 Okay, the next talk is by Matthias over there, and he'll be talking about internet censorship censorship in the Catalan referendum, and we're welcome to vote, Matthias. Okay, thank you very much, and welcome to my talk. First of all, I want to give a short disclaimer, so I'm not a security specialist, and so most of the information you can find here, or nearly all the information is publicly available, and I wasn't involved in any illegal activity, so only second-hand information, sorry. Okay, what I will talk about, I will talk about, I will give you a short background, a political background. Then I will talk a lot about how the filtering of CISPs did work. Then there was a home page that's called where to vote home page, which had a different way to store data, and I will talk about today of the referendum, and hopefully we will have some time for Q&A. Okay, so here on the right-hand side you can see the Spanish state, and the red part is Catalonia, which is well-known city Barcelona. So Catalonia has its own language and culture. It's one of the richest regions in Spain, with 20% of the GDP, and it has a long history of struggling to get more autonomy. This is especially in 2010, the autonomy got cut down by the Spanish government, and so the voices came up that asked for independence, so the Catalan government decided to have a referendum and first asked 16 times the Spanish government to agree on a referendum, and the Spanish government didn't want to, and so the Catalan parliament in June decided in majority to hold a referendum on 1st of October, which later was called inconstitutional by the Spanish Supreme Court. Okay, so obviously in this talk I will talk about the internet censorship, and the focus will be on this. But there has been also other things happening, the weeks before the referendum that I want to talk about the weeks before and the weeks after. So for example there was pro-referendum material confiscated by the police. We had over 800 injured people by the police on the day of the referendum when the police tried to shut down polling stations. One man lost his eye by a police robber bullet. Something here is that Catalan police forces are not allowed to use robber bullet against the protesters, but Spanish police officers are allowed to do so in Catalonia. So right now there are four persons in prison without bail, including the legitimate vice president and two leaders of political organizations. And the legitimate president of Catalonia and four ministers are in Brussels in Exil. So if you want to see more about the police repression, you can have a look on this link, whereas a lot of videos about the day of the referendum. So there's a famous phrase in Spain that says Spain is different, and in Catalonia 70% of the population wanted to have a referendum on 1st of October. And the answer of the Spanish state was this. So you can see peacefully protesters sitting on the street trying to block the police from shutting down a polling station and police beating them up. In comparison for example, you have the Scottish referendum in 2014, which was agreed between the UK government and the Scottish government, and well, it seems that in Spain political problems are treated differently. So that's enough about politics, and let's get more technical. I took this picture from EFF, so it shows you how Internet censorship works. So the idea is that you post your speech here, which is normally via a web host, and your audience has to pass all these chains to actually see your speech. And in each part, like ISP, DNS, CDN, and so on, it can break the chain. On the other hand, we have platforms like Twitter, Facebook, you name it, or payment assistance, which can also be censored. So a small spoiler, I marked all the places where censorship did happen in the Catalan referendum, so in the web host, or we start down here ISP, DNS, upstream, upstream means in this case that smaller ISP providers which use infrastructure of bigger ones can also be affected of censorship if the bigger ones start to censor on the web host and on the platform. So we will see now how this was done. So on the right-hand side, you see the home page of the referendum, which informed about the referendum on 1st of October, and it was hosted in a small web host provider outside Barcelona in a small town called CD Mon, and on 13th of September, police entered with a court order, the web host provider, and shut down the web page. Then afterwards appeared two mirrors, first one mirror, rev1oct.cat, and afterwards rev1oct.eu.cat stands for Cataluña and not for the pet, right? So well, the next day, two more official home page got sized, and on 16th of September, on a court order, the ISP started to block home pages, right? And the next big event was the 20th of September, which was like the big attack from the Spanish state against the referendum. So they took over the control of the Catalan treasury, so the autonomous region of Cataluña wasn't able to spend any money. They announced that they will bring 10,000 police officers to Cataluña to stop the referendum, and that as they don't have facilities for all of them, some will sleep in ships in Catalan ports. And there were a total of 14 people arrested by federal police, several high-ranking officials of the Catalan government and civil servants. And especially some members of the center of telecommunication and technology, which is technology center of the Catalan government. So with these, it seems that most of the technology infrastructure for the referendum got dismantled. And if you read this web link down here, which is unfortunately only in Catalan, you can see that a hacktivist group took over the task of setting up the infrastructure. And they did it directly from the underground, so they used Tor, Signal, Anonymous SIM cards, Bitcoins. And later on it was, it got clear that actually the police was intervening the telephones of the politicians of the Catalan politicians to find out which people to arrest in which facilities to search on the 20th of September. Okay, apart from that, there was also the technical director of Fundacio.Cut arrested. So what is Fundacio.Cut? Fundacio.Cut is a private foundation and is the top-level domain operator of the DotCut domain. So they got a court order on the 15th of September to shut down Ref1Oct.Cut. And in total, they got three court orders with every time a larger list of domains. The court order also included that they should resolve the mentioned DotCut domains to a police server and if you know how DNS works and you know that the top-level domain name server only pinpoints you to an authoritative domain server. So it seems like the police didn't really understand how DNS works. But what is more severe part on these, on these is the fact that the court order also included that the top-level domain operator has to block all domains that may contain any kind of information about the referendum and that they should actually actively monitor all the domains. So that places a burden of blocking domains to the registry operator and the question is if this is legal at all because there's no court order. It's just block them all. Okay, so on the 17th of September, they informed Fundacio.Cut informed ICANN about the warrant and on the 20th the technical director got arrested. So he was retained under custody for two and a half days with the acquisition right now up to date is misappropriation of public funds, perversion of justice and disobedience, which is a bit strange because it's a private foundation. So I don't know how to apply misappropriation of public fund or public funds, but I'm not a lawyer neither. So the reasons, that's the interesting part as well. The reasons are quite unclear. So there is no proof, so evidences were provided up to now and the director actually is waiting the trial to see what the prosecutor actually puts on the table to see what they actually, on what these accusations are based. Okay, as an answer to this, a massive amount of mirrors appear in the next days. The exact number is difficult to say, but it's over 100 for sure. So one mirror was also done in the tour network and you had some funny names like Gardia Civil.Sexy, where Gardia Civil is a civil guard, which is a federal police corp that was intervening in the Catalan referendum. And Peoline.Cut, Peoline is Catalan and stands for Tweety. You know this small chicken cartoon, the yellow one. So why is this? Why would you name a domain name like this? Well, because one of the boats where the police officer slept was this one. So it was really a joke in social media. And 22nd of September, the police raided the house near Valencia, accused as a man Daniel Morales, that he's the head of a group that organizes mirrors of the referendum websites. Valencia is outside of Catalonia. That he did this with this GitHub repository. The very something here is that the search warrant included, literally, to change password and security questions for GitHub, Facebook, Twitter, mail, et cetera of him. So when the police actually entered his house, he had the computer turned on, so they were able to take over sessions in the browser, in concrete's Google account and the GitHub account. Happily, he later asked, was talking to lawyers and said that it was totally illegal, so he was able to recover them after a few days by notifying Google and GitHub that his identity got robbed. He's accused of disobedience, which is six months to four years of prison. And is awaiting trial as well. And there are more than 15 people, there are more than 15 people were cited to declare, but I have no information about how this, what I accused of, et cetera. Okay, let's have a look on the sensor methods. So overall, the number is circulating between 25 websites, which says the open observatory network of interference from the Toro project. To up to 140 blocked websites. Most of the sites blocked or censored were mirrors of the official websites, but also political organizations which are pro-independence or the yes campaign websites from the political parties that run a campaign for the referendum to vote yes. And some other, like in Paparem, I won't explain, but there were some smaller websites which was created from the social movements of Catalonia to support the referendum. So what we've seen up to now, from the center methods, we've seen web hosts got sized. We've seen the redirection of the dot cut domains to a police landing page by the TLD name server or by the TLD registry operator. And apart from that, the ISPs as well did censor. So they used DNS tempering and HTTP blocking. And the interesting thing is that different ISPs use different methods. So in concrete, DNS tempering was used by France, telecom, Spain, Vodafone and Neuskatel. And the more sophisticated deep package inspection was used by Telefonica. Telefonica is one of the biggest ISPs in Spain, all the biggest. And as I already said, smaller ISPs which were connected or which are connected to the larger were also affected. And the other interesting part here is that some small independent ISPs were not affected. So it's not clear if the police forget to send them a court warrant or if the police said with 90% of the internet users not being able to see all these mirrors, we are fine. This is the own page, the police landing page I already talked about. When you enter a URL of a censored website, it shows a symbol of the civil guard and some information. Okay, let's talk about DNS tempering. In the case of DNS tempering, what the ISPs did, they just resolved the host name in their DNS service to the police landing page. So it was really easy or quite easy to circumvent this. You just change the DNS resolve address in your local machine. And this works in case of Vodafone. If you had a original Vodafone router, you also had to call them on the hip desk and ask them to disable the DNS proxy, which actually they did. Or alternatively, you use a VPN. The de-packaging inspection was done on the HTTP layer. So what they did, say, matched the host name of a HTTP get request on some specific IP addresses. And there was a regular expression used to do this. I'm really bad in regular expressions. Here's the example for ref1oct.u. So if you put anything in front of www.ref1oct.u when you do the HTTP get request, then the filter hit. But if you put, like, info.ref1oct.u, then you actually, the filter didn't hit. This website used Cloudflare CDN. And there were two IP addresses which were resolved by the DNS system. So the IPs used for this blocking were these two IPs. And if you use the different IP from Cloudflare, then you could actually see the on-page. In the case of HTTPS, the HTTP traffic is encrypted, so you can't use the HTTP get. Hostname to filter. So what they did here is in the TLS protocol, the host in the TLS protocol has to know which domain you actually want to start the encryption to provide user-specific sort of the correct certificate. So therefore, in the TLS, hello message. And there's a field that's a server name indication, which is transmitted in clear text, which passes through this, which gives a hint on the host you want the certificate for. And that is used by all state-of-the-art browsers. So you can see this here. When the client sends a TLS hello message, you have the SNI domain name here. And then there's the package inspection here with checks. And if it's allowed, then it will forward. And you have a normal connection. And if not, it will reset the connection. And when the connection gets reset, which is HTTPS or HTTP, you got the cease home page. So you can see here the HTML body. There's some JavaScript snippet. And you can see here a switch. And here, the home page will actually be replaced by the police landing page, the one we saw beforehand. You can also see that there are other cases in the switch. And this, for example, is for illegal gambling, which is below the different web page from a different IP. And so it looked like that this infrastructure wasn't built up for the referendum, but it was already there, used by Telefonica for illegal gambling homepages. And if you look on these, which is actually the case that hit on the referendum homepages, you can see that it's most probably they added the domain names to the list of phishing homepages and blocked them this way. OK, with some tests, you could see that the deep package inspection holds the states for 10 seconds because it can't hold the state forever because it has only a finite amount of memory. So what you could do, you could, for example, here with NetCAD, you connect to an HTTP connection to port 80. So you have an HTTP connection built up. And then you wait 11 seconds before you send the HTTP GET request with the host name. And then the filter doesn't apply. So conclusions. If the home page uses Cloudflare, you can just use a different Cloudflare IP to resolve the domain. And then you should be fine. Or you could delay the HTTP GET for 11 seconds or use a VPN. So the conclusions are all about censorship. In this case, technically, it was easy to circumvent as long as you don't have to educate 5.3 million voters. I mean, if you're into tech, you maybe can change your DNS server. If you ask, maybe your parents, maybe they're not. They don't know how to do this. And here you can see on the right-hand side a Twitter from the president of Catalonia, which explains how to use online proxies to actually circumvent circumvent censorship. As far as I know, no ISP communicated to the users that they will start to block content. And I think the most interesting conclusion is choose your ISP wisely. You might get around censorship, a part that you see some are more motivated to censor than others. OK, now we will talk about the where to vote website. So normally, if you are called to an election, you get a letter which tells you on which polling station and polling place you have to go on the day of the election. This was not possible because Spanish Post Service denied to send this information. So the Catalan government decided to build a home page where you could query this information. So yet, as already said, censors of 5.3 million voters and over 1,000 polling stations, which you can see here in this map. And it was foreseen that the official home page will be blocked. And so the website must be easily clone-able. And normally, you build a website like this with a database backend where you query and then send back the information to the client. So this was not possible here. And I will explain in a minute how they did it. So this home page was published on the 21st of September and got blocked the next day. So the assumption was correct. Telegram and Twitter bots were also published where you could just send your information and then they told you which polling station you had to go and also an Android app in the Google Play Store. And this app was pulled out on the 29th of September. So it at least was up for some more days. OK, many clones of this home page appeared. And the web got also published in the Interplanetary File System for everybody who does not know what the Interplanetary File System is. It is a really cool project, I think. It's a peer-to-peer network. And you can imagine that this is like a BitTorrent magnet link where you can find the home page and any client in the network who has a home page. And you can access it. And you have here a gateway which actually allows you to see the data in your browser. So what did Telefonica? They wanted to block this home page. So they just blocked the whole gateway. That means it does not only block the home page of the referendum, but any other data that anybody wanted to see through this gateway. Unfortunately, there were different gateways. There exist different gateways for IPFS. And so it was still possible to see the content. And if you use the command line tool, you could easily copy the content to your computer. OK, so the web page about where to vote looked like this. So you had to put in some personal ID, which is called DNI. Then the date of birth and your postcode. And then you send the information. And as I already said, it's not possible to have a back end as a SQL database. Because if you clone it, this is confidential information. You would have to dump the database. And you would have to provide an IPFS, for example, the database to everybody. And you don't want that because you don't want everybody to know the IDs and whether people have to go to vote. So what did they do? They took this is the ID of the person, which is eight numbers and a character. The character is checksum, the date of birth, and the postcode. And you can concatenate the leaving alone the first three numbers. So you take all this, what is underlined. This is a string. And then you hash it 1,714 times. And you put it in a variable that's called it key here. And then you hash it once more, and you put it in search. And then the hash from search, you take the first four values. And this will give you the file of the database, which is encrypted, on the web server itself, which you download. All this procedure is done in JavaScript in your client, in your browser. So you download this file. The file is a key value store. It has around 70 lines. And then you take the remaining 60 values of the hash and go line by line to find the values of the key value store. And this is actually not random data, but encrypted data. And this data you can encrypt with the key here, using AES 256 CBC. And then you get polling station. This is more or less clear how this works. So the question is here, OK, you have all these data encrypted on the web server. Is this secure? Well, first of all, you can do brute force because it's just a hash. You can just start trying and hash to find it out. And as you have postcodes and the birth dates, you can group this in divide and conquer. And the SC letter here is a checksum. You can't recalculate the correct ID, but you can recalculate 45 IDs. So maybe you can then say some IDs look really strange. I've never seen an ID like this. I can ignore them. And then you have a reduced number of IDs that you can, by brute force, get for one postcode and one birth date. So one of these, I don't know, maybe 15 is correct. So the question is, how well is this data? There was a big discussion in the media about this, especially the media against the referendum said that all the sensors of 5.3 million people were leaked. So first of all, you don't get the correct ID. You just get a reduced number of IDs and the ID's public data in the sense that if you want to open a bank account, you have to tell your ID. If you want to get a library card, you will have to tell your ID. Or if you want to sign up in a gym because you think you're not fit enough, then you have also to tell your ID. So the ID passes through a lot of fence and it's not a top secret data, like for example, the social security number. So I think this is an interesting way of storing data, massive data in an easy to cloneable website. I'm not sure about if it could have been done better. So if you have any ideas about this, then just write a blog post or Twitter about it or whatever and spread the word. OK, so 30th of September, one day before the referendum, actually happened. So federal police took over the CTTIs, the Center of Telecommunications and Technology. This was because nearly all the polling stations of this day were entities of the Catalan government, especially schools and medical stations. And their internet connection is all through CTTIs. So they all have a connection to CTTIs, and from there they go to the internet. And so probably they did this to start to monitor the IPs, to see what traffic actually will happen on these polling stations. OK, day of the referendum. I just want to give you a small impression about how the situation was on the day of the referendum. So it was clear that federal police will come and will try to close down polling stations by force. So there were people that were already sleeping from the day before occupying the polling stations to stop the police from closing them down. And early in the morning, around 5 o'clock, hundreds and thousands of people gathered in front of polling stations and stayed there the whole day trying so to block with their bodies the police from entering. And for example, the ballots and the ballot boxes which the police were searching for a month magically arrived in the early hours of this day on the polling stations. So at 8 o'clock this morning, there was a global census announced by the Catalan government that meant that you don't need to go to a specific polling station to vote, but you could go to any polling station. And this was done because it was foreseen that the police will close down polling stations by force. And actually, for example, in Barcelona, one of the first polling stations they closed down by force was the biggest one of Barcelona. So if you don't have a global census, then everybody that need to go to this polling station won't be able to vote. And this way, it was possible. So the home page of the global census, which was a centralized database where you register the IDs of the persons that had already voted. So to assure that nobody votes twice or more than once, it was really simple. So I haven't found a better picture because it's not online anymore, obviously. And it looked like this. So you had a polling station and a polling station ID, which is this one. And then you had a polling station password. And there was a responsible of the polling station had to enter this to actually register on the central system the polling station. And then you could enter IDs here to mark people as that they have voted. And then if you put the button, then when there was green, then the person was allowed to put the ballot in the ballot box. And if it was red, then you said, hey, you already voted. You're not allowed to vote again. So it seems that this password here was also used for authentication and encryption of the data because the whole system had no TLS certificate. We will see why. And there was, of course, a tight time frame of uptime for this solution because the referendum was from 9 to 8 PM, and you can't just say, well, we need four hours to fix this, and then we are up again. So internet connection in the polling stations, which runs through CTTI, what I said beforehand, it's not totally clear what happened because there are so many different information from different people in different polling stations. So some got cut off from the net totally. Some got cut off only part of the net. For example, AdoRome, Wi-Fi didn't work. But cable network did work. In some, you could not access using the Tor client. And some reported that also IP addresses got directly blocked. Some polling stations had alternative access to the net, but that was a minority. And so what the many polling stations people did, they used cell phones, or they used 4G access points, or the neighbors opened the Wi-Fi so that people could access, and so registered the voters. And it was seen that different IPs were blocked by different ISPs. OK, so the page that was announced in the morning was the domain registered misses, which used Cloudflare. They liked the other pages. And it was blocked within minutes. And so it wasn't even possible to open the polling stations in time at 9 o'clock because when they wanted to connect to register all the polling places, it didn't work. And from this point on, only IP addresses were used directly, which were reverse proxies for a central server that were somewhere on the internet. And in the first hours, these reverse proxies were attacked through DDoS attacks all the time. And there were severe connection problems because they got down quickly. And so if your reverse proxy didn't work, then you had to call Hotline and say, hey, I'm using this IP address and it doesn't work. And then it says, OK, you have to use another one. Use this one. And you can imagine that this is a total chaos because the responsible of the polling station can be an old man which has never used a computer. And you have to tell him what is an IP address and where to put this. So there was a total chaos. Well, not chaos, but it was complicated. And there was also instant messaging between people in different polling stations which interchanged information like, hey, I'm using this IP or I tried these when I changed the DNS server then I could get access. So there was a lot of communication. And it was seen that every time a new IP address was announced through the Hotline and the polling station started to use them, the DDoS attack was in place right away. So this is why it's possible that the police check the network connection of the polling stations or filters in the work of the polling stations to find out which IPs to block. So whenever you needed a new reverse proxy, you needed to re-register your polling place. So you had to call the Hotline and say, hey, I'm polling place with ID X. I need a new password. And they provided you a new password and then you could re-register. So what happened? Someone was really emotional about the referendum and the historical day and posted a photo of the letter the responsible of the polling place got on Twitter where there was the ID of his polling place and the number of the Hotline. So someone took the Hotline called, said that he is responsible of this polling place, got a new password and was able to introduce some IDs from people he found on the internet, which doesn't mean that he was able to actually vote. He was just able to mark people as voted, that they have voted, even they haven't. So if they would have come later to vote, that wouldn't be possible for them. So the problem here was, of course, that there was no secure communication channel between the polling place responsible in the Hotline. So there was no way for the Hotline to actually knew if the person that called was responsible of a polling place or if it was someone who robbed the number. OK. So as I said, there was a distributed denial of service attack against the whole system. And that was organized through a forum that's called Forer Coaches, which is a forum about cars where car lovers talk about a lot of things, and not only about cars, but about everything. And there was one user. You can find the info down here, which is really interesting. It's in English. And there's one user. He's called Alex Tango, and it seems that he's from Madrid. And he opened a thread in this forum and asked people to help to shut down the system. And he wrote in his thread, I want to remind you that DDoS something that is illegal is not illegal. So yeah, that's an opinion, right? In this thread, IP addresses from the reverse proxies got published. And also, they updated IP addresses that went down because of the DDoS attacks. So they were really working on this. And there was, as there's evidence that the SYNFLOT attacks actually did happen. So it was not just some computer, some car lovers sitting in front of their computers pressing F5 and to see if they can DDoS the system, but there were actually professional techniques used. And it was SYNFLOTting with IP spoofing. So the question is if these were only users from the forum coach or if there were law enforcement agencies involved, this is, of course, unknown. So on the reserve proxies, they introduced port knocking to try to mitigate the attack. And after some hours, Anonymous Barcelona, I think it was, attacked forum coaches itself, the forum. And so the forum, the website, had to go down into maintenance for maintenance. So it wasn't accessible anymore. And the Samosa hacker groups did some other attacks. These are all described in these really good articles. Unfortunately, it's only in Catalan. So sorry for that. OK, so on the day of the referendum, we had a whole bunch of attacks. So we had the attack on the net infrastructure, obviously. We had the filtering techniques used. And we had a distributed denial of service attack. And also, all these attacks, the rotation was able to take place. And while the central servers was the weakest point of the system, so I was wondering if it would be possible to build this in a decentralized manner right now. These days, everybody's talking about blockchain. Maybe there's any possibility to build this with a blockchain. I'm not an expert. So the patient of the referendum was 40.3%, which is extremely high, I think, because you have to think that you could see from the early hours in the morning police officers beating up people. So it was a real risk to go there and vote because they could just come by. And while the yes vote won by 90% or something like this, and there was like 177,000 people that voted no. And 45,913 that voted in Blanco is like they, there's a vote like I don't care, which gets actually added to the votes of the most voted party on this case, gets added to the votes of the yes to independence. In the aftermath on the 10th of October, the website of Asamblea Nacional Catalana got shut down again. And I say again because the website got shut down three times. Asamblea Nacional Catalana is a political organization which promotes independence. And on the 30th of October, several websites from the Catalan government got shut down. And Asamblea Nacional Catalana just a few days ago, on the 19th of December, they took legal action against the blockage of their website because they claim that they never got any information. That the websites get shut down or blocked, and why? So they don't even know why. So I come to the conclusion. I think this could be the biggest internet censorship in the European Union so far. I think the European Union did not condemn sufficiently what happened these days. It's concerning that the government tried to load the censorship responsibility to the top, top level domain registrar. And there was a huge repression against the creator of mirrors. And this unconventional data store from the where to vote home page think is really interesting, and it might need a deeper look to understand if this is really secure or not. And I think the most important conclusion of all this is all those repression on the street and the censorship in internet, the Spanish state, was not able to stop the referendum. So here are some links about the international reaction. There are more, but I just put in these four links. I will upload the slides afterwards so you can check them out. And yeah, thank you a lot. And thank you to all the people that helped me. Some are named here. And there are many more that put me in contact with people or that explained me what's I experienced on the day. Thank you. Thank you. Before going to the Q&A, a brief announcement. If you leave through the door marked BW, there's a TV crew behind that making a recording. So if you don't want to be filmed, please exit through the door marked BW. And we have about 10 minutes left for Q&A. And the first question shall come from the internet. You don't have any sound? OK. Then, mark from one, please. Hi there. Thank you. That was very, very interesting. It seems like you needed a lot of computer expertise to help run all of the polling stations on the day where those people volunteers are part of the government. Is it normal that the government is so technically the Catalan government? Well, on the day of the, I think, what happened in the days before the referendum, there was like most of the people in Catalonia were really upset with the Spanish state and were like, this is illegal. I don't care. It was like what everybody felt like about. I don't care if it's illegal or not. So on the day of the referendum, there were people that normally would have gone to this polling station or they were called because someone knew you have some computer expertise. Come by, help us, the network is not working. So there was no official organization of this by the Catalan government as far as I know. But it was just the people spontaneously helped each other. OK, mark from two. Hello. I have a question about that. The censorship was quite brutal. So are there any legal actions that are going on against Spen? Because if there is nothing going on against this country, the next time another country will do the same because they have nothing to lose. Well, I don't know of any apart from what I explained from the ANC, from the Assemblée Nationale in Catalana, which did some legal action. I think, I mean, for example, European Union hides behind the fact that the Supreme Court of Spain declared the referendum inconstitutional. And therefore, all the censorship was legal in some way. OK, next question goes to the internet. So why did you use password identification instead of key pairing or a certificate? You mean on the day of the referendum, right? Yeah. Well, I don't know because I didn't build the system. So I don't know why not. But I think it wasn't used because it was foreseen that the reverse proxies will be attacked. And from what I know, you would need a certificate for each IP address or for each domain. And it was not possible because it was like, and someone put up a new reverse proxy, it get attacked. You have to get a new one. And it was like a cat and mouse all the day long. So that wouldn't be feasible. OK, microphone two. Thanks for the talk. My question is regarding Telefonica. Did they block based on government requests one website at a time? Or did they block based on the whole referendum is illegal? I see a website based for the referendum. I block it now. So who blocked on what decision? I don't know. To be honest, I don't know. But I suppose that they blocked on the variants on the court orders they got. But I can't tell you for sure. Thanks. OK, any last question from the internet? Yep. How many people were involved in the war, undertaking if you have any idea? I have no idea. It's totally unclear who this was or how many people these were, these activists. OK, any other questions? Oh, you know, it's OK. So it was just a precision to say it wasn't a technical port and not every management of people who you had for the undertaking. But I think it's you will say the same answer. I didn't understand your question. No, the people in internet just wanted to precise their question and say the number of people they want to know is about the technical people. But I think it's the same answer from you. Yeah, you mean like the people on the polling stations have helped each other? I don't know. But I suppose thousands or a thousand at least. But I can't tell you. I have no idea. OK, since it seems there are no further questions, I thank you all for keeping your questions brief and to the point. When you leave, please take your trash with you and wash your hands.