You can see the lock on the wheel

I also met with one of the guys from PUSCII. He seemed like a very interesting, intelligent guy, but also very intense. He apparently spent 10 days in jail for chaining himself to railroad tracks along with other protestors to block the movement of trains carrying equipment for the war in Iraq. The charges were eventually dropped in response to bad press. He’s a true old-school computer guy, he even has a Commodore 64. He seemed to feel like the hacktivism scene in Europe was getting stale from a peak in the late 90s with the tech bubble. PUSCII at this point doesn’t have much of a physical presence, and he said it’s been hard attracting volunteers. He did give me some tips on other groups that might be more active (including a couple in nearby Amsterdam). So I’ll probably try to check that out.

The PUSCII sign

For dinner I cooked up this thing that’s sort of a Turkish equivalent of the frozen burrito. It was actually fairly tasty with vegetables and spices and stuff (I cooked it in the oven instead of the microwave, which usually helps). But what was really bizarre is that actually printed(?) onto the wrapper/tortilla part of it is the word “Mmm”. You can see it in the photo below. When I first saw it, I thought I was imagining it, or that I’d somehow failed to remove all the plastic covering. But no, it’s actually printed on there with food coloring or something. As a general rule, I try to avoid readable food, with special exemptions for alphabet soup/cereal.

"Mmm"

The name Debian is a portmanteau of project-founder Ian Murdock’s name with his then-girlfriend’s (now ex-wife’s) name, Debra. The lesson: don’t use girlfriends’ names for tattoos or software projects. Debian is famous for taking the concept of free software incredibly seriously. They even re-branded the Firefox browser as “Iceweasel”, because the name “Firefox” and attendant logos are trademarked by the Mozilla Corporation and the Debian project felt the terms of their use were incompatible with their policies on free software.

Debian is important for historical reasons, but also because it serves a base for numerous other popular distributions such as Ubuntu, Xandros (which is the default OS on the popular eee PC) and KNOPPIX.

While there are many people who do run Debian as their primary OS, I’ve always thought that it was in this aspect that Debian truly excelled–as a large pool of stable software for other distro developers to draw upon. The Debian project is nothing if not ambitious: it includes over 18,000 software packages and supports eleven different hardware architectures, most of which you’ve probably never heard of. You can run Debian on everything from the ARM chip which likely powers your cell phone, to giant IBM mainframes (your desktop computer is most likely an x86 architecture).

But trying to do so much inevitably leads to shortcomings. Debian has been famously plagued by slow release cycles, almost 3 years passed between woody and sarge (all Debian releases are named for Toy Story characters). As a desktop OS, Debian lacks the polish of desktop-focused distros like Ubuntu or SuSE. Debian has been accused of lacking focus, with resulting conflict and controversy between different developer communities.

But for the most part, Debian does a fantastic job of providing quality code, and it’s even more to the developers’ credit since they labor in relative obscurity on a massive workhorse project, not on the latest flashy project at the top of the DistroWatch list. And hey, any distribution that comes with its own manifesto is alright by me (I’ve always wanted to write a manifesto!).

Reactions like these betray a fundamental and all-too-common misunderstanding of who hackers are and what they do. At its most basic, a “hacker” is one who hacks. The word ‘hack’ originated at MIT in the 1960s and 70s, where it meant something like “messing around”. One of the earliest applications of the term was for students who explored locked parts of buildings or steam tunnels under the campus. This was known as “tunnel hacking”.  Later, the word came to refer to elaborate and intricately planned pranks orchestrated by MIT students. The Jargon File (an invaluable repository of hacker culture) lists examples such as putting a police cruiser on the roof of a building, or inflating a huge ‘MIT’ balloon at the 50 yard line during the Harvard-Yale football game.

From this early use, the term spread to the MIT AI lab, which was one of the major hotspots of early computer and software development, and one of the birthplaces of computer hacking. It was there that “hacker” took on its current meaning. The exact definition depends on who you ask, the jargon file lists eight separate meanings, but others would claim fewer, MIT hacker Phil Agre is quoted as claiming that, “The word hack doesn’t really have 69 different meanings. In fact, hack has only one meaning, an extremely subtle and profound one which defies articulation.”

To me, the key thing that makes something a good ‘hack’ (and its perpetrator by extension, a ‘hacker’) is that it involves cleverness and elegance (either in the form of clean efficiency, or intentionally absurdest inefficiency). Brian Harvey of UC Berkley (another important site in the history of software) argues that what makes a hacker, is at its core, an aesthetic judgment, and I’m inclined to agree. One of the best (although not necessarily most succinct) expositions of what it means to be a hacker is given by Eric S. Raymond. He lists the central tenants of hacker philosophy as:

1. The world is full of fascinating problems waiting to be solved.
2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.

There are many people who will claim that, “hacker” refers unambiguously to noble, ethical, hobbyist-tinkerers. They argue for the use of “cracker” to refer to malicious computer criminals. Leaving aside the fact that cracker already has a much better-established slang meaning, in my opinion, the people who argue the loudest in favor of “cracker” tend to be IT nerds who want the cred that comes with the label “hacker”, but don’t want to accept the moral ambiguity and anti-authoritarian connotations that come along with it. Just because you write code for a living, it doesn’t make you a hacker. In fact, it may even be a mark against your hacker-dom. A true hacker doesn’t write code to make a living, s/he codes to solve an interesting problem in an elegant way.

The truth is that “hacker,” encompasses both ethical coders and malicious criminals. Some criminals have been very inventive and creative in their efforts to compromise systems. By the same token, most computer criminals are not all that clever. It is a simple matter to download ready-made tools which can be used to, crack wifi encryption, or orchestrate a DoS attack, for example. These people are not hackers, they are script kiddies.

My preferred nomenclature is the one which uses “Black Hat,” or “White Hat Hacker” for cases where it is necessary to distinguish and separate hackers who engage in criminal behavior from those who do not. I feel that this terminology preserves the full range of meaning for “hacker” and doesn’t resort to silly invented (as opposed to organically developed) terms like “cracker” to draw the distinction.

If this all seems a bit complicated, it’s because it is. To help clarify things, I made a little Venn Diagram:

I downloaded it, I tried it, and I’ll say it right now: it’s good. Very good. The interface is clean and intuitive, it uses the WebKit engine also found in Apple’s Safari, which results in fast, accurate page renders. I didn’t run any memory comparisons (I’m sure hundreds of people are doing that already), but it feels much snappier and more responsive than Firefox 3, especially on Vista (I tested on XP and Vista; Google claims Linux and Mac versions are on the way). In many ways, Chrome combines the speed and responsiveness of Opera with an interface I much prefer. The startup page displays your 9 most frequently visited sites, a nice feature ripped off from Opera.

In short, it’s clear that Google put a lot of time and effort into this, which actually makes me very suspicious. Why go to all this trouble? What do they have to gain? It’s not like the world needs another web browser (IE, Firefox, Safari, Opera, Konqueror, Epiphany and K-meleon have that covered, thanks). Google’s released it under a free software license, so they aren’t trying to sell it. They already own the search market, and they pay a lot of money to Mozilla in order to be the default search engine for Firefox, so it’s not like they need Chrome to be a trojan horse for their search engine.

The only thing that makes any sense to me (and the part that makes me really suspicious), is the inclusion of Google Gears support in the browser. Gears is a Google-developed framework for web applications, and it looks to me like their goal with Chrome is to make Gears a must-have application platform. This is a really, really bad idea. It will complicate the lives of web developers endlessly, and you’ll start to see sites that are designed for Gears, not according to common web standards.

The entire thing smacks of Microsoft’s “embrace, extend, extinguish” strategy, where they would move into an area where open-standards prevailed, embrace and support the standards, but then add their own non-standard extensions until those extensions became widely adopted. Then, change their extensions in such a way as to break compatibility with competitor’s products. This looks eerily like what Google’s going for with Gears. Now, Gears is BSD licensed, so it would be very hard for Google to deliberately inhibit compatibility with competing products without changing the license. But even if they don’t break competing products, they will still be in a position of power controlling a “standard” developed internally, by one company, that already has a great deal of power in several key internet sectors (search, context-ads). You’ll likely never be “forced” to use Chrome, but if Google is successful it’s entirely possible you’ll start to see websites that just don’t quite look or work right in other browsers. It will mark a regression, not a progression in the browser market (which has in recent years trended toward ever-greater standards-reliance). It will be like the bad old days when sites were “Designed for Internet Explorer” or “Designed for Netscape Navigator”.

The big thing that I came to Berlin for is C-base. C-base is amazing. It’s basically the hacker mecca. It’s been in its current location since the late 1980s, which in the computer world is practically an eternity. Unlike many of the other hacklabs I’ve visited which are precariously located in squats, or part of some larger social center, C-base is its own entity. Registered as a non-profit corporation, it collects money monthly from some 400-500 dues-paying members.

C-base is tricky to photograph. If I use a flash, it washes out and does a very poor job of conveying the dark, cyberpunk aesthetic of the place, and it’s too dark to really photograph properly without the flash. At least, for my crappy camera. It looks kind of like the inside of a laser-tag arena, only without the smoke machine; and most of the neon blinking things actually do something. There’s strange aliens, and circuit boards all over the walls. Apparently some of the original founders’ mother/mainboards now adorn the “nerd room” in the basement. This room is off-limits to non-members unless escorted by a member. When I emailed, the C-base guys generously found an American ex-pat member to show me around.

C-base has its own founding myth and mythology. The story goes that there’s a crashed space station buried underneath Berlin. The iconic TV tower in the center of Alexanderplatz is the antenna of this station. C-base is part of the station buried underground. The C-base members are the extraterrestrial inhabitants of the station, and every improvement or expansion of C-base is an attempt to reconstruct the station. Accordingly, non-members are “aliens” to the C-base members, hence the “No Alien” signs noting members-only locations. When entering these restricted areas, my guide yells out, “Alien entering” in German.

On Monday when I was there, they were playing with a homebuilt multitouch computer. Microsoft is developing this concept under the “Microsoft Surface” label. If you’ve never seen one of these, this video gives you some idea. The C-base one is homebuilt with about $6,000 worth of hardware. It uses a webcam mounted in the console to spot where your hands are, a high-res projector reflected off a mirror for display, and a Linux-based interface.

There’s also a robotics team at C-base. When I was there, they were working on trying to build a small robot that would balance itself on only one wheel. They had the basic hardware built, but were having trouble getting the software to interface correctly. Another group at c-base, Friefunk.net is working on constructing a free wireless network for all of Berlin. They’ve been coordinating with churches to install hardware in their steeples to provide maximum coverage from high networks. They also have special router firmware that can be installed on normal consumer hardware to allow your home router to become a part of their mesh network and contribute some of your extra bandwidth to the project.

Tuesday night, they had an open stage night, with several different bands jamming and generally rocking out. It was notable for being the only musical event I’ve been at where having a laptop open in front of you was not only socially acceptable but actually made you cooler. Also, during one performance, the singer concluded a song featuring the lyric “yes we can” with a random shout of “Obama!”

On Saturday, I went to an Ubuntu 8.10 release party at c-base. It was surprisngly well-advertised (I saw advertisements announcing it on the U-bahn throughout the week) and consequently well-attended. There were presentations by members of the Ubuntu Berlin development team about some of the new features in this release of Ubuntu. I’ve actually been running the 8.10 beta on an SD card since Florence, so a lot of it wasn’t new to me, but it was still a really cool environment and neat to be able to see some of the actual developers.

Other notable occurances in Berlin: I went to a couchsurfing Halloween party, hung out with a cool Polish econ student, and later to a “secret” Halloween party in the boiler room of an abandoned building on the outskirts of Berlin.

Also, at the hostel I was staying at, a guy gave me a free ukulele because he was tired of carrying it. So now I just need to learn to play the ukulele. I also met a very friendly Iranian guy who drank tea compulsively (~6 cups a day) and kept trying to get me to match him cup-for-cup. He was in Berlin to work and was staying in the hostel while looking for an apartment. He complained bitterly about the awful bureaucracy of the German government, which is probably true, but I was surprised to hear it compared unfavorably to the ponderous religious/governmental hybrid authority that runs Iran.

No Alien (This means you, Homo sapiens sapiens)

Hardware workshop

Ubuntu Release Party

The first talk was by a woman named Eleonora Oreggia. She has an idea for something she calls “Virtual Entity” which would be a universal, shared, collaborative metadata system for files. She wanted the system to be decentralized, automatically updating to take into account new revisions of the file, and allowing for people to comment on it. She gave an example of the problems with current, static metadata systems: if she uploads an early version of an artwork, without filling in all the metadata, and somebody downloads that file, then later when she finished the file and fills out the rest of the metadata, then anyone who downloaded the file earlier would have bad, incomplete/out of date metadata.

I’m not sure I fully understood everything that she was proposing. Much of her vocabulary seemed strange to my ears, she talked about metadata being the “soul” of a file, mapping the relations between files as the “DNA of the files”, and proposed calling the segment of the metadata containing the initial creation information “the kernel” (after the presentation, I suggested she choose another word, since “kernel” already has a pretty well-established meaning in the computer world).

It’s kind of a cool idea, and there are a lot of problems with current metadata systems. But it seemed more like a thought-experiment than a real project to me; I don’t think she understood just how freaking impossible her system would be to implement. For it to really work the way she imagined, you’d either have to add network-aware code to every content-authoring and editing program in the world, or somehow convince people to go to your website and manually update data all the time. Not to mention the requirement for it to be decentralized would require a whole bunch of different servers, or some sort of peer-to-peer component on people’s computers. Even currently popular metadata systems are a mess of different, incompatible formats, so I don’t see how you’d get people to standardize on yours.

She had some interesting ideas about authorship, “What you create does not belong to you,” which is not an unheard-of position. I think you can make strong case that artistic creations somehow belong to all of humanity. Should da Vinci have been allowed to destroy the Mona Lisa if he’d wanted to?

At the end of the presentation, she had sort of a collaborative exercise where she wanted us to think of examples of various types of data. She proposed that all data be “divisible in four substances” she tentatively identified as TEXT, AUDIO, IMAGE, VIDEO. This grouping seemed kind of problematic to me. “Where does a compiled binary file fit?”, I asked. Somebody else wanted to know whether MIDI instructions were text or audio. Is a PDF file text, or image? What about archives that contain many different types of data? What about steganography?

One guy noted that ultimately, data is just data, and maybe you should just group everything into Ones or Zeros. In any case, I wasn’t really sure what the point of the taxonomy exercise was. If you can play it with a video player, it’s a video file; if you can edit it with a text editor, it’s text; if you can execute it, it’s an application.

The next talk was by a Dutch woman named Rosa Menkman who creates glitch-art, mostly video. I thought her presentation was pretty cool. She showed a Mario 1 speedrun video, which is a pretty vivid example of people who make extensive use of glitches: jumping backwards because it shows one less frame, double-jumping off walls, abusing flaws in the game’s collision-detection to move through walls. I’m not sure if speed-running counts as hacking, but it certainly involves taking a known system and pushing it to its absolute limits.

The slides for her presentation were pretty cool looking. They looked like what happens if you open a MS Word document in a normal text editor (you can try this yourself with notepad), where you get some readable text, but also a lot of gibberish and symbols from misinterpreted formatting information. She opened with the quote, “Every tool is a weapon if you hold it the right way” (I doubt you could do much damage with a chalkline, but the idea of using things in unintended ways is sound) She talked about the “In-Between manifesto” which includes tenets such as “We react to the spirit of our time”, “We celebrate the percieved accident”, “We make meaning through imagination”.

I thought the idea of appreciating and re-interpreting what would normally be seen as negative failures of a system was an interesting one. She did admit, though, that not all glitches are wonderful, some are boring and you just want your computer to work. To paraphrase Freud, sometimes a BSOD is just a BSOD.

The final lecture of the night was from Michael Schweiger from the Austrian Community Radio group Radio FRO 105.0. I’ll be honest, I don’t really think that terrestrial community/free/pirate radio is very important, especially in the developed world. Schweiger talked about the use of Community radio as a place for open expression, to give a “voice for the unheard” and “room for experimentation and discursive reflections,” which is all well and good, except that all those purposes can be much better served by the internet. You’re much more likely to reach somebody who’s actually interested in what you have to say by setting up a globally-accessible website than you are by running a low-power FM station.

During the Q&A section after the presentation, I raised this question. People responded with the example of islanders in Tonga who are using community radio to communicate and share information between islands—which is great, I think radio is better than nothing in situations where internet infrastructure is sparse—and reaching people in their cars—which, unless you have a high-power transmitter, means reaching them for ten or fifteen minutes while they’re in your broadcast radius.

Almost all of these stations also do webcasting, and maintain websites with archives of past broadcasts. To me, that’s basically an admission that the terrestrial broadcasting is unnecessary. Actually, to me, the most interesting part of the radio presentation was a demonstration of a cool graphical timeline browsing system on the radio fro website.

I think non-commercial radio has a place for bringing greater exposure to independent musical artists, and stations like NPR usually do very good journalism, but in both cases, the fact that they broadcast on the airwaves is kind of incidental. There’s some cool things happening with TCP/IP-over-HAM radio, but traditional AM/FM radio seems like such a throwback medium to me.

At the end of the night, the Pirate Bay guys showed up with their bus, and took anyone who was interested on a rambling tour around Ljubljana. The driver stopped at any local city bus stops we passed, and we tried to entice any local Ljubljanians waiting there into boarding the bus. A few of the bolder Slovenian teens actually did take us up on the offer and rode along for a while. “I feel like I’m living in a cartoon,” one of them commented. My camera was still misbehaving, so many of my best shots were destroyed, or at least that’s the excuse I’m going to use for the generally low quality of the photographs from our bus tour. I also took a grainy, low-bitrate video that lets you hear the strange, repetitive circus music and sort of get a feel for the atmosphere on the bus:

Download Link

The bus also featured a lot of post-it notes and painted phrases like:
“Home Killing Is Taping Industry Music”
“Eye Ball the Media”
“401: Solutionartemporary.com”
“S23M Homepage: Under Construction”

After the ride on the Pirate Bay Bus, I headed over to an American ex-pat’s house to watch the US election results.

There was a decent article in the New York Times a couple days ago about Ubuntu.

It’s always nice to see Linux getting attention in the mainstream press, although as usual, the author doesn’t really seem to grock free software. The article is in the business section, and the author seems to have a lot of trouble with the idea that software can be something other than a product, that software development can be something other than a business. So we get quotes like the following:
“CANONICAL’S model makes turning a profit difficult.”

“All told, Canonical’s annual revenue is creeping toward $30 million, Mr. Shuttleworth said.
That figure won’t worry Microsoft.”

“Canonical’s business model seems more like charity than the next great business story.”

Also, the NYT writer completely fails to draw attention to the distinction between “free as in beer” and “free as in freedom”. I realize that the average user probably only cares about the former, but it’s the latter that really makes free software a socially significant phenomenon. It’s the difference between software that obeys its user (you) and software that obeys some company that wrote it.

The pirates in Sweden have even created an organized political party to lobby for changes to copyright law in Sweden. Recently, the youth wing of this party, Ung Pirat (Young Pirates) received around $159,000 from the government bureau tasked with giving money to youth organizations  to encourage young people’s participation in politics. Ung Pirat is apparently the third largest youth political organization in Sweden, and the money is distributed according to membership.

Giving money to an organization that’s seen as encouraging illegal behavior was apparently quite controversial. I applaud the Swedish government for standing firm and applying objective standards when giving out the funds. There’s nothing wrong with advocating changes in copyright law. Plus, if your goal is to get young people interested in politics, it would be hard to find an issue closer to their hearts than file-sharing.

I actually have very mixed feelings about copyright infringement on peer-to-peer file networks.  On the one hand, it’s been great for raising awareness about issues of online privacy and security. Hundreds of millions of people are doing not just something they’d rather their neighbors didn’t know about, but something they could actually be penalized for in court. That perspective makes it a lot easier for those people to sympathize with Chinese bloggers, or Iranian dissidents, for instance. File sharing has also exposed how hopelessly broken our copyright laws are. Eventually, statute will bow to status quo and some sort of sane reform will have to be implemented.

On the other hand, I do believe that it should be possible to make a living by producing creative content. Being a writer, musician or artist should not be the exclusive province of the idle rich. Copyright law may be a blunt and clumsy instrument, but it has historically made this possible. Before we do away with the entire structure of copyright, we should try to ensure that a viable alternative model is in place to compensate people for creation.

With regard to software in particular, the easy availability of pirated commercial software probably significantly hurts adoption of free software alternatives. In his well-reasoned article, Windows is Free, Dave Gutteridge points out that for many people, pirating software is so easy and so automatic they never even consider price when choosing between commercial software and free software alternatives.

The museum, for its part, turned out to be pretty interesting. So many museums are focused on “important” things: epoch-shaping wars, timeless art, science−it was cool to see one devoted simply to daily life in the DDR. The tone of the museum reminded me a little bit of the charming comedy Good Bye, Lenin, a sort of bemused appreciation for communist kitsch, but with recognition of the negative aspects as well. I learned a bunch of things I never knew about East Germany.

Living room in the DDR

The subordinating of all concerns to needs of the socialist state led to odd results at times. For example, in some ways, official policy was surprisingly progressive towards women, who were expected to be full equals in education and the workforce. Generous maternity leave and childcare provisions were also in place, to encourage the production of future workers. But within the interpersonal sphere, women were expected to retain their traditional roles, to defer to their male peers, to come home from the factory and cook. It was like bizzaro-feminism: workplace equality entirely divorced from social equity.

Similarly, DDR policy on sex education was fairly realistic, in contrast to the West at that time. Birth control was widely available (and state subsidized), and premarital sex was not officially discouraged. Perhaps the authorities figured that even with contraceptives, they’d still get some extra workers out of the deal. Or maybe it was a tactic designed to appeal to young Germans and decrease the attraction of competing institutions like, say, the church (“Try Communism! The hot new ideology with more sex!”). Heck, maybe they just didn’t want all their workers down for the count with STDs.

Of course, no historical examination of the DDR would be complete without reference to the nearly omnipresent surveillance carried out by the Stasi. When I was in Berlin a couple years ago, I visited the Stasimuseum which is actually located in their former headquarters. It was interesting to see, but the Stasimuseum is very much a research institution and a document repository for all the secret police files seized during the fall of communism in East Germany; much of the information was only in German. In contrast, the DDR Museum had bilingual exhibits and was generally designed to be more accessible to the general public.

Stasi surveilence equipment

One thing that surprised me was the sheer scale of the Stasi operation. By the time the DDR collapsed in 1989, the Stasi employed around 91,000 people and collected reports from an additional 300,000 informants. In a nation of only about 16 million, that means that roughly 2.5% of the population was either working for the Stasi or reporting to them, which I find pretty staggering.

In addition to using their human agents and informants, the Stasi were proficient with the most advanced intelligence-gathering technologies of the time. In the above photo, the black border around the corners of the photo displayed on the screen indicates it was shot with a camera concealed in a briefcase! Bow-tie cameras, cigarette box tape-recorders, phone bugs, it’s all the stuff of spy film legend—except the Stasi were the ones doing it for real, the ones the screenwriters were ripping off.

Download @25C3 – The Trust Situation

All the discussion of surveillance reminded me of one of the lectures I’d heard at 25C3 (drawing these sorts of connections is, ostensibly, what my liberal arts education was all about—damn you for bending my brain, Pomona!). In modern-day, non-communist Germany, there is an idea, enshrined in law as a constitutional principle by a ruling of the highest court, known as “Informational Self-Determination” (it’s one of those catchy compound words in German).

This principle states that in order to act as a free citizen, one must feel like a free person. The idea is that if you fear monitoring and repression from the state, you will preemptively modify your actions and behavior even in the absence of any actual repression. The state won’t need to manipulate you because you (or your fear) will manipulate yourself.

This is a really intriguing idea, and one that I’d never considered or even encountered prior to the presentation. The speaker explained that it was “a very German concept,” so perhaps it’s easier for Germans to get an intuitive grasp on. As he explained it, in order to feel like a free person, to retain your right to informational self-determination, there are basically two options.

The first is to avoid surveillance altogether. This has been the most popular option, historically, but it’s become a bit impractical in modern society. Today, if you live in a developed nation, you are under surveillance that is much more comprehensive (if perhaps less overtly sinister) than any formerly faced by the citizens of the DDR. When you go outside, you are being observed and recorded perhaps dozens of times per day; when you go to the supermarket, your purchases are compiled in a database; if you carry a modern mobile phone, your movements might be traced; any bank transactions you make are stored in computer databases that might not be all that secure; and on the internet, of course, virtually everything you do is recorded and logged somewhere, by somebody. An excellent (and mostly quite accurate) novel dealing with the subject of  digital surveillance is Cory Doctrow’s Little Brother.

The other option, if you can’t avoid being watched, is to be clear about who’s watching you and what they’re watching for. This is goal of data-protection laws in Germany and other European nations: to regulate what information is stored, and more importantly, keep citizens aware of what that information is, and which agencies have it. The theory is that in this way, you can still be self-determining. As long as you always know who knows what about you, you won’t need to modify your behavior out of paranoia.

The crux of the 25C3 presentation was that in reality, this theory is critically flawed. Data protection law is a complex, nebulous mass of rules and regulations that its own authors could barely be expected to understand, let alone ordinary citizens. The general public only hears about data protection when it fails, further stoking paranoia. There are real costs to this fear: people scared to report crimes, whistle-blowers nervous about coming forward, drug addicts afraid to seek help, illegal immigrants too frightened to seek medical care.

On a very fundamental level, the idea behind data protection is broken—there’s always going to be at least some information about me floating around beyond my awareness or control. My friends may tell stories about me to third-parties without my knowing. This doesn’t bother me very much because I generally trust my friends, and if I didn’t, I wouldn’t tell them anything really personal to begin with.

One big problem that I see with data protection law is that it implies that citizens are supposed to trust all institutions covered by these laws equally. Either we’re supposed to believe that the law will make all companies and government agencies act responsibly with our data, or we hear about leaks and violations, and become paranoid, fearing that all institutions are equally untrustworthy.

In my mind, a much better, but perhaps more mentally demanding approach is to make judgments on a case-by-case basis about when, how much, and to whom we surrender private information. According to the Germans, carrying out this approach means my informational self-determination has been compromised, since it involves modifying my behavior. I don’t have an answer to that, except to say that I’m sort of naturally suspicious and paranoid with regard to large, faceless institutions, so maybe it’s not that much of a modification for me.

In real life, this means thinking twice before filling out forms asking for personal information (or filling them out accurately, anyway). I don’t have any moral problem with lying about my name and address on an application for a supermarket savings card. If you do, just tell them you forgot your card and most  of the time the clerk will type one  in for you (Protip: At Jewel, the “store card” number is 48530887678; you can key it in at the self-checkout terminals, too). In the USA, many businesses (video rental places, for example) will ask for your social security number when all they really want is some 9-digit number to keep track of you with. Ask if it’s ok to use another number, or just make one up. Why would Blockbuster need that, anyway?

In the context of the internet, it can be trickier to avoid giving up information you’d rather keep private, but through the judicious use of certain tools (chiefly cryptographic in nature), you can reduce your exposure.

Until relatively recently, historically speaking, strong cryptography was classed as a weapon, and remained the exclusive province of armies and ambassadors. The history of how PGP was developed, and then leaked onto the internet in contravention of laws forbidding exporting military technology from the United States is truly fascinating in its own right, and would be well-worth devoting a book to (possible titles: “When math is a gun,” “The algorithm is mightier than the sword,” “Prime Exportation,”).

There are several ways ordinary computer-users can take advantage of cryptography to protect their privacy. Not all of them are dead-simple, unfortunately.

If you want to encrypt your email communications, there are detailed instructions available here.  It’s not as simple as it should be, though, and both parties need to be using some implementation of OpenPGP. It took me a bit of messing around to get it right, so your mileage may vary.

If you’d like to have secure instant messenger conversations (over AIM, MSN, ICQ, etc.) you can use the Off-The-Record plugin with a variety of messaging programs. If you use Pidgin, setting this up really is very simple/mostly automatic, as opposed to the email encryption above.

Finally, if you’re connecting to the internet over an unsecured wireless network, or a network that you have reason to distrust (say it’s run by a bunch of crazy German hackers), you can secure all your browser traffic (and other kinds of traffic) by using PuTTY (or another SSH client) to set up an encrypted tunnel and sending all your traffic through it. There are good instructions for doing this here (read the addendum too, esp. #2) , and if you’re curious about what’s going on, here’s a pretty readable explanation.

If you haven’t got a box at home you can run the OpenSSH server on (and honestly, lots of normal people don’t), there are a variety of places you can get free shell accounts online.  I’ve been very happy with the generous folks at rootshell.be. After you’ve signed up, just use roothsell.be as the hostname in the instructions above. If you use their service, you should probably be courteous and not hog all their bandwidth watching youtube videos. Or, if you do, donate some money their way.

Also, note that SSH tunneling is not end-to-end encryption, so you’re still trusting rootshell.be, or wherever you connect, and their ISP, to play nice and not monitor all your data. Really, it’s only useful when your immediate local network is suspect for some reason.

That’s about it for the crypto I use on a regular basis. If you’re using Firefox as your browser, there are a couple extensions I would recommend that can help enhance your privacy to some degree.

The first is CustomizeGoogle, which has all sorts of features to enhance your Google experience. The relevant ones are under the “privacy” menu and allow you to anonymize the user ID of the Google cookie, which makes you appear to be a new user every time you visit Google, making it harder for our benevolent information overlords to construct a comprehensive  profile of the innards of our souls. You can also choose to reject cookies from Google Analytics, which makes it harder for Google to monitor your surfing across 3rd-party sites that use the service to track their own visitors (Disclosure: this site does not use Google Analytics, but does track page views with a local SlimStat install).

The other is CookieMonster, which gives you very fine-grained control over which sites can set cookies on your machine, and what type of cookies they can set. Most cookies add nothing to your browsing experience, and are only useful to advertisers who want to track your surfing behavior. If you install this extension, you will have to enable “session cookies” for any sites you want to be able to log into (your email, your bank site, message boards, etc.). Session cookies are deleted when you close your browser, so they’re generally much less of a privacy concern.

So if you’re willing to compromise your informational self-determination, there’s a fair bit you can do to prevent anyone you don’t trust from gathering too much information about you. It’s worth remembering that mostly they don’t care one whit about you personally, and their motives are no more sinister than trying to make a quick buck. And, of course, no security is perfect.

I’m pretty pleased with the new design, I think it’s very clean and modern-looking without being too gimmicky. It does have some fancyness like transparency, and rounded corners and so forth, so if anyone out there is running into weird glitches (things overlapping, sections disappearing, etc.) I’d appreciate hearing about them. You can leave a comment, or email me. Please include your operating system and browser, too.