 We wanted to be able to use Thunderbird and GNU-PG together with Tor. And so we thought, oh, it would be really easy, I bet, to configure Thunderbird to work with Tor. And a new free software project was born. And it's a really simple thing, but basically it's just a package that hooks it all together. So a lot of people were using Thunderbird and Tor Birdie and GNU-PG and Tor and Debian together for email, combined with RiseUp as an email service. So I mean, literally, it's a real peer-to-peer, free software-driven set of things, actually, that made it possible. So one thing I never understood about this process was exactly how the documents were handled. And maybe that's because nobody wants to say. But who did you leave them on a server somewhere and download them and hand them over to people? And who took what, where, and how do you do it? In case I need to do something really dangerous with those documents, what's the best way of doing it? Well, if, I'm sorry, what? Someone, there was a voice from God. What did she say? I said, good thing they're in streaming tonight. Oh yeah, yeah. So hello to all of our friends in Domestic and International Surveillance Services. Well, so I won't answer your question, but since you asked a question, it's my turn to talk. So what I would say is that if you want to do clandestine activities that you fear for your life for, you need to really think about the situation that you're in very carefully. And so a big part of this is operational security. And a big part of that is compartmentalization. So certain people had access to certain things, but maybe they couldn't decrypt them. And certain things were moved around and that's on a need to know basis. And those people who knew, which is not me, I don't know anything. I don't know what you're talking about. Those people knew and then, you know, it'll go with them to their grave. So if you're interested in being the next Edward Snowden, you need to do your homework and finding people that will be able to do the other part of it, let's say. But just in general, I mean, compartmentalization is key, right? So it's not just for app armor profiles. And so you need to think about what you want to do. And I mean, a big part of this is to consider that the network itself is kind of the enemy, even though it is useful for communicating. So all the metadata that exists on the network could have tipped people off, could have caused this whole thing to fall apart. And I mean, it really is amazing. I feel like, you know, two and a half, three years ago, when you talk about free software and you talk about the idea of free software and you talk about issues relating to autonomy and privacy and security, you have a really different reception now than you did then. And that's really what it took to turn the world, like half a degree or something, or a quarter of a degree or something. Yep, so sorry, I'm not gonna tell you about detailed plans for conspiracy, but I highly encourage you to read about South African history and particularly the history of Omkonto Weez-Sizwi. They were the sort of clandestine communications group for M.K., rather the Operation Vula Inside of M.K., which is Omkonto Weez-Sizwi, and they are sort of with the African National Congress. And those people have published so many books about the revolutionary activities to overthrow the apartheid state. If you read these books, especially the book Operation Vula and Armed and Dangerous by Ronika Sridlis, they give you some idea about what you need to do, which is how to compartmentalize, how to find people to do very specific tasks, how to work on building trust with each other, what that looks like, how to identify political targets, how you might use things like communications technology to sort of change the political topic on it, and is the sort of discussion in general. And I mean, I think that the best way to learn about those things is really to study previous people who've tried to do that kind of stuff. And the NSA is not the apartheid regime of South Africa, but there's still lessons to be learned there. And so if you really wanna know the answer to that, also Che Guevara's Manual on Guerrilla Warfare is very interesting, and there's a lot of other books that are like that, I'd be happy to talk about it with you later. And they have nothing to do with anything that we may or may not have done. And do you think that the, sorry? Do you think is there a chance that things may get better? For example, I know that publicly some programs were not extended, but I don't know what is happening in the background, so maybe it's the same thing, but they are pretending not or that it's not. How do you see this? Well, I think a couple things. In general, I think that what happened, not just with this movie, but with all of these things is that it inspired hope. And the hope is very important, but hope is not a strategy for survival or for building alternatives. So what it has also done is allowed us to raise the profile on the things that actually do make it better. So for example, reading ourselves with the chains of proprietary software is something that's a serious discussion with some people that previously wouldn't have talked about free software because they don't care about liberty, they care about security. And even though I think those are really similar things, previously they just thought we were free software hippies in tie-died shirts. And while that may be true on the weekends and in evenings or with B-Dale every day, I think that actually does make it better. And it also changes the dialogue in the sense that it's no longer reasonable to pretend that mass surveillance and surveillance issues don't matter. Because if you really go down the rabbit hole of thinking about what some of the security services are trying to do, it becomes obvious that we want to encrypt everything all the time to beat selector-based surveillance and dragnet surveillance. It doesn't matter if something is authenticated, you could still trigger some action to take place with these kinds of surveillance machines that could then, for example, drone strike someone. And so it raises that, and that gives me a lot of hope too because now people understand sort of the root of the problem or the root of many problems and the root of some violence in the world actually. So it helps us to reduce that violence by getting people to acknowledge that it's real and also that they care about it and that we care about each other. So that really gives me a lot of hope. And part of that is Snowden and part of that is the documents. But the other part of it is that, I don't want to blow it up and make it sound like we did something really like a big deal, but in a sense, Laura, Glenn, myself and a number of other people were really not sure we would ever be able to travel home to our country that we wouldn't be arrested. I actually haven't been home in over two and a half years. Well, two years and three months or something, right? I went on a small business trip that's supposed to last two weeks and then this happened and I've been here ever since. It's a really long, crazy trip. But the point is that that's what was necessary to make some of these changes, I think. And eventually, I think it will turn around. I'll be able to go home. Laura and Glenn are able to travel to the US again. Obviously, you know, Julian is still stuck in the Ecuadorian embassy. Sarah lives in exile in Berlin. I live in exile in Berlin and Ed is in Moscow. So we're not finished with some of these things. And it's also possible that we are, the set of people I mentioned that the state that we are in will actually stay that way forever. But what matters is that the rest of the world can actually move on and fix some of these problems. And that, I have a lot of hope about that and I see a lot of change. And that's the really big part. Like the reproducible build stuff that Holger and Lunar are working on, people really understand the root reason for needing to do that. And it actually seems quite reasonable to people who previously would have expended energy against it, and now they're in support of it. So that I think is really good. And there's a lot of other hopeful things. So I would try to be as uplifting as possible. And it's not just the rum. So near the end of the film, we saw something about another source. I may have been missing some news or something, but I don't remember anything about that being public. Do you know what happened to that? As far as I know, any other source that was mentioned in the film is still anonymous and they're still free. I'm not exactly sure because I was not involved in that part, but I also saw the end of the film and I've seen a bunch of other reporting which wasn't attributed to anyone in particular. So the good news, I mean, there's an old slogan from the Dutch hacker community, right? Someone you trust is one of us and the leak is higher up in the chain of command than you. And I feel like that might be true again. So hopefully, I think that guy has a question as well. Yeah, so part of the problem initially was that encryption and software was actually not so easy to use, right? And I think part of the challenge to everyone was to actually improve on that situation and to make it better. So I'm asking you if you've observed any change and to the rest of us in the room, well, have we done anything to improve on that? So I mean, I definitely think that there is a lot of free software that makes encryption easier to use, though not always on free platforms which really is heartbreaking. For example, Moxie Marlin Spike has done a really good job with signal tech secure and red phone of making end-to-end encrypted calling, texting, sexting and whatever apps. Sext secure I think is what it's nicknamed. And I'm very impressed by that. I mean, it works really well and that is something which, especially in the last two years, if you have a cell phone, which I don't recommend, but if you do have a cell phone and you put in everyone's phone number, a lot of people that I would actually classify as non-technical people that don't care about free software as a hobby or as a passion or as a profession, you see their names in those systems often more than some of the free software people. And that's really impressive to me. And I think there's been a huge shift just generally about those things, also about sort of social responsibility where people understand they have a responsibility to other people to encrypt communications and not to put people in harm's way by saying unsafe stuff over unsafe communication lines. So I think there's been, in my personal view, it's been better, but the original problem wasn't actually that the encryption was hard to use. I think the main problem is people didn't understand the reason that it needed to be done and they believed the lie that is targeted versus mass surveillance. And there's a big lie and the lie is that there is such a thing really as targeted surveillance. In the modern era, most so-called targeted surveillance actually happens through mass surveillance. They gather everything up and then they look through the thing they've already seized. And then of course there are targeted focused attacks, but the main thing is that the abuse of surveillance often happens on an individual basis. It also has a societal cost. And I think a lot of people really understand that and it's probably because I also live in Germany now for the last two years, but I feel that German society in particular is extremely aware of these abuses in the modern world and they have a historical context that allows them to talk about it with the rest of the world where the world doesn't downplay it. So this is how other people relate to Germany, not just about how Germans relate with each other. And that has also been really good for just meeting regular people who really care about it and who really wanna do things. So like people's parents email me, like I wanna protect my children, what's the best way to use crypto with them? Things like that. And I didn't ever receive emails like that in the past. And that to me really is uplifting and very positive. Just a quick organizational question. So right now we're live streaming the Q and A, are you comfortable with that? So just, you know, or should we? I don't think that in the last three years I've ever had a moment that wasn't being recorded. Okay, I'm cool. I'm cool. I'm cool. I'm cool. Just so you know, yeah. I'm cool. I'm cool. If you're fine with it, you're really on. It's fine, just don't do it when I'm trying to sleep. So I was wondering why Laura and you ended up in Germany because what you said about the people in Germany might be true, but I'm really ashamed about my government, how they deal with Spine the Chancellor and anything that they are doing nothing for this. And so, yeah. Yeah, so the reason that we ended up in Germany is because I've been attending KS Computer Club events for many years and there are a bunch of people that are a part of the KS Computer Club who are really supportive and good people who have a stable base in infrastructure and the German Hacker scene in particular has this phenomenon, which it's a part of society. So there are people in the CCC who will talk with the constitutional court, for example, and that creates actually a much more stable civil society and those people were willing to help us. They were willing to hold footage, hold encrypted data. They were willing to help modify hardware. I mean, there was a huge base of support where people, even if they had fear, they did stuff anyway. And that support went back a long time and so we knew that it would be safe to store footage for the film here in Berlin, not here in Heidelberg but here in Germany. And we knew that, of course, there were people that would be helpful, right? In the US there's a much bigger culture of fear where people are afraid of having their houses raided by the police, where there's lots of detainments at borders, like speculative arrests, journalists that are jailed. So the situation was not to say that Germany is perfect. I mean, I revealed in Der Spiegel with three other journalists that Merkel was spied on by the NSA. It's very clear that the German government is complicit with some of the surveillance, but in a sort of like pyramid of surveillance, there's a kind of colonialism that takes place and that the NSA and the GCHQ were sort of at the top and the Germans are a little bit below that. There isn't, and the thing is that there's not a lot you can do about that. And so even though we revealed this about Merkel, it's not clear what she should do. It's not clear what anyone should do. But one thing that was clear is that if they wanted to break into our houses, they would do it in a way that would cost them very, like a lot politically. It would be very public, right? The last time that someone raided, someone working with Der Spiegel was in 1962 during the Spiegel affair and some ministers were kicked out. You may have seen recently the land spot thing with net's politic. I mean, the charges now against them have been dropped. That would never happen in the United States. We would not be safe, right? And I still, for my investigative journalism and my work with WikiLeaks, and my work with the Torb Project, I just won't even go back to the US because there's no chance that if they wanted to do something to me that I would have any constitutional liberties, I think, and the same is true with Snowden, right? You just won't get that fair trial. And we thought at least here we would have ground to stand and fight on and it's exactly what happened and we won. All right, this is also about the stuff that you talk about, which is in the very old days we used to put sort of red words at the end of every message. So make sure that it would be hard to find the actual subversive messages among all the noise. And you can think about the same thing here, right? Should we build our system so that everything gets encrypted all the time? Yes. So that there's noise, let's, you know. I mean, I have a lot of radical suggestions for what to do, but I'm gonna talk about them tomorrow on the keynote mostly. But to give you an example, when you install Debian, you can give someone the ability to log into the machine over a Tor hidden service for free. You get a free dot onion when you, you know, add two lines to a Tor configuration file. We should make encryption not only easy to use, but out of the box we should make it possible to have end to end reach ability and connectivity. And we should reduce the total amount of metadata to make it harder for people that want to break the law, that want to break into computers. We should solve the problem of, you know, adversarial versus non-adversarial forensics so we can verify our systems with open hardware and free software together. And there's a lot to be done, but the main thing to do is to recognize that if you will have the ability to upload to Debian, there are literally intelligence agencies that would like those keys. And we have a great responsibility to humanity as Debian developers to do the right thing, to build open systems and to build them in a way where users don't need to understand this stuff. There are a lot of people in the world that will never see this film and we can solve the problems that this film describes largely with free software and we can do that without them knowing and they will be safe for us having done that. And if we can do that, the world will be a better place. I think. And in fact, I think the world is a better place because of the efforts that were already done in that area that made this possible. The TAILS project made it so that a bunch of people were good at investigative journalism but absolutely terrible with computers were able to pull this off. And that is entirely the product, in my opinion, of free software. And a little bit, a little bit at Laura and Glenn, but I would say a lot free software. So. How many people do you think NSA has working within the Debian community? Well, I looked in the Snowden archive about that, actually. And, yeah. And as far as I can tell, Debian is not a high priority target for them. I mean, they write exploits for all sorts of stuff. But I never found any systematic attempt to compromise or to harm the Debian project. But obviously there are people that are paid by the NSA to infiltrate communities and that's why we have to have open, transparent processes so that if those people behave badly, we have an audit trail. Like we won't actually ever stop that kind of stuff. But what matters is that people do good things. It doesn't matter who they do bad things for as long as we can correct those things and or catch them and stop them before it happens. But as far as I know, there are only a couple of people that have ever been associated with the NSA and the Debian community. But I think we shouldn't get paranoid about it. We should just be prudent about our processes because there are lots of intelligence services around the world that do not like the values of a universal operating system. So I think it's not super important to look but I did actually look very specifically for a whole bunch of people in the Debian community to see if any of them also were being paid by the NSA and I didn't find any serious thing that raised concern. And if I did, I would have, I mean, there were lots of things that I found in the archive that I immediately notified security teams about and where I worked to, along with many other people to actually try to fix those things. And one of those things, if we had found them like infiltrators in Debian, I absolutely would have just told people about it. The problem is that a lot of other journalists don't want to do that because there's a 10-year felony where you go to prison, a federal American prison for 10 years if you reveal the name of an agent. So there's a tension there but I think that there's something to be said if they're actually actively harming the community and they're committing a crime, I think there's something to be said about that. So if I found that, I think it would be worthwhile but just so you know, there's this high cost. So if there were people in the agency now because they saw that we used Tails and Debian and they wanted to subvert it, there's a really, really high bar for punishment which suggests that maybe people won't tell you. So we need to sort of bank on the fact that we'll never know but that we don't need to know as long as we have good processes that would catch bad behavior. And that's one of the strengths of Debian. There are very few operating systems, I think and just in general, free software communities that are as diverse and committed to the openness and the free software nature of this kind of a project and so it's very important to stay to that. But I do think one of the things that will happen in the future at some point is you'll start to find people in the Debian community that are pressured by other people to do bad things. So we need to set up processes that will stop that to create an incentive for that not happening. But I mean, it's really tough. So I think openness, transparency and accountability are the ways that we actually can combat that because otherwise we won't really be able to solve it. But don't be paranoid. It's the other thing. They really are out to get you. So be prepared. Hi. I'm just wondering how trust was established because I've just realized in this community for you to verify your public key and even fingerprint is like you have to produce your passport. So I'm wondering how Laura might need to like exchange their keys, it's not an issue that they were really talking to the right persons. Well, they had a whole like sort of dance for doing key exchange. And I think, you know, it was a little bit luck and a little bit transit of trust. It was a little bit of the web of trust and it worked pretty well. I mean, I don't think that the key signing stuff that Debian does is anything close to what they were doing. They just wanted to make sure that the keys that they had had were the right keys and that they weren't compromised and that then they would change things. So there was a point in the movie where they said, you know, let's disassociate our metadata one more time. And what that means is they changed all of the identifiers that are visible to the network. So new keys, new email addresses, whatever, new tour circuit, et cetera. And, you know, this is kind of like a key consistency thing where they have the right key to begin with and they continue to rotate over new keys. This is also sometimes called tofu. This is, I think, weaker than the web of trust but a lot easier for people to do and very easy to explain and it worked out pretty well. It doesn't like scale really well but it has a separate sort of good side which is the web of trust explicitly names a web of co-conspirators. And so you kind of don't want that feature. It's useful for something like Debian. It's not useful for clandestine conspiracies to commit investigative journalism. Wow, another lots of questions. This is great. Somebody working on Tales told me that the NSA has a file on every DD. Is that true? Do you know even? Okay, so when you balance your checkbook, just to answer your question in a really strange way, when you balance your checkbook or you balance your bank account and you think like, this is how much my rent is. This is how much food is. This is how much I have to spend on some new hardware. You know, you think about money in like an individual way. But if you think about it as a state, the way that a state thinks about money is not, they don't balance budgets the same way that you do. They think about long-term investments very differently. They have other people's money. It's a whole different way of managing it. And the NSA is not the stasi. So it's not that you need to worry about them having a file on you or on every Debian developer, but rather there exists some laws in the United States that say for cybersecurity purposes, you don't have constitutional rights. And based on your accent, you weren't in America anyway, and you're not in America, so you don't have any rights at all anyway, according to them. They're just allowed to do whatever they want to you, up to and including murdering you with the CIA. That's what they do with drones. That was at the very end of the movie. So it's not that they have a file on you. It's that they have giant databases full of information on all of us, and then they, when they're interested in you, pull up all your data and the associative data, and then they use that. And sometimes they use it to target you to break into your machines or to find people to assert pressure on or to do psychological manipulation, all that stuff. They do all of those things. And so it's not that they have one file on you. Though maybe it depends, if you work on a critical package like the Linux kernel, they might be more interested in you than if you work on something, I don't know, something else. I mean, I don't wanna denigrate anyone's work, but they have very specific focuses, and so they definitely are interested in being able to compromise systems, right? And so it's not, you may also have a file, but it's really the meta list is the new way of thinking about it. And in some senses, I think that's actually scarier because they just hoover up everything all across the whole internet, and things that are interesting, then they have them. And depending on what interesting things are there, they maybe put those in a database that lasts forever, or maybe it's just around for 30 days, or maybe it's full content for nine days or something like that. And then of course, if you are a person of interest, they of course do do the same stuff that the Stasi does. They do that Cezette stuff, if you're familiar with this German term, disintegration. They do that kind of stuff along with Jtrig from GCHQ. So they harass people, blackmail them, do all sorts of really nasty stuff. And they do that also. So it's both of those things. But again, I don't think you should be paranoid. You should encrypt your stuff and help people to do the same, and know that in a democratic society with a secret political police, the right place to be is in their database, right? You should be proud of being surveilled by them. That means you're doing the right thing. Nonetheless, we should stop them also. I'm curious about your views about Snowden actually coming out and saying he was a whistleblower. Because I know when he came out, I had some fierce discussion with friends about it. So I wanted to know what you thought about it. What do you mean came out like that he? He said, I'm Benware Snowden, I'm the whistleblower, here I am. Instead of just being anonymous the whole way and just sending files to people. Well, I think the main thing is that it's about control of your own narrative, right? I mean, if we could have done everything here being anonymous and gotten away with it, would that have made the same impact in getting other people to come forward, even if they maintained their anonymity? So I think that what Snowden did, what's beautiful about it is that he basically did enough where he could then survive. Our job now, for the most part, a very good friend of mine told me, he's a little bit of a fatalist, but he said, your job, Laura's job, Glenn's job, Snowden's job, your job now is just to survive. That's all that you need to do now. You don't need to do anything else. You should go do other things, but like drink a glass of wine, relax, be happy, have a nice life, but just survive. So that other people can see that you can do the right thing, and even though you could have done more, you did enough and you lived through it. And so Snowden coming out and telling us all of these things, I mean, you had really powerful people saying he should be assassinated, right? Hung by the neck until dead was what one of the CIA people said. So he probably could have continued to be anonymous for a while, but imagine if the NSA had got to reveal his identity. How would that have been framed? What would the first impression have been? I think they called him a narcissist, and they called them all these terrible names. And it didn't really stick because he basically said, come at me, bro, I'm ready. And you can do your worst, but you can't get rid of the facts. So let's talk about the facts. And I think the timing of how he did that is good because people really cared about the issues, but then he also recognized that it was a matter of time. The NSA police went to his house. They really bothered his family. They've done that with my family as well. Other people's families have had trouble. So I think it's tough because I think he probably would have liked to have been able to not have that happen, but there comes a point in which you're the person that has accessed all that information and they're gonna figure it out. No amount of anonymity I think will last forever, but it can buy you time. He got exactly the amount of time he needed. The really sad part about him coming out in public when he did though was that he got stuck in Russia because my government canceled his passport. I think mostly for propaganda reasons because in the United States we denigrate all things relating to Russia. And there are lots of problems with Russia and especially with Vladimir Putin, but at the same time, that seems to be the only country that was willing to uphold his fundamental liberties. I went to the Council of Europe and to the European Parliament, to the German Parliament, to the French, sort of to the French Parliament. They didn't really want to meet with me, but also to the Austrian Parliament and to a number of other places. And everyone said, oh, we would really love to help anybody who needs help. Oh, it's Edward Snowden, never mind. And so, well, I have a lot of critiques on Russia. The propaganda aspect of it was very damaging for him to be stuck in Russia, but on the other hand, he's still alive and he's still mostly free. And they recognize his right to seek and to receive asylum. So there's a lot of trade-offs to think about identifying oneself. And if you were thinking about being the next Snowden or helping Snowden or something like that, you really have to think this out many steps ahead. And it's easy to say, oh, he should have just stayed anonymous and no one would have ever figured it out. But that's very clearly not planning for the case where they do figure it out and then they're going to be in control of the narrative. And in that case, you I think are better off to do what he did. And I think he did so quite reluctantly. He's not an egoist or a narcissist. He's actually a really shy guy from what I can tell. And so I don't know exactly what conversation you and your friend had, but I would suspect that the notion is that people are more powerful and anonymous. And that's true sometimes, but not always. And it's important to remember that anonymity technology is there. So you have a choice, not a requirement. And that choice is sometimes counterintuitive. But I think he did the right thing in this way. And I wish that my government had done right by him as well, but we did not. So there's a couple more questions. Do you want to keep going on? Should we get in a little club matter? I would love some of that rum. Oh, rum, yeah. I think I have to say, wait, what do I have to say? I have to say GRSEC, right? GRSEC kernel, and then rum appears. Rum is a service. Fantastic. Yeah, and I'm really happy to keep taking questions because to me, what I want is every person in this room to really feel a part of this because you really are. A lot of the people that I've met in this community really inspired me to action. And it's important to understand that really it would not have been possible without Debian. For example, Debootstrap, very important tool, right? With Weasel's packaging of Tor, it allowed us to have bootstraps of things. It allowed us to build things. And using free software really was helpful. So if you guys have any questions at all, I mean really each and every person that helps with Debian should just know that you're a part of that. And I'm happy to talk for as long as you want, basically, to answer all of your questions, except the ones that put me in prison, thanks. Just wanted to make a quick note about the question, do they have a file on me from all I've read so far? It's just that they are doing the thing which is in the commercial world called Big Data. Yeah, absolutely. Oh, boy, do you hear a second again, huh? Martin? Not Rahman. Oh, boy. It's good. It's going to be a heavy morning tomorrow. All right, there's some more. I saw a couple of their hands in the back. Oh, in front, yeah, hi. Oh, I was just wondering if there's anything that you noticed throughout this that you think that we could improve in Debian to make the next people's lives easier? Oh, my God, I'm so glad you asked that question. That's so fantastic. I'm going to talk about that tomorrow in my keynote, but let me tell you one that I had. I revealed a specific document about a Wi-Fi injection attack system. It's a classified document. It's a top-secret document for a thing called Nightstand. And what Nightstand is, is it's basically like Carmeta-Sploit. It's a Wi-Fi injector. Wow. Cheers. And... Dankeschön. It's a Wi-Fi injector device. Oh, Jesus. Tonight's Whiskey is sponsored by DrunkTank.org. They just forwarded out there. So this Wi-Fi injector device, what it does is it basically is able to exploit the kernel of the device by sending, say, malformed data over Wi-Fi. Now, I have a series of photographs, so all of us used X60... Not all of us, but most of us used the specially-modified X60s where we removed the microphones, soldered down things on the PCI bus. We removed, like, firewire and all these different things. We really modified it, flash-core boot onto it, flipped the read pin so it was only read-only, so we couldn't easily make a BIOS root kit and make it persistent. We booted tails, did all this stuff. Often we would boot two RAMs so that once the machine was powered off, you know, basically it would be done. You just pull the power out, you don't have a battery in, and when the power fails, you have an instant kill switch. So things that are in tails that are really useful include this wiping the kernel memory package, which I hear is being packaged for Debian soon, which is very exciting, because everyone should have access to that, so we can tie it into something like the new Panic D or these other things. But one thing I kept having problems with is this Wi-Fi injection device, I'm pretty sure was very close to my house. Like there's a white van outside, it's kind of vibrating a little bit, like there's a guy walking around in it, and all of a sudden an X60 here, an X60 here and an X60 here just booted into tails, not doing anything at all, but on a Wi-Fi network, kernel panic, kernel panic, kernel panic, all the same kernel panic, all the same memory offsets in the Apple Talk driver of the stock kernel for tails. I mean, I think I filed a bug with tails at the time, but this is just incredible because it's clear that all the crap in the default Debian kernel that you really want for your 1992 Apple network makes operational security really hard, and one thing that would be really great would be GRSec enabled kernel that... Just have to drink. But as an example, we built some custom... So we built different custom machines, and one of the things that we did for some people and in some circumstances was to build GRSec enabled kernels, and I'm not going to drink again. So we built those kernels, and... Yes, exactly, those ones. And that was work which creates a problem for a bunch of reasons. When you build custom kernels, and you only have a few people that can build those kernels, you actually build a chain of evidence of who helped who, and if that was a stable normal package that people could install in a Debian pure blend, it would have been easier to do that. We built a lot more sandbox profiles for various different things. We built some transparent torrification stuff, and that required a lot of bespoke knowledge, and it required a lot of effort that a lot of people did not have because they had a different set of skills. So I think that kind of stuff built in to Debian by default, making a Debian install that can do that, and also verification would be great, right? So I wrote some custom scripts where I could look at a Tails disk or a Debian install and know if it had been tampered with. And it would be nice if there was just a verification, like a disk you could boot, that did verification of an installed system very, very easily. So easily that Glenn Greenwald could use it. Very politely, but what I mean is it needs to be easier than that for everybody else, because Glenn at least knows that he has a reason to use it. And so that was something that we really needed help with, and we spent a lot of time on that. And there are lots of other little things like that, and I'll talk about some of those things tomorrow, but one of the really big problems is actually hardware, which is that you cannot buy a modern Intel CPU that doesn't come with a backdoor anymore. And that is a huge problem, and I'm not sure that the answer is to use ARM. It seems like the answer is to use ARM, but that's only if we assume that ARM just didn't add a backdoor that's obvious. And so we really need to think about how to, in moving forward, how to have easy to use, easy to buy on the shelf, Debian hardware available everywhere, all the time. So you can just go and buy this thing and verify it in some way with some other machine to know that you would have the right thing. And to that extent, we didn't have X-rays for a lot of the circuit boards, so that made it very difficult to know if when you buy something, if it's been tampered with, and I'll talk about some of that, also that stuff tomorrow, but basically, Debian does a lot of stuff right, and that is also worth mentioning. There's so many things that just work right out of the box that just work perfectly, so the main thing is to keep the quality assurance at the level or to exceed where it is right now, because it actually works super, super well, the exception being for very specific targeted attacks, the kernel attack surface is pretty big and pretty bad I think. And also, we rebuilt some binaries in order to sorry, I'll get to you in a second, we rebuilt some binaries to make sure that we had address space, randomization and linker hardening and like stack canary stuff, and for some things lately we've been using address sanitizer, so I mean it would be really great if all of the hardening stuff was turned on, if there was a stack on the desktop, but there's no security, so we could have a Linux kernel package with GR security applied, but it wouldn't have any of the other Debian patches. So I talk with Brad Spender about this, and I'm so glad that you said that, because what he said is that he would as far as I can tell, he's totally interested in helping Debian with this, and Debian is not interested, and he actually runs a kernel building service where they do individual kernel builds, and I think he'd be interested, and when I told him we'd love to have this in tails, he said what patches do I need to include in GR Sec to make sure that it will work, and he offered to do the integration into the GR Sec patch if there are not too many things, so I think what we should try to do is build a line of communication, and if it costs money we should find a way to raise the money, I'll put in some of my own personal money for this, but what we do for their leaking platform, if you go to the intercepts website and you want to leak them a document, they actually use free software everywhere, but there are a few things that they build specially, and one of those things is a GR Sec kernel, so the people at first look that help make this movie and who work on SecureDrop, they would probably also, I'm not committing them, I don't actually know that they would do this, but I think they would really like it if that was in there, and if we can find the community will to do that, and the back would love to help with this, I know the ACLU is just totally behind funding this work, right? I thought you were there to protect my civil liberties, buddy, but I really think that it's possible that we can do this, and I definitely think Brad would really, the author of GR Sec, I think he'd really love it if DebianChip GR Sec, and it doesn't need to come by default, but if it was possible to just have it at all, that would be great, so we can have an affinity group where everyone who's interested can meet sometime tomorrow, and we can talk about doing this, I would love to have that conversation. Who are you? Ben Hutchings. Oh, wow, nice to meet you. It's awkward. Hi. Sorry to interrupt the awkwardness and replace it with more awkwardness, but it's nice to see you, Jake, so I remember reading the documents in 2013 and seeing the NSA's internal training guide for how to query their Hadoop Datastore, aka Xkeyscore, and so I thought I would just ask you if you think Free Software Net sort of helps us or helps them? I'm really glad you asked that question. I think that Free Software helps everyone on the planet, and I think that purpose-based limitations will understand why people want them. I think that we should try to build a world where we are free, and so putting in purpose-based limitations is really problematic, and I think what we should do is try to mitigate the harm that they can do with those systems, as opposed to pretending that they care about Free Software licensing. These guys kill people with flying robots. It's illegal to murder people, and they do it. Limiting their use with licenses, first of all, that means they'll just spend your tax money to rewrite it if they care about the license, and you won't get their bug fixes or their improvements, and then additionally they're still not going to obey your license anyway because literally some of these people work on assassinating people, so it is better that we keep our integrity and take the high road and write Free Software, and we give it to every single person on the planet without exception. It's just better, and it's better to do that. The fact that they have Hadoop, the fact that they, for example, use OpenSSL or maybe even if they use Tor or whatever, or they use GDV to debug their exploits, I kind of wish that on them. I think it's great. One of the things Che Guevara said in his manual about guerrilla warfare in Chapter 2 is that he talks about when you have to arm a guerrilla army, and this is sort of not exactly related, it's an analog. He says that the most important thing is for the guerrilla army to use the weapons of the people that they're fighting, the oppressor, and the reason is because it allows you to resupply, essentially. When you win a battle, you resupply. When we all use the same Free Software and we're working on these things, the fact that they have to contribute to the same projects and they often do means that there's a net win for us. They do have some private things that they don't share, obviously, with people like Edward Snowden. I think that it is a net positive thing and if we think about it as a struggle, we are better off to take the high road and so I really think we should not pretend that we can stop them and instead we should work together to build solutions and I think that Debian is doing that. I think Debian is much harder to compromise than a lot of other operating systems and it's much, much harder to coerce people and I think that there's a strong ethos that comes with it. It's not just a technical project, there's a social aspect to it. We've been in the new maintainer queue for like 11 years, maybe that's a little too long, but there's a huge hazing process. Anyone who really wants to help really, really wants to help and if they want to do something wrong, there are processes to catch people doing things wrong. So we should really stay true to the Free Software ethos and it really is a net benefit. Hi, Jake. Thanks a lot for saying so much. Cheers. Cheers. Just wanted to give a shout out. You mentioned possible backdoors in CPUs and so on and that might not be the next bad thing because it's not so open either. You might want to have a look at Power8. It's basically PowerPC64 so Debian has support for it as far as I know and most of the stuff is actually open. I mean, not the actual designs that IBM is using, but you can have actually the FPGA implementation of it and you can actually, if you have the money, make your own ASICs for it without even knowing how to do it which is pretty good, I think. I think, I mean, there are lots of things that we can hack, right? I had one of those like weird RMS laptops, the Limote or whatever it's called for a while and I definitely was able to get some Free Software running on it in theory it was a Free Software laptop but getting other people to use this is the problem. We need to get everybody to use it, right? There's a sort of old anarchist cliche none of us are free until all of us are free and really, that really applies here. We really have to have free software that's usable by everyone otherwise we're sort of bound down by the lowest common denominator of free or proprietary tools depending on what people have to use so it'll be great when we have that and there's a thing called the Milky Mist which is a video mixing board implementing a Free Software CPU that you can boot Debian on or open WRT and it does work and I have used it and in fact I used to use it as a shell and for a long time I used to use a Debian trick that actually I've never talked about that in public let me think about that for a second so I used to use an IRC client that was really buggy and I couldn't figure out where all the bugs were but I knew that if I hung out on certain networks that someone else would help me find those bugs I was trying to exploit my client and I wanted to make it as hard as possible so I ran my IRC client inside of a Debian machine that was running an S390 emulator and then I ran on my S390 who here uses Hercules thank you to whoever packaged it and so I would use Hercules it was a very long install process very slow but then I would do this and what I sort of always dreamed of doing at some point was using the Milky Mist and Hercules together it was ridiculously difficult to exploit plus GR set kernel but that's just not I mean it's not a usable thing so what we need to do is take these kinds of prototypes which actually do represent many steps forward and we need to make sure that they're produced on a scale where you can go into a store and purchase them anonymously with cash in a way that you can then verify and we're actually very close to that with software defined radios and with open hardware but we just we're not quite there yet yeah what I meant is Power 8 is basically getting big currently on the server market and it might get big for other stuff also hopefully I want to come back to the story about the panic in the Apple Talk driver on two of my the common approach against this compiler all the stuff not compiled in yet but on two of my systems I have ModPropWrapper which has a white list of modules that may be loaded and I install that wrapper as the thing that the kernel uses for loading modules do you know if such a thing exists elsewhere or if not maybe I would be interested in developing into something that is actually usable by other people so that would be great in this case we were using tails and so tails tails is very finicky about what it will accept and very reasonably so and so having that be in Debian would make it a lot easier to get it into something like tails I think but the main thing is really we have to think about the attack surface of the kernel very differently the problem is not Apple Talk the problem is the Linux kernel is built with a lot of code and you can auto load in certain cases certain things come in and certain things get auto loaded and I know Bdale loves his ham radio stuff but I never use ham radio on my machine I use for clandestine conspiracies that's a separate machine it's over here and so we just need to find a way to think about that and part of that could be kernel stuff but also part of it could be thinking about solutions like that where we don't need to change the kernel but it would be really fantastic actually some time ago after the I think it was Econet exploits no one uses Econet it was broken in a way but you could exploit it because it was auto loaded so I actually went through and turned off a few of the turned off auto loading a few of the more obscure protocol we could probably go further with that even in the default I think it would be great to change some of the kernel stuff so at least Tails is a special use case where I think it's very important and it doesn't work for everyone but we should just consider that there are certainly things which are really great and I want to use Debian for it because Debian is a universal operating system but then for like a modern desktop system where you're running GNOME and you haven't set anything up Apple talk for example to load that module themselves for example you could have a lot of these things are going to have supporting utilities so you can put something in the supporting utilities that load it at boot time and if you don't have those installed you don't need it and I think there's lots of ways to do it where the network can't trigger it and that's important that puzzled me the protocol modules should get loaded when userland opens a socket of that it shouldn't happen in response to network traffic but I mean there are things like I think if config if you run fconfig that can also load a bunch of things I think on either side it should be more explicit and I think in this case with Tails there was a time when you looked at the kernel module list and it was pretty amazing I think there was an X25 thing, an Apple talk thing and you're like wait this is all about going over tour we don't support any of those things at all so it's just kind of like the way that things are interdependent I mean it's not a dig at the kernel itself I think the Linux kernel as it works in Debian today works really well for a lot of people but there is definitely a high security use case and I for example if I were a Debian developer I would run a machine where I didn't run a web browser and I took a lot of effort it would be really nice if there was also a kernel that sort of put in the same sort of threshold of security and I think that a DRC kernel with some stuff changed about it like getting rid of Apple talk and a few other things would be closer to that and combined with that guy's tool that he's talking about you could make it a lot of loadable modules that at least even if the system was going to auto load it kind of way and I think there's a lot of stuff proactively to do on that front and there's another project called subgraphOS which is basically working on becoming in some ways a Debian derivative and they're going to do stuff like DRC kernel and they have a whole sandboxing framework which uses AppArmor, SecComp and Expr and a few other things and I think that they'll make a lot of interesting security decisions which might make sense to adopt in Debian later or I think Matthew Garth has some interesting criticisms of that and how it wouldn't really work and Wayland was a better way to go than XPRA but I've heard those criticisms but Matthew Garth is wrong so not usually but in this particular case for example the sandboxing stuff I mean if you have like a GNOME app store essentially that's for one set of users but for like a Debian developer writing your own policies it might be useful and if you need and you might not have a full solution we might want to have both for a while for example and I think it would be great and the main thing is just we need to find people who really think about those issues and try to integrate that because the security knowledge, most people who write exploits or that understand how to do offensive security stuff they don't want to help free software projects they just want to exploit them and so some of the subgraph guys one of the things that I really like about them is they're trying to improve the free software projects we all use even though they may have different decisions they're making for free software all the same so so maybe also something other thing to keep in mind is actually that there is also a social aspect of all this pressure which push NSA if NSA wants to push anything inside Debian so if we actually also need to make sure that if they put pressure on somebody we have any way to help these people not to actually land in prison so actually there's also a social aspect of supporting people which get pressure from anyone I mean if anyone is ever in that situation one thing I would say is you would see a right to stay silent you have the right to remain silent I think is the phrase the police would say but there are definitely communities of people that will help you there's a group called the courage foundation for example which was started by Sarah Harrison and the job that the courage foundation has taken on is essentially to help people who would be sources or who are in harm's way like this and if you found yourself in that kind of a position there are people who will try to help you I really don't think that that is the next step in this I think that that could happen it's much more likely someone is going to write an exploit for Firefox that's the way they're going to own Debian people in the future for the most part that's how they own us today right Firefox number one enemy to secure you on your Debian machine probably and that's not a dig at Firefox it's just super complicated software and these guys are really good at writing exploits and that's an easy target so I think do need to deal with the social thing but we also should look at some of the technical problems and then when and if people have that you can contact me I'm super happy to try to put you in touch with people who will help and obviously get a lawyer get several lawyers if you can probably contact the EFF or the ACLU depending on where you are but at least in Germany and in the United States in a few places it isn't so bad yet that they can put that kind of pressure on you openly in a free software project if you write proprietary software you're in a very different situation and there are definitely people who are in that situation I don't envy them and their position is much harder so actually writing free software already makes you not at the very beginning of that target list I think any other questions? wow, Jesus where's the room? so yeah a couple more excuse me how do you deliver the encrypted message without exposing the connection to the server party? could you which encrypted message do you mean? do you mean like jabber? I mean like email or jabber, yes yeah so for the most part we use systems where Tor hidden services are available to connect to them so we never even left the Tor anonymity network so they're end to end encrypted and anonymized you connect to a .onion address and then using crypto on top of that you connect TLS to a jabber server and then OTR on top of that so you sort of have this composition of different cryptographic systems and the core of that is Tor along with using throwaway machines going to locations where you never go twice using open wifi plus Tor plus TLS plus OTR and for email RiseUp offers Tor hidden services which allows you to do the same thing essentially and then using PGP as well I mean how about metadata like the delivery address of the target yeah so in the case of so for some of the some cases we use a system called pond and pond is a system that is completely Tor hidden service based pond.imperialviolet.org this is something I think Adam Langley probably wouldn't want me to say but I'll say it anyway it would be very useful to package this for Debian because it's a system where once you do a key exchange with someone you have an end to end encrypted messaging system that's like email where you can send files that are encrypted, you can send messages that are encrypted it's delay based you don't have usernames you just have a public key and then you have group signatures so that people can send things to your mailbox by proving they're a member of the group but not which member of the group they are so we use jabber, we use email and we use pond and those three systems together also allowed us to build a clandestine sneaker net so we have the ability to carry USB disks and a few of us carry them inside of our bodies and if you've never had that experience lucky you you want to make sure you use post quantum computer crypto for that by the way it's more comfortable should we relieve this man from his duties if you have any questions otherwise one more one more question so when the Snowden leaks were first published it created a lot of awareness and people were talking about it and there was a huge media echo if now some document is leaked people are saying there are all the surveillance and we aren't dead yet and we can still live our lives while they basically care less they still care a bit but they care much less than when the first documents were published how can we maintain awareness for this issue in the world population in your opinion there is a really scary thing that's happening right now there was this idea in the 90s we had the crypto wars do any of you remember this idea of the crypto wars a few of you do maybe not all of you do but we had the so called crypto wars in the 90s I encourage you to look this up on duck.go or whatever your favorite search engine is and in theory this is the second crypto wars now in reality what happened is the first crypto wars never ended we didn't actually win like we thought we did but there are a bunch of things that are taking place so for example making a stand against back doors using end to end encrypted communications actually pushing for that being quite open hosting those kinds of services and doing it from a principal perspective from a legal perspective I think that you will find that the tension will continue to rise for a while and I think that it will continue to be a conversation about public debate and an important aspect of this is that now regular journalists that don't understand technology at least understand the importance of these things and if they don't do that they at least perceive that they will be considered unprofessional if they don't care and think about those things they'll be somehow negligent and I think that will keep some of the discussion going and it will allow us to build some breathing room and that breathing room will allow us to actually build some alternatives but there are some downsides right some of the things that take place when you reveal security service spying is that it tends to get normalized to a degree but then in some cases it does get pushed back in the 70s in the United States it became illegal to do assassinations for example because what the CIA was doing was so atrocious that eventually there was political pushback it turns out it only lasted 30 years and we're still doing it again but I mean there's a saying in my country which is that effectively the price of liberty is eternal vigilance and that's what we are engaged in now and the liberty starts with software liberty I think in the case of communications on networks and so we have to have free software and it has to be responsibly encoding packets and data and I think that if we think about it in this sense we'll find a lot of pressure and we'll have a lot of discussions about it and we'll have a lot of debates like one of the presidential candidates in the United States just came out against encryption I hope that syncs his presidential campaign I mean it's weird to be against encryption it's like I'm against prime numbers no modular arithmetic I just want to say it is important to understand you are right people will be normalized about it but each and every one of us that understands these issues can actually keep it alive and the way we do that is that when we communicate with people I grew up in San Francisco and in the Bay Area of San Francisco in California and I did that in the 80s and so a lot of people that I knew had HIV and they died from AIDS and there was a huge discussion about this it was called GRID the Gay Related Immune Deficiency Syndrome before it was called HIV and AIDS and lots of people were sick and a lot of people died and there was a sort of normalization process where people sort of accepted this as their fate especially if they were in the gay community and still over years and years and years people began to build a culture about safe sex and they started to talk about respecting their partners and about talking about these issues and getting tested and it took a lot of effort to really go much further a lot of people actually died in that process it was a very sad, serious situation and I think we have similar discussions that are taking place now and some people don't take it seriously and if they happen to be Muslims living in Pakistan they might get a drone strike and there's a sort of survival mechanism that takes place there and it's an unfortunate parallel I think but I would really consider that we can change this dialogue by continuing to have it even though it's exhausting and by recognizing our responsibility and how we can make it better by continuing to do that and by building healthy alternatives and by building new systems and by refusing to backdoor any system ever completely committing to free software and to transparency of that software and also of those processes and really really really sharing the knowledge about it to make it impossible to suppress and so we should not accept the normalization of that we shouldn't make it fun to spy on people we shouldn't make jokes about it in like a way that normalizes it and we should respect those people who have been victims of surveillance and we should recognize that basically everyone here is a victim of surveillance to some degree and we should care about that and we should continue to be upset but not just be upset but to channel that anger into something useful like making Debbie in better Thank you Thanks Jake for such a long Q&A session I hope you enjoy the run and I'm sure Jake is going to answer any more questions if you can still talk