Why Facebook Is Never Safe


Hacker, former Wikileaks volunteer, Tor developer and activist Jacob Appelbaum has been in Australia to attend the LCA open-source software conference in Ballarat. He also spoke at Saturday’s "War on the Internet" forum co-organised by the Greens and Electronic Frontiers Australia. New Matilda spoke to him after the forum about surveillance, online security and digital optimism. Watch out for Adam Brereton’s analysis of the event soon. Here’s what Appelbaum had to say:

How to use Facebook safely
Here’s the easy solution: don’t fucking surveil yourself! If you want to stay safe on Facebook, the answer is, you should not use it, and don’t tag people! There are benefits of using it, there are tradeoffs, but in the long run I think it’s going to be pretty bad that you gave a bunch of capitalists all your private information where the US government asserts and has the right to read it without a warrant and with the ability to gag the corporate.

What’s the greatest database of Jews on the planet? Facebook. What will happen when you want the biggest database of leftists on the planet? Or right wing people? That’s really, really scary, so one way to not be part of that dataset is to not put yourself in it voluntarily, and to chastise people who only hang out with you to tag you in facebook as a sort of conspicuous consumption of the 21st Century say: "Hey, if that’s all you get out of our friendship then go fuck yourself!"

There’s an important distinction, this idea of privacy by policy and privacy by design. Privacy by policy is the idea that there is a policy that is like the law. But policy doesn’t really matter because someone can say they’re not going to log, but then they do log. They say they’re not going to give the log data out but someone will copy it, or maybe they’ll sell it.

One way to deal with that is to make that data useless. So let’s say you use a site like Twitter — let’s say @asher_wolf, I hear there’s a subpoena for her Twitter data — so let’s say hypothetically there’s a Twitter legal case about that. One thing you can do is to make that metadata, which they say isn’t protected is to make it worthless. Using a system like Tor when you log into Twitter means that all Twitter gets is IP addresses of Tor routers and they no longer get something that’s valuable. They reason they want that data is to target people and put it into surveillance databases to learn information about you, or to learn where it is in a geolocation sense. So making sure that data is worthless is a fantastic way to slap back at that — you don’t need a warrant for that? There you go, it’s of no use to you.

I was once at Facebook headquarters at Palo Alto, and I saw on one of the network engineer’s tables a Narus pamphlet. Narus is the company that did interception with the NSA and AT&T in the US. Those two companies and Narus did the analysis of the illegal wiretapping of the entire American population’s phone calls and data travelling through AT&T data centres. Facebook’s looking at the same solution. It should give you some idea about what Facebook is.

Government attitudes towards computing
If a government requires you to download a document, they should make sure there’s a freely available solution and a freely available platform that can run that solution. For example, if they make you download a .pdf, they shouldn’t endorse Adobe. They should make sure there are .pdf readers and writers that support what they need you to do with that document — and they should fund development of that software, the same way they would put in a wheelchair ramp. The same way we have accessibility when it comes to the physical world, they should provide some public services while you’re involved. People need to be humans.

The same should go for computers. We should make sure it’s open and accessible and that we don’t have to make compromises that involve giant corporations selling non-free software.

They should also regulate to ensure network neutrality. When a corporation profits from the NBN here they have a duty of care to ensure a basic minimum service — for example, no asymmetric data rates. If you get 10 megabits up and 10 megabits down and that’s too constraining you ask for more — it needs to scale out accordingly — and we shouldn’t artificially constrain that by making people consumers and giving them lots of bandwidth for downloading, and less for speaking. It’s a restriction of speech to have the rate limited. It’s not a psychological limit — it just shouldn’t be there.

It’s crazy to me that in the early 21st century there are places that have gigabit internet connections or 100mbit connections, and regular everyday people in developed countries end up with connections way slower than that. They need to buy a server in a data centre to use the internet effectively — but they don’t know how to do that. So the government can incentivise that with positive regulation. They already did it with roads for the car industry, why don’t they do it with the internet for everyday people, all the time?

We see that kind of positive incentivisation, but we also need safety. For example in Canada, before you put up a camera you have to do a privacy assessment. There’s lots of comment, free debate, and the goal is to increase liberty, increase free speech. We should see the same goal with the internet. Transparency and accountability are extremely important, and if authority is abused, heads should roll — not literally, hopefully. They key is to build in accountability whenever you increase the size of any agency of government.

The coming war on general computing
Blogger and activist Cory Doctorow has recently argued that the battle against regressive copyright laws like SOPA and PIPA is an opening salvo in what will become a broader war on "general computing" the ability of ordinary people to retain control over their own computers, instead of having them become single-use products illegal to modify or look inside. One solution is "free" or "open source" software developed by the community, where the source code is freely available.

I think open source and open hardware or "free" software — for freedom — there is a future for that. It’s a really positive future. It gives us the ability to maintain general computing. There will be devices that are locked down. Hopefully the law will set it up so this stuff isn’t illegal, and rather, when you buy a thing it’s yours. I’m a believer by having free software and hardware — especially when you find an economic way to support it — it’ll be a real thing that will really help people. Cory has made some really good points about it I think. It’s important to keep in mind it isn’t going to happen automatically. Free software happens because people write it, free hardware comes because people build it. But there will always be an Apple who takes from that base without returning a totally free product.

It’s probably the case that if we don’t have positive legislation we’ll end up with a lot of computers in cars that can drive, that we won’t have any control over. That’s really scary when you consider that computers that can drive can kill people and if they’re hacked, we can’t detect that, and people with that privilege will be able to do things regular people can’t — a lot of lockouts, a lot of monopolies. A lot of the battles we’ve already fought are happening again. Cory’s point is really important, but I don’t think we’re doomed. We have alternatives but we just need to use them. I think it’ll be great when people actually use free software. It doesn’t mean we’re more secure, but we can change things, repurpose them and hopefully know if we’re being spied on.

Why we should reject pessimism
Look how many people came out to ask questions and to talk [at the War on the Internet forum], and look at how many people aren’t afraid to freely associate with me. The good Honourable Senator Ludlam wrote me a letter. Am I going to get a glove up my ass when I go back to America? I hope not. But we have to live our lives knowing that it’s not great but it could be better.

There’s a sort of "double consciousness" — how will I look, and how will other people perceive me — the double consciousness women have. Surveillance creates in people a double consciousness too — how do I look, and how will the surveillance masters reading these log files perceive me. It’s good that everyday white men get that. Because half the population of the planet has had that for a long time.

I feel like in both of those cases I’m living a life where I’m feel like I’m doing the right thing. The reason I have those liberties today is that I have responsibilities too — other people people fought to keep them, or didn’t have them, and expanded them. That’s why a Jewish atheist can freely travel the world without being fucking murdered. That’s crazy! Really! When you think about it in the context of the last 150 years of history, I wouldn’t be able to go to the university where I work now. The world really is getting better even though there are things that aren’t fantastic about it. And the way it gets better is by free people ensuring that freedom — it sounds cheesy — endures and improves.

HB Gary was the security company responsible for producing with Palantir and other firms a presentation entitled "The Wikileaks Threat" that set out strategies to discredit and smear Wikileaks and Julian Assange.

I think that actions that hacking groups take in themselves are neither constructive nor destructive. Learning to do SQL injections, you can do that for good or for evil, so to speak. I think what Lulzsec and Anonymous before them have done, depending on how you look at it, might be good. In a lot of cases I think that it is good. When Anonymous for example, releases information that is beneficial to the public — for example when HB Gary was owned, and we learned about the Palantir/HB Gary conspiracy which included me, and that whole diagram about how to discredit groups and attacking people — it’s hard for me to say that’s bad.

In fact that’s good, because when the military-industrial complex is talking about spying, and is in fact working on undercover operations like that, that’s some shit you shouldn’t see in a democracy. That doesn’t mean that everything is great or any action a group takes is positive. But it’s important to note that just because they got that information by hacking it doesn’t discredit the value of the information. Just like the Citizens’ Commission to Investigate the FBI. Because of them breaking into an FBI office we learned about the entire COINTELPRO programme which involved the FBI telling Martin Luther King Jr to try and kill himself. Yeah, they committed a breaking and entering action, but they exposed some of the greatest subterfuge that had taken place ever in the 20th century, from before WWII until the 70s.

So one break in — it’s not the greatest thing — but it’s the lesser of a very big evil that exists there. I think we can’t just look at an action and dismiss it considering there’s a principled reason for doing it and a principled outcome. So it’s really important to judge these things individually.

In the case of HB Gary we saw in the Palantir presentation he was willing to target journalists and rob them of their means of earning a living in order to force a political outcome. What do I think of [then CEO of HB Gary]Aaron Barr? He’s never called me or given me an apology. And while I don’t take that personally I think it’s important to note the reason is that he wouldn’t stand a chance in a discussion where he talks about targeting me, an American citizen and saying I’m fair game — a member of Al Qaeda or a terrorist. There are good people who work at HB Gary — both principled and smart guys — the thing is that they use those capabilities not necessarily for the best of intentions.

People can change. Maybe Aaron Barr will too. But that doesn’t change the fact that he was a total scumbag piece of shit working on bullshit stuff that shouldn’t happen in a free society and that he never apologised to the people he suggested should be targeted. The CEO of Palantir never called me to apologise but did call someone like [Salon journalist] Glenn Greenwald. Why’s that? Because I’m a legitimate target in their minds. Well fuck him! I’m glad Anonymous targets them. And they should. Because they’re legitimate targets, because their war is for money, over things we’ve actually lost lives for.

Launched in 2004, New Matilda is one of Australia's oldest online independent publications. It's focus is on investigative journalism and analysis, with occasional smart arsery thrown in for reasons of sanity. New Matilda is owned and edited by Walkley Award and Human Rights Award winning journalist Chris Graham.