Tema: General

The president of Turkey, Recep Tayyip Erdogan, ordered the conversion of the Hagia Sofia Museum into a mosque. In the recent years, the use of that monument has become an example of the temperament of Istanbul city as a bridge between civilizations, cultures and religions.

Built in the sixth century as a Byzantine basilica, it was the seat of the patriarchate of Orthodox Christianity until its occupation by the Ottoman Empire, when it was transformed into a mosque. In 1934, the founder of the current Republic of Turkey, Kemal Atatürk, decided to transform it into a museum and make it one of the emblems of the new secular republic.

President Erdogan, with this action, not only continues his policy of restoring the power of the Ottoman Caliphate in the contemporary world, but also consciously and systematically dismantles the entire secular legacy that Atatürk left to the citizens of the Republic of Turkey. This change of status of the quintessential Istanbul monument is the latest episode in a series of attacks carried out under Erdogan’s direction in order to eradicate the rich and diverse history of the peoples who have lived in the Anatolian peninsula, which is patrimony of all humanity. 

With this decision, Erdogan openly certifies his authoritarian policy of demolishing the secular state and annihilating country’s cultural and religious diversity.

Pirates defend the respect for all opinions and beliefs, as long as they do not violate the dignity and right of others. Accordingly, we think that states should be secular and should not promote any religion or grant a specific creed privileges over others. For this reason, and in the same way that our colleagues in the Pirate Party of Turkey and the Pirate Party of Greece have done, we reject the change of status of the Hagia Sofia Museum.

In addition, and in line with what organizations such as UNESCO or ICOMOS have expressed, we call for international talks to ensure that the artistic and cultural heritage is properly preserved and that an exceptional monument such as the Hagia Sofia continues being a World Heritage Site as it has been so far.

Pirates de Catalunya

Now more than ever is publicly debated the government and private companies’ position regarding our data, its privacy, and what they are used for. From Pirates de Catalunya not only are we against the violation of our rights that the government wants to carry out taking advantage of the Covid-19 crisis, but we are also against its versions wrongfully called “voluntary data cession,” and which are similar to those often carried out by a large part of the population in favor of private companies (Google, Facebook, etc.), because it’s questionable whether this is a consented cession or not. Usually, it isn’t.

1) First, it has to be taken into account that it is not possible to consent to something of which you don’t understand the consequences. The same way that it is not deemed that minors can agree to specific issues that violate their rights because it is evident that they still don’t have enough maturity and information to have well-founded judgment and to make fully conscious decisions. Citizens have a significant knowledge gap on the consequences that all this (“consented”) invasion on their privacy rights involves. Never anybody has informed us about personal privacy topics, and which effects have the violation of this fundamental right, partly because it’s not convenient that citizens understand it. And if the decision is not informed, it is not free.

2) If there is any coercion, we cannot claim that the permission has been granted. In the vast majority of real cases, there are multiple coercions, such as economical, social, psychological, but the most common by companies or governments is unambiguous: they only provide specific services in exchange for your data (and if you refuse you can’t access them). This has direct implications with social inequality and privacy rights. People with more resources tend to have more rights (in this case, more privacy) because they can pay the services that other people can’t.

3) If you don’t know alternatives, you also don’t have freedom of choice. We live in a society where we need a series of tools for personal development and to be integrated into society. If you don’t know alternatives to those tools that you need to use, you’re not acting freely. Neither does anyone educate us on this topic (nor inform us of the alternatives that exist which are respectful to our rights). We should recognize as a society that right now, in our present world, there are a series of digital tools that are basic needs and, therefore, their access should be protected and granted by the State so that citizens are not forced to give up their rights to have access to them.

4) Even when there are alternatives to the services you need, you may be forced, due to the monopolistic practices of specific organizations (whether Whatsapp or the Government of Catalonia), to use abusive services where you “consent” to relinquish your data. Right now, if all your family is in Whatsapp and does not concede to change the service, either you accept to provide your data, or you become socially excluded. And in the case of the government, they may be forcing you to use specific software for arbitrary reasons. As a citizen, you haven’t any alternative but to use it. Right now, we don’t want to get into the solutions we can work on to tackle these problems (which are plenty), we only want to manifest the fallacy of the “voluntary” nature of the data cession.

If we take a general overview of all different cases, we realize that this “consented” cession can hardly be considered as such. The majority of people don’t give up their data “voluntarily and fully informed” but due to lack of knowledge of the consequences or because they are not aware or don’t see and alternative to giving them up, or because they feel pressured or forced to do so. In fact, in most cases, if the option of giving them up or not giving them up under the same conditions existed, it is clear that almost anybody would give them up.

From Pirates de Catalunya, we demand that the pandemic is not used as an excuse to gather sensitive data, neither involuntarily nor voluntarily massively. It’s a bad practice in general that anyone builds massive databases with confidential information of the citizens. It is uncertain what these databases can end up being used for once they exist, nor can their safeguard be guaranteed in perpetuity (such as against abusive governments, corrupt practices, negligence, criminality, etc.). And this window of opportunity opens when their gathering is allowed to take place.

Moreover, once you have a massive “voluntary” control of most of the citizens, it is much easier to control those who didn’t volunteer because they readily stand out. So these practices erode everyone’s privacy right, also from all those who didn’t voluntarily accept to give up their privacy, because they lose mass anonymity.

From Pirates, we know that if instead of talking about the privacy right, we were talking about another right in which we had received more education, as citizens we would see much clearer the threat of these proposals that are now made so lightly. For example, if we were talking about freedom of speech, how many of you would agree with a large part of the citizens “voluntarily” giving up this right massively? For instance, with the argument, “I don’t need freedom of speech because I have nothing to say.” Would you find it acceptable that the government asked for massive permission from the citizens to censor them and that a large part of the population agreed to lose this right? Wouldn’t you deem this as highly dangerous and give you the creeps?

Furthermore, we must also be cautious with the data “anonymization” fallacy. This is a term used very lightly every time this topic comes up to guarantee public acceptance, but that is most cases untrue. Anonymizing data is not an easy task; it is incredibly complex. Therefore, most of these “anonymizations” that are claimed to be carried out are usually very superficial and, hence, useless (with the technology available to us today is child’s play to deanonymize them). Unfortunately, this is a situation where the technical details acquire great importance and how this anonymization is carried out is vital to determine whether it is trustable. They take advantage of people’s unfamiliarity with this technology to create a false impression of trustworthiness, so that only mentioning this term. There isn’t any more questioning raised.

It is argued that it is necessary to “sacrifice” and “temporarily” give up our privacy right to overcome the pandemic, but it isn’t true. There are many ways to tackle this crisis, as the heterogeneity across different countries has evidenced. And, unfortunately, after this excuse to violate our privacy, there will be another and then another. There are plenty of measures that don’t break the privacy right that could be undertaken and which haven’t been adopted yet.

In summary, we Pirates advocate that the measures to leave the confinement (whenever the time comes) shouldn’t be based on individual identification and personalized controls of the population, regardless of how “voluntary” these are. It is dangerous in itself, and also as a precedent to invoke afterward. It is not healthy for a society that citizens are encouraged to renounce their rights. And, most of all, it shouldn’t be supported or asked from the authority figure that a government represents. What “freedom of choice” do the citizens have if the government (which is supposed to know what they are doing) tells you that to be a “good citizen,” you need to give up your data?

Pirates de Catalunya

These days of confinement, both the Catalan Government and the Spanish government are debating in the public sphere different initiatives aimed at establishing controls to try to stop the pandemic and, at the same time, keep the economy active. A delicate balance to achieve without some sacrifice. And it seems that the government and the elites have decided to sacrifice citizens’ rights to privacy and equality. As always, they try to make us choose between security and personal freedom by facing a false dilemma.

The proposals include informative applications that hide users’ geolocation systems, confirming they are where they claim to be or to identify who is already immune, intending to work and move freely. As comfortable as they may seem, these proposals do not contribute to fighting the pandemic but to eroding fundamental rights in the name of security. It’s the old-fashioned excuse, with a different cause. Before it was terrorism, now it is a pandemic that could have been contained more effectively and minimized if public health had not been savagely curtailed over the last decade.

We firmly believe that these proposals are detrimental because they violate the right to privacy, taking malicious advantage of the gravity of the situation we live in to control the citizens. Surveillance is not the only way to contain the virus, on the contrary, a committed and well-informed population is more efficient, and powerful, than one controlled and maintained in ignorance in a health crisis like the one we are experiencing.

It is unacceptable for an institutional application to conditions access to information about COVID19 to the activation of the geolocation of the mobile device. Our medical history and location cannot be left in the hands of the government to classify us as first-class citizens, with immunity to the virus, and second-class citizens, to whom freedom of movement is restricted “for their good.” We do not even know the long-term consequences of this virus; our data stored sine die by the government can very quickly become a weapon against us in the future, for example, in the hands of an insurer.

Regardless of the privacy issues, initiatives to identify people who have already been through the infection (such as the immunity passport) are highly irresponsible in themselves. Other than the fact that as of right now, we don’t know if being over the infection immunizes against it, these proposals reward risky behaviors on the part of the population that facilitate the contagion, instead of adopting measures to avoid it. The aim is to restrict freedom of movement to anyone who has not been over the virus, so the only way to avoid these restrictions is to be infected. Thus, the government itself is proposing to put large sections of the population in the face of an impossible choice: to sink into exclusion or to become infected and be able to work. This endangers not only the population at risk for whom this can be fatal but also people with fewer resources, as they are the ones who cannot afford to stay home and not go to work.

In the face of these proposals, we believe they should be avoided entirely. We have run too late to implement prevention policies, such as the use of masks and gloves and the rapid detection of infected persons, to minimize the effects of the pandemic as other countries have. However, to protect our rights and our health, we still have time to take similar measures here, which are progressive and do not exacerbate social inequalities, encourage discrimination on medical grounds, or put the population at risk.

Not everything is justified in the name of security. Not before, not now, not ever. We must inform ourselves, empower ourselves, and we take the necessary health, hygiene, and protection measures to take care of our health and that of the people around us, among all of us.

Pirates de Catalunya

These days of confinement, both the Catalan Government and the Spanish Government are debating in the public sphere different initiatives aimed at establishing controls to try to stop the pandemic and, at the same time, keep an active economy. A difficult balance to achieve without any sacrifices. And it seems that the government and the elites have decided to sacrifice citizens’ rights to privacy and equality. As always, they try to make us choose between security and personal freedom by facing a false dilemma.

The proposals include informative applications which hide users’ geolocation systems, confirming they are where they claim to be, or to identify those who are already immune, with the aim of letting them work and move freely. As convenient as they may seem, these proposals do not contribute to fight the pandemic, but to erode fundamental rights in the name of security. It’s the same old excuse, with a different cause. Before it was terrorism, now it is a pandemic that could have been minimized and contained more effectively if public health had not been savagely curtailed over the last decade. We firmly believe that these proposals are negative because they violate the right to privacy, taking malicious advantage of the gravity of the situation we live in to control the citizens. Surveillance is not the only way to contain the virus, on the contrary, a committed and well-informed population is more efficient, and powerful, than one controlled and maintained in ignorance in a health crisis like the one we are experiencing.

It is unacceptable for an institutional application to conditions access to information about COVID19 to the activation of the geolocation of the mobile device. Our medical history and location cannot be left in the hands of the Government in order to classify us as first-class citizens, with immunity to the virus, and second-class citizens, to whom freedom of movement is restricted “for their own good”. We do not even know the long-term consequences of this virus, our data stored sine die by the Government can very easily become a weapon against us in the future, for example, in the hands of an insurance company.

In fact, regardless of the privacy issues, initiatives to identify people who have already been through the infection (such as the immunity passport) are highly irresponsible in themselves. Other than the fact that as of right now we don’t know if being over the infection immunizes against it, these proposals reward risky behaviors from the population that facilitate the contagion, instead of adopting measures to avoid it. The aim is to restrict freedom of movement to anyone who has not been over the virus, so the only way to avoid these restrictions is to be infected. Thus, the government itself is proposing to put large sections of the population in the face of an impossible choice: to sink into exclusion or to become infected and be able to work. This endangers not only the population at risk for whom this can be fatal, but also people with fewer resources, as they are the ones who cannot afford to stay home and not go to work.
In the face of these proposals, we believe they should be completely avoided. We have run late to implement prevention policies, such as the use of masks and gloves and the rapid detection of infected persons, to minimize the effects of the pandemic, as other countries have. However, to protect our rights and our health, we still have time to take similar measures here, which are progressive and do not exacerbate social inequalities, encourage discrimination on medical grounds, or put the population at risk.

Not everything is justified in the name of security. Not before, not now, not ever. We must inform ourselves, empower ourselves and we take the necessary health, hygiene and protection measures to take care of our health and that of the people around us, together.

Pirates de Catalunya

Pirates de Catalunya condemns the coup d’état in Bolivia and calls for an end to violence against the population.

After the events of the last few weeks in Bolivia, Pirates de Catalunya wishes to express not only our rejection and firm opposition to the coup d’état that has ended with the dismissal of President Evo Morales but also our non-recognition of the self-proclaimed president of Bolivia, Jeanine Áñez, authority.

Last October, the elections for president and vice-president of the Plurinational State of Bolivia ended with the victory of Evo Morales’ party in a resounding manner, making a second round unnecessary. However, the candidate in second place, Carlos Mesa, claimed there had been electoral fraud. These suspicions were fed from the Organization of American States and, finally, President Morales agreed to a repeat election. Subsequently, there have been some reports that deny this fraud or that its importance may have altered the meaning of the elections: it is necessary to distinguish between irregularities and a massive fraud that can make a difference.

Despite the electoral repetition announced by President Morales, the police forces and the army have sided with the opposition and have committed serious human rights violations: there are dozens of dead and hundreds injured, as well as elected officials forced to leave the country or subjected to public humiliation. The democratic governments of the world cannot endorse the new regime in Bolivia and accept with normality that such atrocities are committed. In this sense, we oppose the statements of the EU foreign commissioner, Federica Mogherini, who stated that “the power void must be avoided and peace and security guaranteed”, since the regime of Áñez is part of the problem, not a solution to it.

The repressive synergy between the military and police forces and the government is an example of the authoritarian nature of this self-proclaimed Bolivian government. These days we have learned that Áñez has promoted a new decree to exempt the military from any responsibility for violations of rights like the ones mentioned above. In addition, the new government is based on extreme right-wing postulates such as white superiority over indigenous peoples and religious fundamentalism.

To conclude we would like to express our solidarity with the Bolivian people who are suffering the consequences of the coup d’état perpetrated and the indifference or complicity of the rest of the governments around the world. The rise of the extreme right, filofascist and reactionary is not a phenomenon exclusive to Bolivia, but it is one of the few places where this has been done to the government through arms. Immediate action must be taken against the extreme right globally.

Disclaimer: The following info is the result of the analysis and observation of the app distributed by Tsunami Democràtic. It is published with pedagogical purpose and also to allow the citizens can make their own conclusions.

The new cycle started with court ruling regarding of the “Procés” that have been highlighted by the social media and instant messaging apps. If 15M was the result of several Facebook groups, 

this Tsunami has started on Telegram with replicas to Twitter. But after the action of blocking the Prat airport, the entity surprised us with a new tool: an app, just for android, designed to coordinate pacific acts of civil disobedience.

From Pirates de Catalunya want to explain its operation from what we could gather and observe collectively. We consider this tool will have on its hands the security of thousands of Catalan men and women, so it must be under the most rigorous scrutiny possible.

Before we begin, we strongly emphasize that the absence of the original font code has made difficult this task. In ordinary circumstances, that would be enough reason to reject its use for not knowing what the application can do precisely. However, the message transmission system is free. In spite of being far away from our ideal, it is better than other options. Like Telegram, that only the client is open. Or social platforms that are entirely private and bound to the arbitrary criteria of a company, like Twitter, that its business is the exploitation of personal data collected for advertising and other purposes.

Retroshare: the keystone

We are not going to get deep in technical aspects regarding the user’s interface and the interaction with the device’s hardware (camera, microphone, GPS, etc.). Just point out, it is an application developed in Flutter and has parts in different languages. We are going to focus on something else, the core that has been already explained in social media and some mass media: Retroshare.

Retroshare is a free project that allows the creation of encrypted networks among friends to communicate, sharing files, videoconferences, etc. without any central server. It is based on the principle of Trusted Network, exchanging keys, preferably in person.

Here is an example to make it more understandable. Two people share the key of a box. One of them can close it, and the other one can open. That would be symmetrical since both parties have the same key. But in the case of an asymmetrical key, the box has a particular lock. It accepts two keys, one we call public, and the other private, and each person has one of each one. The box only can be opened with the correct key combination: the public one from one person and the private from the other. In the case of messaging services, person A can use the public key of person B to encrypt a text that person B could decrypt with his/her private key.

Retroshare is designed to have no central server. As well as IPFS, the technology used to replicate the 1O referendum website with no chance of censorship, the information is no centralized. The friends’ network of Retroshare allows spreading messages among them automatically, so all of them receive them. The network model works pretty close as BitTorrent or Bitcoin. But here, the network nodes are trusted people, each one with their own cryptographic identity, and the keys are not associated with their data. But, how is trust established? That is the primary role of QR codes and why it’s so crucial to no to share them carelessly. The network of trust loses its purpose if it’s not respected. QR codes are a tool to interexchange keys since they often are long text chains too complicated to write them down manually. You probably wonder if these keys have more useful purposes. They do to cipher messages and also to sign them. As we said earlier, messages are encrypted with the recipient’s public key, so that only could be read by the matching owner’s private key. Also, messages can be signed using the private key to validate a known public key sends them. The encryption implemented technology (GPG) is known and tested. Therefore, we have an application that turns a mobile device into a node of a network of people we trust. At the same time, they are connected to their trusted people’s networks to compose a vast network where a person can broadcast messages to all participants. It is a safe network on paper; however, the human factor always is the weakest connecting link of any secure system. That’s why we need to be careful with who we share our keys. No technology is 100% safe but reasonably safe, and that depends on its design and its users.

What can happen to me if I install the app?

We want to warn that from this point, there is certainly speculation. Since the absence of source code, we cannot check if some critical Retroshare characteristics are active. We beg you to understand that the following information has to be taken as prudent advice, not as a negative recommendation of the app.

Retroshare uses a DHT (Distributed Hash Table) to indicate each friend’s IP address. This information is public; therefore, it does connect our key with an IP address. Two integrations with anonymous networks (I2P and Tor) are available. They allow hiding the IP’s device, but as we said before, it’s not possible to confirm if it’s using this. We understand the people that developed the app would activate one of them, but here we are only speculating. If this is the case, both technologies are known and tested, especially Tor. In any case, we advise the use of a VPN as Mullvad in your device to hide your IP address.

What relevance does the association of a cryptographic identity with an IP address? A statal or superior adversary, with access to low-level communications (assuming they have internet providers cooperation), could relate a couple of keys with a person. It would be possible to cross data regarding the hours on Tsunami’s emissions are produced, the IP’s that participate in the network, etc. That said, this is an attack that requires a significant amount of resources as well as a complete intervention of the local internet infrastructure to be able to do traffic analysis. To a lower scale, they could do it targeting “suspect” users such as it would be in a telephone line intervention. These data that are not the content of the messages are called metadata, and different surveillance system uses them.

Beyond this and given the open and free nature of Retroshare, we understand that the messages travel encrypted end to end. But we don’t know what use they give to the data introduced into the app.

On the other hand, without access to the source code, we are not able to confirm the use of the microphone. We can speculate about possible access to VoIP communications, as Retroshare allows. Also, we can’t tell how the data introduced into the app is treated. They can store it outside of the device – that would add a non-desirable centralization factor – or it can be used to filter notifications on the device, according to the user-provided parameters. For things like this, we firmly defend both free software and hardware to know and verify the functioning of technology.

However, the main risk is not the tool itself but its distribution. The distribution of the APK file, installable binary format, downloaded from its web opens the gate to fake websites that distribute modified malware versions. Our advice is never install anything from an unknown origin. It is better to go to the official source and making sure that the address you are accessing corresponds to app.tsunamidemocratic.cat or another subdomain of theirs.

Conclusion

The Tsunami Democratic app makes use of a technically sound foundation. It improves the security of the tools that are being used at the moment massively for mobilizations (as Telegram and Twitter), but it is not a silver bullet. No completely secure technology exists; only reasonable safe tools exist, of which Retroshare seems one of them. Not having access to the app’s source code adds uncertainty. So it goes to the conscience of each one to decide to assume the inherent risks of its use. Let’s be clear; many other choices are taken daily without grasping risks threating our privacy and security. Like when you install the last trending app that modifies your face. But we’ll leave this subject for another day.

Pirates de Catalunya