Welcome to Etherbox!

This pad text is synchronized as you type, so that everyone viewing this page sees the same text. Add __NOPUBLISH__ to prevent this pad from being archived.
11/04 nwaa

Asli in conversation with Maria Dada

Maria has a research fellowship, mapping borderscapes. Trying to understand the borders of a network

Asli hopes it goes well!

From Turkey. A lot of censoring. Is a researcher, now based in Ziegen (Germany), teaches digital media / locative media / collaborative platforms / alternative informatics.
Between Brussels, Turkey, Germany .. trying not to lose the connection. Would have loved to be with you/us. 

(close your eyes and listen)

Maria: thinking about networksm and what the border of a network is

technologies of the border:
- border policing technologies : e-passport , walls, ...
- surveillance: watching and gathering data; stopping and blocking
- enabling technologies: how do people making it possible to cross a border -- booking a flight, grindr (for geolocation), ...
  - strategic misuse of technologies!

Apart from using Mastodon and Diaspora instead of FB. Problems with how mobility is arranged.
Whatever profession, you are forced to be an activist. Censoring and blocking not only dissident networks, but also on a more massive scale.
Spyware being used in Turkey -- Deep Packet Inspection
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
the moment you use these tools, you're automatically considered to be a suspicious person
use of scuttlebutt because it's not possible to store something on a server

scuttlebu tt (peer to peer   - thanks :-) - storage, messaging etc : https://scuttlebot.io/ https://github.com/ssbc/ )
people gathering data in Pakistan ... it means getting rid of the data immediately. 
2 dilemmas: 
    - do we trust these servers?
    - if on your own device, it is encrypted but if your device is ceased you can be incriminated
    
Migrants using grindr dating service to meet/find middle-people that can help crossing borders.
they allow you one extra node to cross the border
the not-meant-for-this was a way to hide, but at the same time their use of grindr revealed them as homosexuals, and because of that they were being persecuted .
where is the border?
layers: protocol, server: where is the authority and where does it stop you?

Borderline of authority. "disruptive" tools are tolerated. Commercial tolerance.
Too many actors involved!
when comparing to the wall between 2 places, the nation/legislation
it seems more clear how the boundary is drawn (but also in the case of the physical wall there are many actors!)
on internet there is a boundary because people are persecuted & jailed, but the boundary is not clear

The ongoing question with economic factors involved is the most troubling.

At what point did you decide to leave Turkey ?
I was sacked from university, threats from rector about my research
felt kids were not safe any more.
we were expecting the police to enter our house without notification
I'm also member of Academics for Peace https://barisicinakademisyenler.net/English
It took a few months before founding a fellowship, moved to Germany
This was 18 months ago.

since 2011 elections
2013 Gezi movement  https://en.wikipedia.org/wiki/Gezi_Park_protests
there is a penal case against her; kids can go. Did not have her passport confiscated.

Could you give cartography of how local politics can intervene in global company run services?
Pakistan, Egypt, Turkey... countries are using company features, they can remove technologies from local outreach
wikipedia, google docs, other google services
"because they were not paying taxes " (economical excuse)
"they were shaming the country, blacklabeling the regime", therefore censuring, but that was not enough
people could still reach t through open VPN hose services through open-VPN so then they decided to remove the services (how does one remove a service?)

Saoudi-Arabia : services being blocked at server level, blocking urls, certain ports
security departments of states collaborate with private companies, because they don't have the capacities to do it themselves
Maria is interested in tracing money trace in the data trace

How are you continuing your activism?
activism never stops
in Ger m any you can do a lot but has not much impact (?)
How do you communicate?
Jit.si! or through projects
bend infrastructural funds

Interest in last comment: bending infrastructural funds
Using Open Source Technologies for collaborative platforms we're working on
dismiss e d academics from Turkey can insert their research
try to expand the network of universities
tandem partners of academics in US and Germany

would be interested in continuing the dialog, through notes etc.

"ending on the drone"
Drone
refugee camp in Thessaloniki
protests currently
implanted drones? Drone show?
legally, you can see 30cm close from the sky (1 pixel == 30cm)
Digital Globe company, Google Earth uses them
it's not a technical limit, it means that some nations are allowed to see because they do not have those regulations
some nations don't set this limit, they can read your book then . spy from the sky
when google earth started, there was not that limitation yet
Maria's research is in part making an atlas

time in relation to borders
traceroute - 'autonomous systems' as a unit (in relation to national borders? ok, not)
autonomou s systems: a set of computers that have the same rules to route. They can see the rules of eachother
you need to register at a regional authority, and pay. 2000 per year, for ips but to pass over other networks costs. The actual routing costs. "drinking with sysadmins in the pubs/cafes" , because it is not clear who wins in there
RIPE is the EU organisation https://www.ripe.net/
all agreements are online
a story of a mistake made in Pakistan

you can find membership list of RIPE, very diverse

internet runs on privately owned infrastructure. not free at all

for tomorrow: show the RIPE atlas etc.


Some things already on the agenda for Friday (in EXTRACITY!)

10:00 check in (see what projects people are / want to work on)

13:00 lunch + discuss Feminist internet RFC

14:00 Start workgroup on repository.anarchaserver.org

??? 16:00 How does the internet work? Keith, Jogi, ...




Roel Roscam Abbing: Federated networks
talks about online federation
https://homebrewserver.club/have-you-considered-the-alternative.html

https://homebre w server.club

Thinking with others about federation through the case of Mastodon
On-line federation started at homebrewserver club, people in Rotterdam learning about self-hosting. 

realizing the limitation of the cryptoparty model : disagreement with the "if you add PGP to an email conversation, it's ok" that started to happen in Rotterdam
cryptoparty got regulated and now its called 'privacy cafe'
people started organising meetings with other names, privacy café https://privacycafe.bitsoffreedom.nl/
vendorlocking, dependencies etc. were not talked about.

cryptoparty Rotterdam became homebrewserver
therefore, thinking about self-hosting to get a broader picture

http://www.immateriallaborunion.net/

aligning with the immaterial labor zine http://ilu.servus.at/ = pervasive labour union
how to do chat without silo-ing (Amazon messaging etc)
All joining the same self-hosted server somehow defeats the point

Federated messaging over the XMPP protocol
writing a text about federation : https://homebrewserver.club/have-you-considered-the-alternative.html
Chatting apps to avoid WhatsApp, like Wire, Sginal etc all have more or less same economical model
email is already federation
so: looking for a federated model, to have several instances.

a lot of work of XMPP

in 2017, mastodon : "A twitter-like social medium with federation at its core "
in the continuation of others: diaspora, lorea ... 
they failed at gaining wide spread adoption

why it is interesting to look at Mastodon:
FLOSS is often missing the point of FLOSS
"Gimp is the Photoshop but free software"
'the same but free software'
that misses the point of free software : commandline, scripting, opens different potentialities in the tools

First thought Mastodon was a twitter clone (specifically a tweetdeck clone) , but some things were done differently .
it's well designed and really had sociality built in it. 
the way you talk on/in it matters.
Following the project by digging in the code repositories, and by following conversations on the platform.
large involvement from queer community, people of color, marginalized groups since the beginning
context in 2016 : gamergate, trump election, ... harsh environment.
people from margin ali zed communities started investing technically in these alternative softwares
software shaped by values from feminist and queer activism/theory/practice
the software grew into an interesting space, not per se because of its technical features , but because of the environment
conceptualised as safe spaces for different types of communities
2 million accounts
you see voices ;-) repre ssed especially in FLOSS, that shape the software and usage

some links about fallout of queer community and mastodon developer community:

https://hoodieaidakitten.dreamwidth.org/453.html
"Mastodon’s Complicated Relationship with Queer Activism"

https://medium.com/@cassolotl/i-left-mastodon-27-days-ago-ae34919290e1
"I left Mastodon 27 days ago"
"Mastodon is not well-equipped for serving disparate communities’ needs. There is but one version of the software, with no established means of extension; there are no advocacy positions or research projects by which communities can make themselves known; the development pipeline seems hardly attentive to or even aware of the specific communities which its product serves. These are all things which will have to change for the project to be able to accommodate anything more than its loudest majority."

https://medium.com/@alliethehart/mourning-what-now-10964cce22a8
"Mourning What Now?!?!"
"Right now the Mastodon project consists almost wholly of development, but development is only a small part of what the project as a whole needs."

https://post.lurk.org/about

people connected to different servers start talking to each other
servers that (mostly) connect to specific communities

features that emerged: different modes of visibility (content warnings)

socio-technical innovations:
    - content warning : also used as summary tool
    - different visibilities : in the wide federation, only in your local community, directly to other people (renamed from 'private messaging', because it is not private!) ...
    - de-federating servers: more federation is not always better! This is not default FLOSS behaviour, but it is/was super important
    - a culture of making boundaries explicit: codes of conducts per instance

Framasoft/CHATONS angle on the challenges of federation:
https://socialhub.network/t/technical-ethical-questions/290
https://framaslides.org/share/5c0666d4c67600.80604369

mastodon is one element of a federated network called Fediverse (other services as well)
you join the Fediverse (so not Mastodon) , and then you use Mastodon to enter it [incomplete map of fediverse: https://fediverse.party/ this is a nice resource indeed, but there are many more projects around ]
very different types of people 

each instance has their own list of other servers they federate to/from
https://post.lurk.org/api/v1/instance/peers apparently yes!
https://post.lurk.org/api/v1/instance shows some statistics

the federated timeline: is a global view from the perspective of the server you are connected (what you see depends on how your server is connected to the network--with what servers is connected) - agencial cut?

some servers choose not to federate > as a result it is impossible to a complete overview

https://mastodon.social/public this is the main instance from the main developer

difference between blocking and muting , where muting is not displaying someone else's post, and blocking is also disabeling access to your posts for that person.
cross-network full-text search is made difficult on purpose, to prevent bot-harassments.
hashtag as a form of explicit publishing

many contributions from otherwise abled people. For example favoring description of images/alttags.

credits of a new release, recently includes translators because it also passed through github push/pull and their contributions were countable , but does not include those that actively take part in the issue tracker conversations. They are also not labelled as "contributors" in the software.

Example of not-tech-development work discussion the consequences of sharing block-lists. Comments do not count as contribution.
on the issue tracker forum

some of the people who have made important contributions to the software have left the project, or forked it as a result of discussions of what kind of labour is valued
what counts as labor
so now it's an interesting moment to look at it, but it might be less interesting as an environment as the experimentation is going out of the platform

https://github.com/tootsuite/mastodon

Mastodon started as a clone of GNUsocial
Last year, a new standard was introduced, called ActivityPub https://activitypub.rocks/

a interesting initiative is PeerTube, it hosts videos and use webtorrent so it can be a light server
https://joinpeertube.org/en/

or PixelFed
https://pixelfed.social

the imaginary around ActivityPub
 is still lacking originality by looking at hegemonic services
informed by notions of liking and following

Roel talks to early developers of Mastodon, trying to reconstruct history , doing interviews

self-hosting is difficult
not everyone has time/skills
but federating communities allows people to transition out of GAFAM

federation is a way to share tasks, to not think everyone needs to do everyone themselves (like in SELF-hosting)
However, this independent network is probably hosted on some of the bigger corporate servers

the fact that Mastodon nodes CAN be on AWS, but don't depend on it is interesting

Plugging into FB might mean rules / ways / practices of these projects start to overflow

It is hard to blame the project for being popular?

Ecological impact of Mastodon high. A project like Pleroma (which is a fork of Mastodon different fediverse server implementation ) is a much lighter project, but written in more complicated languages, attracting a specific kind of free software developers crowd (amongst others).
Languages such as Ruby on rails allowing for different voices to enter the discussion. And these languages are resource intensive. (ouch)
And also the act of hosting on AWS making it more accessible to host a server. 

Started from/by people with experience of working across communities, and with coding skills. Who were slowly alienated by the leading developer with more 'pro' aspirations.

code of conducts for every server
considerations and active talking about financing the hosting costs
governance models are discussed which includes conversations about accountability structures

code of conduct of the mastodon .social instance : https://mastodon.social/about/more , located at /about/more of every server (so it is a default) There is space for more information on that page, which is often used for code of conducts, but not always. For example: https://social.coop/about/more  

is crediting the only way to switch the process of recognizing different kinds of labour ? https://www.patreon.com/mastodon here the developer talks about the money issue
without crediting, a contributor cannot claim (s)he /they contributed over some time

do they plan to bring together social political community work and technical work?
there's one way in which crediting is really important. for example, a grant that was given to the Mastodon project of 75000 euro was redistributed to the open source developer community; crediting in this sense has an economic consequence . 
A tool called "opencollective" was used that allows to see the use of the grant. (right?)
This was a page that i could find: https://opencollective.com/mastodon


[the issue of rewarding care work in tech-project development seems an issue for interdependence day -- planning for Constant's participation in the feminist strike, March 8 2020]






Morning: Mara Karagianni: Tunnel Up / Tunnel Down

use cases of VPN:
    - host to host (remote access)
    - site-to-site networks
    - raspberry pi as vpn client and server

vpn and proxy
difference: with proxy you cant have anonymity and encryption at the same time
https://www.digitalcitizen.life/when-use-proxy-and-when-use-vpn

vpn negotiates access through firewalls

in the site-to-site case, two organisations can allow access to the resources that are not otherwise publicly accessed
they use an e(x)ternal?? subnet
site-to-site VPN creates a virtual tunnel between peers that allows the crossing of firewalls

https://github.com/Nyr/openvpn-install
raspberry pi as a vpn in the house with openvpn to have access to your files (NAS - what is NAS? ) when you're outside your house
becoming vpn server

mara uses a picture from http://www.joseluisgomez.com/home-lab/howto-operate-home-lab-with-a-raspberry-pi/ to illustrate this
Challenge of serving from home is changing IP address
you get a domain name, you can update your public ip to your domain name

another case in which the server becomes the client
Pi becomes a client
server is outside on hosting service

(note: an example of VPN that we can install in RPi https://tinc-vpn.org/ and here is an example we worked on http://pzwiki.wdka.nl/mediadesign/XPPL_Documentation )

2 main protocols for private network :
    - Internet Procol Security : IPsec : between two hosts or two networks
      free software : strongswan, ?
     - Open VPN many users can join  
        uses OpenSSL, we use it to generate public/private keys (ssh access, encrypting email)
      implemented between host (user) to network (server)
      can handle multiple IP requests through one network (server)


3 main concepts

- ensure integrity (curious how a synky server thinks / sinks about integrity?)
data we send has to be signed with a signature, shows that it does not come from anyone else 
using hash algorithms (HMAC)
message authentication code (MAC)

What happens if the integrity of the data has been intercepted or altered? Does it still let it go through?

- authentication
proves someone has (right to?) access to a resource (username and/or password)
IPsec uses secret key

- confidentiality
cipher-text - encrypted data
Decrypting your message is the opposite, back to plain text
VPN g ateways use encryption, so that data in transit will be secure


signature vs certificate
signature allows to encrypt the message (private key) which is decrypted after with the sender's public key

certificates bind identities.

- asymmetric encryption: two keys (a public and a private)
data is encrypted using public key and decrypted using private key
ex RSA, Diffie-Helman

- symmetric encryption: a single key is used to encrypt data and decrypt data. for ex algorithms such as DES, Triple DES, Blowfish, Twofish, Serpent
only 1 key

What is the difference between public and private keys? (they're complementary, it's like two pieces of the same puzzle :) )
using Open SSL, you generate public and private key (maybe helpful: https://ssd.eff.org/en/module/key-concepts-encryption#1)
public key is sent to someone else
private key stays with you
you encrypt your data with your private key, the other person has your public key and can decrypt it
illustration: https://patrick6649.files.wordpress.com/2017/10/unbenannt59.png?w=829

visualisation of the Diffie-Hellman algorithm
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange#/media/File:Diffie-Hellman_Key_Exchange.svg
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange


(wo)man-in-the-middle-attack
ex. Mara asks Aileen to send her public key.
Aileen sends it, but Femke gets it
Mara gets Femke's key instead
Femke will decrypt of Mara and encrypt it again (maybe changed) to send it to Aileen

People have key exchange parties, physical encounter (at cryptoparties)
to generate trust
it's very easy to spoof email so need to practices of trust

A key-signing-party is where you bind the physical you to the certificate of you
different ways to establish trust, between humans & between machines
ex project Cryptodance: key transfer translated in movement, we could perform it this week
http://ooooo.be/cryptodance/

vulnerabilities in the Diffie-Hellman algorithm
public/private key +
common secret key +
digital ceritficate

Install a tunnel
declare IP-adresses and port you want to use for traffic

Iptable example
iptables is a firewall installed by default on all linux machines
what traffic it accepts, where it should forward it, from which port

UDP ports instead of TCP for our installation of the raspberry pi

there's more care in TCP, UDP just throw packets
it knows when a package is dropped and can resend it immediately
but it consumes more energy, keeps the connection open between 2 peers

mara: VPN is a way to have access to your home media station
mart e : we have pirate cinema archive and other archives...
mara: (example) make a tunnel with a RPi to reach her station 

not one way to encrypt (everyone has different needs and threat models) but encrypting practice also as solidarity with people who need it and would not been pinpointed that much if encryption was more common

mara: visual cryptography
you can put a secret key in your image


2nd part of the workshop :
Mara is connecting via ssh to anarcha server and installing OpenVPN to tunnel to a raspberry pi at Oooo

tunnelb l ick 
https://tunnelblick.net/

installing instructions for server: https://blog.remibergsma.com/2013/01/05/building-an-economical-openvpn-server-using-the-raspberry-pi/
if you want a client on your computer, just install openvpn : 
$ apt-get install openvpn

[are you also missing the examples openvpn directory?]

need to create a certificate for the server and a certificate for the client
first, need to create a root certificate :
you give details of country, province, organisation etc so clients can check 'the authority'
so the client to access the server needs both authority and certificate

$ less keys/index.txt
edit keys/index.txt if you want to revoke keys

$ less keys/ca.crt
check your certificate

certificate for clients : best practice is either to create one certificate per user or one per group of users

which port should I open for VPN? Avoid ports of standard protocols like 80 , 22


nice to have space ;) !