to reduce it
just to the people that you've
accepted to your page.
You can control which users
are seeing your information.
Here it says "Do you want search
engines outside to link to
your profile? Yes or no?"
and by default it's set as "Yes".
This is a great place to secure the
options that are important to you.
I don't post,
but there are some people
who think it's fun to use
the same emoji all the time. For
example, a whale emoji,
to say you're fat,
and so we can block these comments.
It's called a filter that allows you
to hide offensive words or insults.
It's a feature of some
social networks
that allow you
to not receive insulting
or pornographic images
or insulting words in any language,
so it's a feature
that needs to be activated
on your social networks.
I was in a minor fight with someone.
People didn't really turn against me
but just hearing people talking
behind your back...
Yeah, it's super annoying.
You may want to block the person,
restrict the comments,
block all the accounts,
but the person can still,
for example, post on their page,
or in group conversations,
and it clearly makes
me uncomfortable.
I've created a double identity
on social networks especially,
and with my friends,
so I have two different names.
I even have two e-mail addresses.
I've created two digital identities
on every social network.
I have an account with my name,
the account where all the people
from school follow me,
and another one just
for those I really trust.
But you say that you don't post much
on your main account,
but on the other one.
Does that mean you're more open
through your second identity?
Yes, I'm more
comfortable posting on there.
HIGH SCHOOL
MEUDON, FRANCE
Lilian is among those who grew
up with the climate crisis in mind.
At 19, this computer enthusiast
is involved
with environmental activists,
a group that is especially targeted.
Today, on the eve of a
civil disobedience action,
he is training activists
to secure their data
and communications.
I saw that quite a few
people weren't coming in the end.
Yes, two people cancelled.
So it's going to be
quite participative.
We make three small
groups and ask people
what they've already planned
to do on the day
in terms of security and then we'll
move on to the password part.
The aim will really be to make them
understand how a password works.
So we're going to do a workshop
on the fundamental rules
of computer security
when we do an action.
We're going to talk about passwords,
which are the fundamental
element in computer security,
so we'll see how they work,
the various attacks to which
you can be vulnerable
and how to deal with them.
The big problem is that
people often re-use
the same password
for several accounts,
and if one account is compromised,
they all are.
I have three versions
of one password.
I doubt it's the right thing to do.
Me too.
The solution is to use
a password manager.
Passwords.
On average, we should all learn
between 70 and 80 of them by heart.
A password manager
generates and stores
complex passwords
and automatically re-enters them
each time you log on.
So, to protect your
password manager
you will be asked to create
a new strong password.
So we thought of a trick, which is
that everyone takes a book,
picks 3 or 4 words from it and
uses these to formulate a password.
This sentence will
protect all your other passwords,
so the goal is to find
a bit of a wacky sentence.
Unbelievable.
This one is very good.
You won't forget it.
Take three random words,
turn a page and point to one.
It has to make no sense at all,
but the sentence
has to be easy to remember.
It's the only password
you'll have to remember.
Did it work? Did you type it in?
Basically, it will allow you
to store all these very long
and very complicated
passwords for each app
directly in your phone.
Make sure no camera is filming your
password while you're chatting.
Unkown to many,
environmental defenders
are the most targeted worldwide,
given the whole picture,
of all activists,
and their adversaries are
most likely to be corporate
and secondarily governments.
When you're up against oil
and fossil fuel companies
and you're up against huge
agricultural companies,
they have hackers on their payrolls.
They're a kind of private militia.
You can get people to do
hit jobs for you
and lots of these guys,
they know what they're doing.
For environmental activist
groups and associations,
with the advent of "smart cities",
automated video surveillance systems
will consider suspicious
behaviour to be things like
standing still
in public spaces
for more than 20 minutes.
There is an active search
to prevent
civil disobedience actions.
Often it's people
who are preparing actions
who don't want any leakage,
before or after the action.
We're here in a totally
non-violent way.
I'd like to make that clear.
So, the aim is to communicate
with each other in a secure way.
There are instant messaging
applications like Signal
with messages that disappear
after a few hours
or a few days at the most.
USE SIGNAL
DELETE BROWSER HISTORY
So, the phone network
is pretty simple:
you walk and your phone
connects to the nearest antenna.
With a small antenna
you can pick up all the phone calls
from dozens of metres away.
So you absolutely mustn't
send text messages
or make normal calls
because you have no anonymity,
they can listen in to everything.
If you don't need
a phone, don't bring it.
And if you do, if it's really
necessary, you must be careful,
even buy a seperate phone,
which is the best solution.
For example, I have two phones,
this one is my private life
and this one has minimal functions,
and if I go on an action, this one
stays at home. I bring this one.
If we take away the plus 7 degrees
that are now predicted for 2100,
we are faced with another problem:
the mass extinction
of biodiversity
and the living world.
Let's look at the most important
thing for tomorrow
since you could easily
put your whole group at risk.
The first rule is
that if you don't need your phone,
you don't bring it tomorrow.
And if you have to,
you delete the apps and everything
that could identify the people
that you have organised things with,
that you have talked to.
And you absolutely
have to use Signal.
BERLIN, GERMANY
Meanwhile,
Max is exploring Mobilizon,
the alternative to Facebook Events
that is soon to be launched.
Today, along with other artists,
he is meeting with
Mobilizon's developers
to discuss how the platform
will work.
So, why are we still on Facebook
as artists, everyone?
There is a monopoly
on Facebook Events
and it's used by
every club in Berlin
and since we are like a
network of clubs, we thought
let's spread this goal
of a Facebook exodus,
because we see a large potential
in not persuading individual users
to make the change to
alternative social media platforms,
but actually to set an example.
Yeah.
We had 15 years of getting used
to hosting
and delegating everything:
the data storage,
the server maintenance to Facebook,
but if you want a Mobilizon Instance
then you have to
host it somewhere and you have
to pay for the server hosting,
but this is what freedom
really costs.
These are the hidden costs
that Facebook and so on
would hide from us and compensate
with stealing our privacy.
So if I got it right, it means
that we could do our own
local server,
what you call an "instance"
and downlad the software to it,
and give it a name
like "Mobilize Berlin",
and then we could
invite Berlin artists
and clubs to come
to our platform and then
they could federate: that means
communicate with the other servers
in Germany or worldwide, right?
Yes exactly. That's the federation
model, it's a philosophical shift.
The most famous "federated" platform
is the social network Mastodon.
FREE SOFTWARE
Since its creation in 2016,
several million users
have chosen to migrate from Twitter
to this free alternative.
FEDERATION
Federation means that there is not
a single authority that's in control
of the whole network. It means
that there are multiple authorities.
If you are familiar with e-mail,
e-mail is another federated network.
You have servers
like Hotmail, Outlook,
Yahoo, Gmail. You sign up somewhere,
you get an e-mail address
that starts with your user name and
ends with the server you are on
and that system allows you to
e-mail anyone on any e-mail server,
just by using that address.
So Federation is
a method by which these
authorities are spread out.
As opposed to for example Twitter
or Facebook where they have
one server and millions of users.
On Mastodon,
because it's decentralised,
you have a large
number of small servers.
Each is owned and operated by a
different individual or organisation
and you get the ability to follow
or interact with anyone
who is on any other server as well.
Max goes to the Mensch Meier,
a Berlin nightlife institution.
The club has long refused
to use Facebook,
but has had to do so
to attract more people.
It would be an ideal candidate
to join the Mobilizon adventure.
Well, we think that
it could be possible
to get people away from Facebook,
or at least try,
in the underground of
Berlin's music scene or art scene,
to get a lot of people
to use a different tool.
The hope is there, let's see
how far we can go with that.
Yes, Mensch Meier is a club
that is very political
and one of the things that was
very important for you was
not to use Facebook
as a promotion plateform
for your events.
So why was that in the beginning?
Facebook started
generating sites for us
that we did not want
and of course there is a little line
which says "unofficial page"
and what I did,
I started claiming them.
And at first it was enough
to give them our phone number,
but at one point, it was not enough
to have our phone number,
they wanted the bills for the water
and the energy of this place,
to prove that we
actually were this place. Yes.
What?
Yes. It's like they wanted
more of our data.
Do you think there's a possibility
for a Facebook exodus?
To get a really big community
to use an alternative?
That could be a possibility
with this Mobilizon
that we try to build here.
So,
FREE SOFTWARE ADVOCATE
should I perhaps
explain a little bit
some of the concepts?
So, the Fediverse is an
open protocol
for communication across services.
Mobilizon is an event
management service
which is part of this Fediverse.
Within the Fediverse, you have other
services. A popular one is Mastodon,
which is a Twitter alternative.
You have PeerTube,
which is a YouTube alternative.
Pixelfed, I believe is the name,
is an Instagram alternative,
Funkwhale is
a music streaming alternative.
They're based on the same protocol
and can communicate with each other.
So I can be using
Mastodon and you can be making
events for Mensch Meier
on Mobilizon and I can get your
events in my Mastodon stream,
even though I'm not using Mobilizon.
We could think about some goodies
that you get if you join it.
I mean, because we are of course
still interested in not
giving too much power to Facebook,
that's already too powerful.
So maybe there could be some
extra form of content
for the events or some extras.
- Free shots?
- Or whatever.
Free shot for every sign up.
All the Fediverse tools,
so the software
in this large federation
which all use the same protocol
to communicate with each other,
finally create a sort
of new internet,
in which we would have
lots of elements
which each have different functions,
but in which we would finally
recreate a full social universe.
The impulse for starting Mastodon
was my personal belief that
there should be a global
communication platform like Twitter
but it should not be in the hands
of a single company.
The idea that it's in the hands
of the people,
that it's decentralised,
is better than that.
It's more local.
It is a noticed fact that Mastodon
is a friendlier platform
than others.
You are part of this global network,
but you also have this special
view towards your neighbours,
the people who are on
the same server as you.
So you get this
community feeling from that.
It's easier to feel at ease
in environments that are
generally much more friendly,
where there is no
attention-grabbing,
because even if we don't realise it,
in the end it inevitably
impacts our behaviour.
And so, in fact,
these are much healthier spaces.
Hello Mr Meillassoux.
My name is WeiKei,
I am a researcher from Hong Kong.
I have been following your work
about digital security.
I was hoping to meet to talk about
our situation with China.
I trust that you will be discrete.
I have been as careful as I could
but it's still scary.
Like thousands of Hongkongers,
WeiKei thought she was safe online,
but the "Umbrella Revolution",
the resistance movement against
China, has changed everything.
Now,
Chinese services can monitor
the communications
of all Hong Kong citizens.
So tell me more:
how is the situation in Hong Kong?
It's getting worse and worse.
You know, the police are
becoming more and more violent.
The conversation
has broken down completely
and we are very worried.
OK.
And you have some kind of a plan?
I think the first step for me
would be
to learn how to secure myself
and then I will be able to reach out
to other people.
I'm actually thinking about a
campaign for the general public
and I wonder if you would have any
contacts of people I can speak to.
Because of my experience
living in China,
I am quite familiar with how
the Chinese government actually
infiltrates in the general public
and how they pinpoint
certain individuals.
I worry that one day, it will
also happen to Hong Kong.
For people to continue
with their work
to fight for our rule of law,
for our freedom of speech,
they must learn how to
protect themselves.
- Hello?
- Hello, this is WeiKei.
So, what sort of occupation
are you involved with?
I work as a researcher,
but then, after the uprising,
I became involved in digital
security training, so I'm doing
a lot of campaigning and contacting
people who are actually high risk.
And so, now you're back to learn a
little bit more about threat-models?
Yes, threat modeling is
something quite new to me.
OK.
It will help determine your risk.
There are five questions
that you can ask yourself.
First question: what is it that
you want to keep private?
THREAT MODELLING
Threat modelling.
This is getting
through the process of thinking:
who do I need to protect from,
what do I need to keep safe,
and what is the worst case scenario?
And you start realising:
well, OK,
my adversary is this.
What do I think this
adversary is capable of?
Is it capable of wiretapping my
internet communications or not?
Is it capable of
getting data out of the provider
that I use or not?
Is it capable of hacking or not?
HONG KONG, JUNE 2019
The adversaries that I'm facing
are actually state actors,
so they do have financial means
and technical power.
I think my risk would be
exposing my contacts.
That's my deepest worry.
The worst scenario for me
would be to get caught.
I would be subject to interrogation
and in the worst scenario, tortured.
These things are all too common
in mainland China.
LONDON, UK
Internet surveillance
has become a major problem
for journalists.
By contacting them, their sources
risk leaving traces online,
which could then be used to identify
and prosecute them.
To address this issue,
Julian Assange co-founded
WikiLeaks in 2006.
This secure platform
allows whistleblowers
to transmit sensitive documents
while preserving their anonymity.
WikiLeaks has brought
to public attention
the abuses committed by the US army
in Iraq and Afghanistan.
This might be the one here.
It has windows on the side,
that's a prison van
but I don't know if it's
coming here. It could be him!
Now at the top of
the US government's target list,
since 2011 Julian Assange
has been under threat of extradition
to the US, where he now faces
175 years in prison.
The first contact problem:
this is one of the big issues
that we face in journalism.
ANONYMOUS CONTACT
If we just think about a scenario:
you're a whistleblower
and you've got important information
that you want to disclose to me,
you use, let's say
your Gmail address,
which has your name and
that you've used for years,
or a normal open line phone call.
That has created a permanent
record between you and me.
I offer different levels
of security.
So someone who is safe
to contact me,
contacts me on Twitter, Facebook,
by e-mail, and that's it.
A person who could
potentially have problems if someone
knew they had contacted me
can reach me on Signal.
And someone who faces a
very high-level threat,
typically someone
who was or is working
for an intelligence service
and who would like
to pass me a file,
they can use Secure Drop,
which is a program
set up specifically
for contacting
investigative journalists
anonymously and securely.
GERMAN PARLIAMENT, BERLIN
GERMAN PARLIAMENT, BERLIN
In 2010, I was working for
Der Spiegel in London with
journalists from the New York Times
and The Guardian,
in what we called a bunker
at the Guardian headquarters.
We wrote the first reports
on the war in Afghanistan together.
When you read them again today,
it's really amazing
what you could write
in simple e-mails back then.
And WikiLeaks, they kept sending us
very annoying and
repetitive requests
so that we would encrypt everything
and be ever more careful.
And we laughed among ourselves
about these "big paranoids",
like "ha-ha-ha",
but we worked together. It was
a real journalistic collaboration
and today I ask myself:
what did I do differently from
Julian Assange at that time?
I'll go even further:
who is next on the list?
I mean,
what did we do differently?
FREE JULIAN ASSANGE
If you're a whistleblower,
first of all, what you need
to be careful with
and be very mindful of
is how you try to record the
information that you are seeing,
because if you just plug in
a flash drive or USB
and try to copy or whatever,
that immediately is a red flag.
The company has probably
got a system that monitors
who's removing information from its
systems. Most of the big companies
do now. They call it
"insider threat technology".
If you have compromising documents
that are of public interest,
but you don't really know
what to do,
the first thing you need to do is to
identify the right contact person.
Identify the journalist
who will be able
to release a document
while minimising the risk.
What I would usually suggest
is that the person,
if they can buy a cheap new laptop,
a notebook or something like that,
go to a café, a public wifi network,
download the Tor browser,
connect to the Secure Drop page,
then you can make contact with us
through that by sending a message.
From there we could probably take
the next steps to try and figure out
how we can get further
information from you
without compromising
your security or safety.
BERLIN, GERMANY
To prepare the launch of
the Mobilizon platform,
Max invited his artist friends
to a "CryptoParty".
During this informal evening,
novices can discover
alternatives to Big Tech
and learn the basics
of online security.
CRYPTO PARTY
Picture, where am I? Picture,
who am I? Picture, where am I going?
Picture, where was I? Who was I?
Picture, does it still make sense?
I take pictures of myself, always
of myself, selfies, selfies.
I take pictures of myself, always
of myself, selfies, selfies.
Thank you very much
for coming to this nice evening.
Most of you are probably not
that deep into the topic
so it's nice to find out
a bit more about
what internet privacy is, because
I think it's a very important topic
that we all should face
in these times.
We're going to talk about browsing.
Are you familiar with what a VPN is?
A VPN? A Virtual Private Network?
No?
Many people use VPNs for privacy
reasons by connecting to a VPN
and then going to the internet
from the VPN.
One of the benefits of that
is that your IP address
looks like it's coming from the VPN,
not from your home network
and that protects
in some sense your identity.
Have you heard of Tor before?
Do you know
how it differs from a VPN?
So, Tor is an acronym. It stands
for The Onion Router.
In some sense, it's similar
to a VPN in that your connection
to the actual internet looks like
it's coming from somewhere else.
But with Tor,
it doesn't connect to one node,
we call it a node,
it rather connects to three nodes
and then it goes into the internet.
These layers are why
it's "the onion router".
You can have some anonymous
connection to the internet.
Of course it's not anonymous if you
log in to your Facebook account.
The next table focuses on
the de-googling of Android phones.
There are indeed alternatives
for most applications. For example,
Google Maps can be replaced
by Open Street Map or Qwant Maps,
so that you don't have to share
your geolocation with Google.
OPEN STREET MAP
FOR ANDROID
The step that I don't understand:
since I have an Android
and a Google account, my
whole phone is connected to Google.
They know my information anyway.
Indeed,
not sending any data to Google
requires a more complex operation.
The Android operating system
must be replaced entirely
by an operating system
such as Lineage
which is free and open-source.
FREE OPERATING SYSTEM
In general, CryptoParty
recommends free and open source.
You've never heard this term before?
Once again?
Free and open source.
Basically, it belongs to all of us,
so the source code is available
for other people to take,
to use, to modify,
to share with other people.
It's maximally transparent.
FREE AND OPEN SOURCE SOFTWARE
In French, I describe free software
using the three words
"Freedom, Equality, Fraternity",
because that's exactly what
free software is about.
"Freedom" means each user is
free in using the program.
"Equality" because every user
has the same rights.
"Fraternity" because we encourage
users to cooperate with other users.
One fairly common kind
of malicious functionality
is to spy on the user.
You must suppose that any
non-free program you run
is sending data about you
and your activities
to some company
and perhaps to a government.
I work with marginalised
communities. You know,
in America, you find young people
in the inner city who are told by
tech firms, social media companies,
these different platforms:
"Express yourself. Be yourself. Tell
us your stories. Post your images.
Give us your words. This is
for you." YouTube, etc.
And you know,
the law enforcement front door.
Law enforcement has contracts with
companies that aggregate the data
and can spin in and analyse it
and slice it any way that they want.
And we have these gang conspiracy
charges in the United States
and in that the police just need
circumstantial evidence to tie
you to criminal activity,
and most of it is through
a network effect.
So if I post something
on social media
and you "like" that thing,
if I have your number in my phone,
that's enough. Your door is going
to be kicked in in the morning.
They'll pull you out of bed
and you'll be arrested.
When you're put in harm's way
by using some software,
you're not excited to use it, you
won't think: "Oh, I don't know,
how do I move? Can I
get my friends to move?"
or "who's also on there?". You think
"where do I go? I'm ready to go".
So I think open source
is the people's software
and eventually the people
will use it because
there's no friction, no cost to it.
They're actually
very hungry and so excited
that there are things now that
they could use, technology,
that makes it so much easier
to protect their identity,
to protect all they hold dear,
and to just enjoy everything about
who they are and what they are.
CASABLANCA, MOROCCO
In recent years,
the world of education has begun
a major digital transition.
In Casablanca, the French
high school Louis Massignon
embarked on the adventure in 2017.
The teaching staff had to choose
between different options,
in particular those proposed
by Big Tech, against the backdrop
of the student
data collection issue.
We tested five or six solutions
within the school.
There were several solutions,
paying solutions,
open-source solutions...
We looked at the pros
and cons of each solution.
The tech giants have
inevitably offered us
immediate, practical,
concise, integrated, ergonomic,
friendly and pleasant solutions.
However, what guides our action
and that of all teachers
is pedagogical freedom.
But what these tech giants
were offering was
a turnkey solution, and a turnkey
solution is generally restrictive.
In terms of respect for privacy
and the data that is collected,
free software was a good fit,
and so we have always been
inclined to favour
open source solutions rather
than proprietary solutions.
OneNote,
which is a Microsoft solution,
was also proposed,
but it is not
well adapted to schools,
and as for Google Classroom,
we quickly realised that
we had to use Google's e-mail
and drive to run our classes.
It required us
and to assign an e-mail address
to each pupil,
which is not
suitable
for secondary and
primary school pupils,
and so the teachers rejected it.
The staff finally chose
the Moodle platform
and the Big Blue Button software,
an alternative to Zoom.
But this didn't
meet with unanimous approval.
Free software does indeed
have the reputation of being
less easy to handle.
Moodle is actually a bit
off-putting at first.
It's not very sexy,
it's not very intuitive,
it's a bit abrupt at first
precisely because it allows teachers
to be extremely creative.
We can all do absolutely anything
we want. It's infinitely adaptable.
With computers, you can do
anything, that's what's magic.
When I arrived, I felt that
security wasn't great here.
I sent an e-mail
to all the teachers,
and 50 percent, half of the people
gave me their password.
And the technique is very simple:
you scare people.
You just say:
"Your account was hacked.
Go there to change your password".
People click. They don't even
see that the URL is wrong.
They type in their password,
you get their old and new password.
It's just stuff like that,
IT is just stuff like that.
Today, we're going to look at what
we call digital hygiene.
So is there anyone among you
who can define what a cookie is?
If you want to enter a site
or something,
they send you
a little message to give
your agreement to access
the site, and generally we accept.
OK, so the cookie
is simply a small file
that will be on your computer
in your internet browser.
And it's used a lot in the field
of internet advertising,
because it can
track you from site to site.
So the message
you were talking about
is the authorisation message.
You're giving your consent
for cookies to be stored
on your computer.
And that's why, generally speaking,
the best practice in digital hygiene
is to go straight to the settings
on this kind of site
and uncheck them.
NORMANDY, FRANCE
As an IT manager in activist groups,
Lilian may have access
to sensitive information.
One of his tasks
is to protect the personal
data of activists,
which makes him a prime target.
We can draw a parallel between
ecology and the defence of privacy.
On the environmental side,
we're heading towards
global warming.
We're already seeing
huge consequences.
It's the same with privacy.
Big Tech has a monopoly and
their tools are easy to use,
but for people, change
can be very unsettling.
I don't think about it any more,
it's become part of my daily life,
to act like that, to have all these
measures that protect my privacy.
Today we'll look at Qubes 0S.
It would be great if it were
accessible to everyone.
SECURED OPERATING SYSTEM
But it's quite technical to use
and it's really for people
who need a second identity
for militant activities
or civil disobedience.
The idea is to keep
a second identity separate
in a different space
in your computer.
It's based on this idea.
You will have a workspace
to send and receive e-mails,
and if you ever need
to communicate
anonymously with someone,
for example,
you will anonymise your IP.
Changing your
IP address is a first step.
Here, Lilian uses obfuscation.
This strategy
consists of deliberately
leaving false traces online
to cover up the tracks.
In everyday life, you can choose
to give false information
when registering on a website
or to disguise your IP address.
The red window means we're browsing
the internet normally.
There's no protection, we're
connected directly.
That is our real current IP address.
Using this, someone could trace
our location, our operator,
and a state could, for example,
ask an operator to obtain
our name and address.
And here we go through a VPN.
It's an intermediary lending us
their IP address,
so we're on the same computer,
on the same internet,
but with a completely
different identity.
If you have to obfuscate
your location or your identity
you need to be careful that
you're doing it right
and it's very easy to make mistakes.
If you look
at hackers' prosecutions,
cases brought against
people that have hacked into things,
they get caught because of one error
in obfuscating their identity.
Like the one time that their VPN
wasn't actually running.
It exposed their IP and location
to the operator and authorities.
Hello. This is WeiKei.
Oh, Hi WeiKei. How are you?
Great.
I think it's very important that I
set up an online alias with you
because I use Twitter and Telegram
to contact other activists
and politicians to see what kind
of information
they are posting.
OK, so you must keep your online
life in two separate compartments,
that is two separate
online devices and logins.
Get a privacy enhanced email
address with, let's say, ProtonMail
to subscribe to various
social media.
Almost all social media
and chat apps, they're going
to ask for your phone number
to sign up and verify the account.
Then you can buy a used phone
at a second hand store
but be sure you only pay cash.
It's called a burner phone.
You have to buy a prepaid
SIM card for the burner phone.
Second, for your online alias
to encrypt your communications
you have to get yourself a VPN.
So you could search which is
the best in Hong Kong.
And you have to pay that
in cash as well.
So using the online alias
that you construct, it can
give you a false sense of security,
you still have to be cautious.
Use it only for your communications
with those involved
in your activities,
and do that from a public
wifi hotspot, not from your home.
The choice of operating
online pseudonymously:
if you are operating
in countries where
the state or adversaries do not have
authority over the online provider
that you are using. For example,
in a country that doesn't have
good human rights records,
it's very unlikely that
the authority will manage
to subpoena data out of
Twitter or Facebook.
Be cautious of the fact that using
some types of internet networks
like Tor or VPN could flag you.
In some countries,
using those technologies
is actually illegal.
So it could be even a point of
attack from a legal point of view.
Since 2020,
a new Chinese law directly
targets Hong Kong opponents.
In response,
WeiKei now runs workshops
for activists
on online safety rules.
Well, thank you for coming here.
Today we're going to talk
a little bit about security.
But before I get into it,
I want to talk about
the new security law.
Who has heard about this
security law in Hong Kong?
As soon as the government
doesn't like you for any reason,
they can send you to China,
to be tried under the Chinese court
and that's the end of you.
So you know, we also need
to escalate our security tools.
It's actually really important
to encrypt your communications
and encrypt your mails.
Sure. It's about your comrades too.
If you're busted,
your friends are busted.
From what I heard from
other activists in my circle,
they don't even know what
encryption is. It's scary.
If I'm communicating
through the internet
from this computer,
I can send that unencrypted
and then anyone on the way,
my wifi, my local router, the ISP,
whatever else
it went through, all those things
could potentially read it.
But if I have it encrypted,
with PGP, it can't be read easily.
So,
we use 2 keys: 2 numbers.
One that is simply messing up
my message to you,
like crumpling it up.
For the sake of understanding.
So, If I pass it on,
all the people here
in between can only pass it on.
And when you receive that, you have
the secret key, the other number
to decrypt it. It's like an opener,
the key that opens
and this is where we have to
learn how to do this.
In terms of
escalating measures or protocols,
I think these are something
you can teach us.
What's more important
is that people do it and cooperate.
I think that there is a
psychological barrier.
If people can get over this barrier,
I think it's doable,
it's never too late.
You can take the first step anytime.
Many of them don't do that
because they think it's already
too late, that they're already
being targeted.
It's not necessarily the case.
In civil society,
there's a lack of ressources
and expertise,
compared to a very high
capacity of the adversary
to breach into electronic devices
and intercept communications.
Then you need to start thinking away
from this strict digital security
aspect and more
about the operational security.
When you think about operational
security, you think about changing
your behaviour
to mitigate the damage.
So I'll use a certain
type of device for certain types
of communications that are at a
higher risk of getting intercepted.
And I'll separate that
from my personal life.
These considerations
often help much more than
buying hardware which are
regarded as more secure.
DAMASCUS, SYRIA
An operational security error
is what could have cost
Dlshad Othman his life.
Like WeiKei,
this unremarkable Syrian
has seen the political situation
in his country change abruptly.
Like her,
he opposed an authoritarian regime
with unlimited capabilities.
At the beginning, I was this person
who not only believed, but who
was confident that actually
digital security or these tools can
be enough to help you protect
yourself and my focus was on
teaching these tools, how to use it,
click here, open here,
install this tool.
But then something happened to me
when I had to leave the country
because of an
operational security mistake
by a Western journalist
and my information was revealed
to the Syrian government.
It was so important
for Syrian activists
to talk to Western journalists
so they could tell the world
what was going on.
So the Syrian electronic army
started targeting known
Western journalists.
The journalists got a link,
a fake link, and they clicked on it
and the Syrian electronic army got
full control over their machine.
At that time,
a lot of people got caught
because it was easy and
the Syrian government had
the capabilities to
analyse internet traffic
and identify users and arrest them.
It was 1 a.m.
when I received a Facebook message
telling me that this journalist
got arrested,
so I needed to do something.
There's no way you can get a
burner phone and SIM card in Syria.
You can't, you need to sign a
contract, they know who you are,
your fingerprints, all these things.
So now they know who I am
and they know my name
so they can go to
the mobile provider service
operator and ask for my location
to find where I am.
I went to the city centre,
the centre of Damascus.
It was 1:30 a.m. and I took
the SIM card and crushed it,
threw it away,
and then I became totally offline.
No wifi, no internet,
no GSM, nothing.
LONDON, UK
Julian Assange's extradition
trial opens in London.
In Belmarsh high security prison,
these five weeks of hearings,
closed off to cameras,
are presided over by
Judge Vanessa Baraitser.
The US request
the extradition of Mr Assange
for the unlawful publication
of classified documents
related to the Afghan and Iraq wars
allegedly endangering the life
of informants working for the US.
The prosecution of a journalist for
publishing confidential documents
is a historic first in the West.
The profession is concerned about
the legal example it could set.
WikiLeaks put in place
a rigorous process
to remove the names of sources from
all documents before publication,
associating with local media
partners in different countries.
WikiLeaks pioneered in
several journalistic fields:
by publishing
source documents online,
initiating large
journalistic partnerships
and creating a secured platform
for whistleblowers
that was replicated by
all major newspapers.
With WikiLeaks, how does it work?
You sign a confidentiality agreement
saying that you will
respect the embargo,
you will respect
the security protocols,
you communicate
through secure messaging
and then you have access
to the document
in a secure way
and ideally you use Tails.
Tails is a removable
operating system.
It fits on a USB key, an SD card.
You restart your computer on Tails
and then all communications
go through Tor.
It's a computer that's not
linked to your identity,
so it gives you an
additional layer of anonymity.
When the threat model is
as extreme as it can be,
we usually try and work in
what we call an air-gaped
environment, which is to
have computers that have never and
will never connect to the internet
and we will only open certain
encrypted communications
on those air-gaped machines.
In New York in the Intercept office,
they built a secure
compartmented facility where
it's almost like Alcatraz.
There's metal through the walls
and it blocks all signals coming in.
With WikiLeaks, my threat model
was the highest I've ever had.
It lasted a week since the
documents were then made public,
so there was nothing else
to get into my computer,
but when you work on NSA
or CIA documents,
they're the best in the world
at intercepting telecommunications.
Before his arrest in April 2019,
Julian Assange lived for seven years
as a refugee in the Ecuadorian
Embassy in London.
Being tracked 24/7,
he became the most monitored
journalist on the planet.
I was employed by a private security
firm at the Ecuadorian Embassy.
In 2015, our chief declared that
we were now working in the "Premier
League", for "American friends".
We installed camera surveillance
with stream capacities and
microphones in all the rooms
of the embassy.
Our "American friends"
seemed to be obsessed
by monitoring the meetings with
lawyers and other journalists.
More extreme measures such as
kidnapping or poisoning Mr Assange
were also considered.
Well the embassy,
having Julian inside,
became probably the most surveilled
place in the world.
In what we could describe as
a "big brother" experiment,
where the only person
that could never leave
the place was him.
Where every single corner
of the embassy was
recorded.
They put a special,
very sensitive hearing device
under the bottom of
the fire extinguisher
and in the lady's toilet
behind the towel rail.
ASSANGE'S FATHER
Julian and the lawyers used
to meet in the ladies' toilet
because they thought
that it was not bugged.
So we would write notes
to each other.
And of course, when you pass
a note to each other
you had to ensure that
you turned it over so
that the camera could not see
what was written on it.
The only 100% secure way to
communicate with another human
is to get a piece of ceramic tile
or a piece of glass and put one
piece of paper on it so there's no
indentation under it from what
you write on the piece of paper.
You then put your head
under a towel, cover it,
and you write your message.
Even if there's a camera in the room
they can't see.
If there's a recording device,
they can't hear anything.
You finish writing and the
other person goes under the towel.
You let them read it
and reply if they need to.
Then you rip up the piece of paper
and you burn it and
pound it into dust,
and scatter it to the winds.
It's like going back to what
John Le Carré calls "Moscow rules",
which is the old trade spycraft,
where it's meeting in person,
using secret marks to show that
the drop place is safe or insecure
and you've been followed.
It's old school spying
to get around this new electronic
spying we're all subject to.
When it was created,
the internet promised
a new space of freedom.
But today, it is mostly controlled
by big companies
and states.
To preserve our privacy,
we have to learn to protect
ourselves.
The problem is that
no major political force
has managed to articulate
a vision for
what this digital world
might look like,
where it's not run by these rather
unimaginative firms
who only think of
selling advertising.
The madness is how
we have organised the entire system,
where we cannot conceive
of infrastructures
with a different political economy,
where data
might be owned by citizens
together and not by the firms that
offer us the infrastructures.
Those kinds of questions
are missing from the debate.
The focus is now on Brussels.
Indeed, the European Union
is the institution that has shown
the greatest willingness
to bring order to the Wild West
of personal data.
By joining forces
at the European level,
with the Member States,
we can really set a
new global standard.
The General Data
Protection Regulation
which regulates
the tracking of users,
including by means of cookies,
has already
marked a historic turning
point at the international level.
But as a last resort, I think
we will have to dismantle
the Big Tech companies.
Before we get to that,
there are other solutions:
developing competition
and pushing companies to make
data protection the strength
of their business models.
Other services are possible
and some of them can be funded
and offered and built differently
with different respect for privacy,
with a different
political economy of data.
That's happening in local enclaves.
But there has to be
a logic that informs that,
and you need resources,
you need billions going into this.
And for billions to flow into this,
you need to have a very different
set of policy priorities at the
national and the European levels.
BERLIN, GERMANY
It's D-day for Max and his partners.
After two years of preparation,
they launched their independent
platform mobilize.berlin.
Now connected to thousands
of other platforms,
it is a new step
in the development of
the free internet.
Today we are here
to celebrate Mobilizon
and launch the website.
So we invite you to go onto
the platform's address,
it's online, there's some
really cool features,
it's connected to the Fediverse,
that's the future of open source,
free and decentralised
social networks. That's it. Sign up!
Think about where our freedom
comes from.
The only reason we have any freedom,
is because of people in the past
who have been willing to make
some practical sacrifices
for their freedom.
We don't need thousands or
millions of people to be heroes
and take grave risks.
We just need thousands,
maybe millions of people
to suffer a little inconvenience.
But it all depends on saying "No".
If you occasionally say,
"No I won't do that
because it would mean giving up
some of my freedom",
you will be advancing the campain
to win back our freedom
in the digital domain.
A new form of global interaction
must be created.
A new era is upon us,
where we raise our hand
and go and challenge the giants.
Because mankind will not
be free as long as Facebook
rules.
Steve Jobs, Bezos
Modern times Super Heroes,
Elon Musk and Microsoft
Shitstorm, community
Clickbait, now or never
Thumbnails
Giffs and lols, life work balance,
head space full of trolls
Algorithms
On the run
Data stream, network,
cyber addiction
My life you want to hack
I will crack life,
Snacking your leftover data
My life you want to hack
I will crack life, snacking your
leftover data, hide myself in you...