Re: [libreplanet-discuss] how would an activist start with Free Software?

[Nils Gillmann]

Daniel Pocock <daniel@pocock.pro> writes:

> On 07/02/16 10:03, Fabio Pesari wrote:
>> On 02/07/2016 09:49 AM, Daniel Pocock wrote:
>>>
>>> Some of you may have seen my recent blog about another group starting up
>>> to "democratize" Europe[1], with a heavy reliance on undemocratic
>>> platforms like Facebook that seems contrary to their aims.
>>>
>>> If people from this campaign or any other like it wanted to bootstrap
>>> themselves in a Free manner, do we have solutions for them?  Has anybody
>>> ever written a guide or anything else to get people started?
>> 
>> Hello Daniel,
>> 
>> it seems you forgot a link (which you referred to as "[1]").
>
> Oops, added below
>
>> 
>> Can you please explain in better detail what do you mean by
>> "bootstrapping"? Do you mean installing GNU/Linux from scratch or...?
>> 
>
> I mean how would they start their organization, "movement", campaign,
> party or whatever form their group chooses, e.g.
>
> a) install GNU/Linux on personal computers
>
> b) extract all contact data and other essential things from iPhones and
> then smash them with a hammer
>
> c) setup email and web server using Postfix, Apache, etc
>
> d) use (what?) for building online community, registering volunteers,
> raising funds, organizing meetings, sharing documents/multimedia, etc
>
> The points (a) - (c) are well documented in various places, covering (d)
> and beyond, with an emphasis on Libre solutions, could be really helpful
>
>
> 1. http://danielpocock.com/giving-up-democracy-to-get-it-back
>
(Long text below)

I think you are looking for a solution which does not exist yet.
Activists are in this current broken internet never secure.
Decentralization as in diaspora does not work (Coming to that in
a moment), we need to rid ourselves of servers.
Deploying more and more and more will not help you.
The more productive work would be to try and get as much people
possible to work on efforts like EDN[1] does, then we get to an
activist, and in general for all humans, useable network.  Why
decentralization does not work?  (this is part of a conversation
I had a few days ago, text wasn't changed very much, it reflects
my experience with Diaspora as an example for
the-so-called-decentralization):

I wouldn't trust in a federation of people where I don't know how
secure their servers are and how competent their admins or
users-turned-admins are vs. a company who does this for a
living. twitter has all sorts of issues and diversity etc are
some of them, but the so-called-federation is no solution. I
witnessed the security of federation by Diaspora...
one old email address suddenly started to get "fan mail" to all assumed
names which could possibly be me, including one real email
address and one diaspora address.
the server which I was on got lost in transit about 9
months ago, friend in netherlands wasn't amused by it (~3000
Euros just gone) and everybody on diaspora blamed him. so, months
later my data is still traveling around, my email address
attached, and some servers might run on these super-secure
virtual servers and clouds, the ones which are so popular for to
their "extra security" (;) ) and bottom line is: you are not
secure in a federation of servers. just one aspect. I have some
more from the time I used it.  there can be 99 competent, capable
admins, when 1 enters who isn't, or who's hosting company isn't,
or who's DC isn't, you add many many many more people to the
chain of trust, to what could go wrong, to where can it break, to
have a possible breach of security. in discussions, people which
defend dispora often use the argument "everybody can run it", but
the reality is not everybody can or wants to or has the time to
maintain systems.  I have an email conversation saved somewhere,
where the real recommended specs for diaspora servers are listed,
and it reads like yes everybody can, but you will experience
problems normal users can't fix, and it does age very bad
(databases of oldest servers are very big) etc..

The overall damage of promoting anything similar to this is the
same, the damage send by the average of people send out that
federation is better than corporation controlled servers. there's
just no "better" when servers are involved, with trust involved
in other people or entities.
This has to be stressed out *especially* for activists of any
kind. You have to be aware of the security issues out there, you
can't just run your own "ohhh so cheap, just 5 Euros" server as a
user if you have sensitive data (imo ALL data is sensitive) to
protect.
You can't make users, who have no interest before in running
websites, servers, services, to "just do it".
I'm pretty much into the whole DIY culture thing and early
exposure is what brought me to free software, but over the years
I learned that people only have so little time and so little
interest. They want things which "just work" not things they have
to maintain. There might be exceptions, and that is a good thing,
but in general we have to work towards a new internet. An
internet which doesn't add security later or try to patch it in
later on.

Yes to GNU/Linux for activists, but if you want real security for
activists who want to run servers, it's impossible.
<|possible rant ahead|>
You can't just tell them, hey here, this is libre
everything and you will be okay, and they will learn and have
their data automagically secure, make no mistakes, have no
breakins, etc etc. that's not how it will work, I have tried to
talk to activist about security, about privacy. I even witnessed
a network of activist fall apart because of lazy behavior and bad
security (anarchists in that nation are small in numbers now).
Some large number of people just thinks privacy, data authority,
security and all that is just magic. It will just happen.
<|possible rant end|>

[1] https://wiki.c3d2.de/EDN
(when I say *people* I generalize because I don't want to bore
everyone with long explanations)
(Yes, I have run Virtual Machine Servers and I only keep some
until I have found a fitting solution to migrate them to
something more secure. I trust the ISP running them, but I don't
trust virtual servers)

-- 
ng