Feminist autonomous infrastructure in the internet battlefield: From Zombies to Ninjas
This article was first published at GenderIT.org, February 2017.
Stand up for women and non-binary people in tech. Join the general strike on February 23, 2017. Pledge to stay home from work, stay offline, and/or publicly protest.
The Distributed Denial of Women (DDoW) strike is an international call in protest to unequal conditions of women and genderfluid/queer in technology. It’s name alludes to a certain type of cybernetic technique (Distributed Denial of Service) that consists in overwhelming a machine that hosts sites (server) with requests to the point that it collapses: like a crowd invading a building and making it impossible for other people to get in.
DDoS has been a tactic in civil disobedience during the 90s but, in the present, stands in muddy waters. On one hand, now they are generally automatic and deployed by mercenaries hired by state and private sector to censor and fuel capitalism. Human right defenders and activists, independent media, feminists, LGTBQ* and non-conforming diverse communities at a whole are constantly targeted. The specific impact of attacking and silencing regions like Latin America, Middle East North Africa (MENA) and South East Asia adds more layers to the scenario.
On the other hand, the culture that surrounds Anonymous and other groups that take credit for famous DDoS attacks are deeply misogynist. Trolling1 on platforms like 4chan (notorious for promoting hate speech) and sexist allusions (one of DDoS tools slogan is based on a popular case of appalling cyberbullying and harassment).2
Autonomous servers like Riseup and Mayfirst and some others in the hacker community frown upon and discredit DDoS as an activist strategy.
Can DDoS attacks be power levelers? We enter the following dilemma: when we deploy a disruptive tactic, are we legitimising it? From a Kantian perspective we «ought not to do what we wouldn’t want our peer to do». Reappropriation is a way of redistributing the cards around the table, but it could slip into becoming immune or getting neutralised.
Ethics isn’t a static universal array of values, it’s a day to day exercise of constant unraveling and tangling up in community. We can’t separate a pure critical communication analysis, backed up by western sociologists, neither can we just be short-sighted about protocols and configurations on the backend.
Internet is on the verge, a battlefield of individualistic anarco-capitalism. There is no panacea for this, definitely not centralised internet governance, even when it involves multiple (and diverse) stakeholders.
It’s vital for us to stop dividing in islands: feminist swarming over there, freedom of expression here and women in tech in this aisle. We need to bridge our gaps, get across our barricades and project towards the horizon with kaleidoscopes made of story beads, skin flake sequins and confetti impulses.
What is problematic about the DDoW strike is the decontextualization of internet geopolitics. It doesn’t problematize: it just talks about gender and non-binary inequalities in the tertiary sector. What about the factories and the mines? What about the devastating environmental impact that affects women that aren’t in the global north or in urban regions? The ones that not only get sick because of contamination or endless work hours but sick of the system, sick of the sound of the machines rumbling on and on. What about autonomous infrastructure initiatives that strain under constant cross-fire and scarcity?
DDoS: actions or attacks?
DDoS actions are not RobinHood heroic gestures as Anonymous or Mr. Robot would like us to believe. Tech is not neutral. The internet is a combat zone and it isn’t fair play.
At some point, DDoS were human-based (client side) disobedience actions. Electrohippies and Electronic Disturbance Theater (EDT) of the 90s disrupted World Trade Organization (WTO) servers. “Deportation Class”3 action against Lufthansa airlines created enough pressure to stop them allowing the German government to use their flights to deport immigrants. 1995 Strano Netstrike,4 organized by italian activists targeted the French government in protest against their policies. EDT bombed Mexico’s president’s website and Frankfurt Stock Exchange as a reaction to their treatment towards the Zapatista movement5.
These actions were generally embedded in wider mobilizations of disobedience: street demonstrations, publicity and letter writing campaigns, art interventions… What we would consider now «snail bandwidth» in the dial up connection era and the fact that DDoS tools were very basic, developed by our own activist groups and purposefully hamstrung, meant that more humans, in their diversity, were involved and committed. Inevitably they had more agency, because they were involved in a broad sense: from learning how to handle a computer program to coordinating with a wider group and permeating public space.
Nowadays, DDoS is performed through botnets: clusters of malware-infected computers. These zombie computers present a crucial turning point in terms of ethics because it underlines «consent». DDoS attacks are increasing by at least 100%; their impact, both in complexity, volume and duration renders them more harmful. Lightening-fast broadband, mature malware techniques, capitalism mutating like crazy…
Content Management Systems (CMS) like Wordpress are being breached to perform, without admin’s consent, attacks to other sites. According to some sources, Wordpress powers 27.5% of existing websites, so we have potentially a huge army of zombies out there and we could end up, without knowing, beating up our fellows and friends on the Net. That’s crazy!
Without getting taken away with more numbers, out of the nearly billion web sites on the internet, Google quarantines approximately 10,000 a day via its Safe Browsing technology. Sucuri, a website security company, suggests that about 1% of the total websites online are compromised (9 million websites). So your site has probably been attacked at some point and you might not even know it.
Its becoming a venture capital industry: DDoS-for-sale services behind the façade of “website stress tests” for the price of a Caffe Mocha in New York run by so-called «hackers»6 and script kids with no ethics whatsoever.
Most DDoS attacks are in the private sector: just another dirty move for shooting the competitor in the foot. Extortion emails are bread and butter. But even if it doesn’t always affect us directly, it’s money invested in training the «monster». And in the kingdom of Cynicism: no holds barred. Now the Internet of Things is kicking in, devices can be easily exploited and used as a tommy gun7.
Riseup, a collective that provides online communication tools for people and groups working on liberatory social change, states that «DDoS is a weapon that can be brutally effective against marginal voices online, but is almost always ineffective against the powerful»8.
The odyssey of Black Lives Matter, a central organization of the movement against police abuse, brutality and misconduct whose site was shelled for weeks, is just the visible and represented face of the severe consequences of cyberattacks.
Human right defenders and activists, independent media, feminists, LGTBQ* and non-conforming diverse communities at a whole are constantly targeted. The specific impact of attacking and silencing regions like Latin America, Middle East North Africa (MENA) and South East Asia adds more layers to the scenario. In her book «The Coming Swarm», Sauter argues that in the midst of a deeply privatized internet, we need cyberstreets as a public space of disruption. She goes on to describe the Anonymous phenomenon as an «A-Culture», a kind of pop culture that satisfies our thirst of symbols and causes «biographical impact». Disobedience, according to Sauter, needs not to compromise our body or be seeded by a conscious agency.
Now, though I could agree on some aspects, you cant pack it all up in a pure critical communication analysis, backed up by western sociologists.
Recognize this meme? Perhaps you are less familiar with the backend of the protest. Guy Fawkes masks are produced in assembly lines in Brazil, in China… Can we still praise the symbol if it tastes like the fruit of colonial sexist exploitation and smells like black gold? What if I added that Time Warner owns the rights to the image and is paid a licensing fee with the sale of each mask. In 2011, purported members of Anonymous told CNN that activists were ordering masks mass-produced and shipped in from Asia so that Time Warner didn’t receive the loyalties9.
Critical insights like Silvias Federici’s «Technological Fetishism» remind us to ask ourselves about the full process that underlies digital technology: the exploitation and extractivism of its production, the deterioration of our capacity to affect each other at other levels..
Oooops! You broke the Internet
Many people that become aware that their site or platform has been knocked down, seek assistance through online security companies. Some of them have even created «social» projects like Galileo by U.S company Cloudfare or Shield that offer DDOS mitigation services to any «qualified vulnerable public interest website» (we could ask ourselves what is «qualified» to them).
Other orientations include moving sites closer to the core of the Internet: inside the small number of major ISPs, websites, and content distribution networks (CDNs) that have the experience and resources to defend against these attacks, particularly network DDoS attacks. For example, hosting your website on Blogger10.
But sheltering under the paternalistic wing of US magnates is extremely problematic, not only because we need to subordinate under their Terms of Service and the constant threat of being censored and handed into the government and agencies but also because it breaks the internet: it centralizes it’s architecture, fattens revenues for the 1%, blocks the right to anonymization and enables spamming, phishing and hate speech.
Though quite messed up in general, there are awesome projects and initiatives out there. I’ve already mentioned some above. Deflect not only provides a real free service (free as in freedom not as in no cost) for independent media, human rights organizations and activists but also rich analysis as a common good so we can learn how to face collectively this quicksand. Instead of just blocking off IPs (you can inherit a recycled blacklisted IP for example) or bullying people that use anonymization tools, Deflect deploys a whole array of tools to gain insight on patterns, createprofiles and taxonomies based on filtering, challenging and machine learning tools.
Instead of just blocking off IPs (you can inherit a recycled blacklisted IP for example) or bullying people that use anonymization tools, Deflect deploys a whole array of tools to gain insight on patterns, create profiles and taxonomies based on filtering, challenging and machine learning tools.
But at the end of the day, acknowledging such remarkable work and that their Terms of Service is consciously clear for humans to understand, they have to collect data, lots of it and not just from bots but also from humans and potentially this big data can be compromised. This isn’t Achilles heel of Deflect, it’s any centralized network’s flaw.
A much more resilient architecture would be a distributed topology (like a fishnet, all knots are equally powerful nodes) but this requires delegating responsibilities and rights and commitment amongst peers. There’s a long way to go from privative «free» web services with invisible responsive interfaces to peer-to-peer (p2p) autonomous ecosystems. The latter has been considered «over complicated», «inefficient» and «unstable» in the past. In the midpoint we have decentralized structures. A federation of autonomous servers for example. What does that mean? Well, that it’s not just some nerds over there hosting some sites and some anarchists over their providing tools for activists and bunch of feminists okkupying a VPS here. It means that these projects cooperate on a more daily basis and distribute their power (in all senses: political and cultural privileges, social capital, resources…).
How each project perceives themselves as «autonomous» varies: they don’t receive funding, it’s led by activists, they host sites that denounce corruption, sexism, racism, transhomophobia…
But an autonomous infrastructure is not just that. It implies shifting from an expert-user and security model to collective adhocratic ongoing processes of mutation; weaving community amongst members on that server, and networking with other allies in the same field; raising awareness on issues (politics is shifting); shaping internet’s landscapes; rethinking/doing labor and sysadmin…
Feminist autonomous infrastructure
Actually, I shouldn’t have to create another heading for this part because a rooted and meaningful autonomy implies necessarily feminism and political commitment. But it’s not like that. We are in the tower of Babel stepping on each other’s toes.
Still, in countless digital tech communities talking about gender, even to mention feminism or transfeminism provokes eyes rolling. Adding class and colonialism short circuits the discussion all together. Other fellow projects talk about oppressed groups as a whole without addressing specific power relationships. Gender or feminism rarely comes up in rad tech manifestos. Mailing lists and IRC channels are just one way of discussion. There are other methodologies that we can learn from that don’t come from hacker culture, neither anarchist and left wing movements.
So I do highlight this, as an additional layer, to discuss several key points related with economy and labor in autonomous infrastructure from a feminist perspective.
Critical feminist economy
Economy means «management of the household» and what immediately comes to your head? Women. Critical feminist economy underlines that what makes the world go ‘round is the immense amount of unpaid work that women perform in the household. Even in alternative labor contexts, we have difficulties escaping the «individual work hours salary» framework and fall in the trap of considering certain functions more «susceptible» to renumeration.
The «Commons» paradigm can unintentionally be perceived as colonizing and obnoxious. FLOK Society is just one of many examples. A first impression of the scenario is that there are lots of guys on the front line. Well, thats a constant everywhere, isn’t it?
Putting economy and labor, and even more from a transfeminist lens, on the table is still an elephant in the room. Check out any internet rights or hacker event schedule and see how many sessions address these topics. There’s normally a polarization between commercial and non-commercial services versus the idea of fair economy.
Many autonomous infrastructure projects are heavily volunteer-based and this phenomena can raise gender and class concerns. Cis-women, especially those above 30, have less «free time» for volunteering. If we go to countries and regions that lack a welfare state and minimal labor conditions, «free time» doesn’t even exist.
Volunteering in sysadmin follows partially what Eric S. Raymond defined as a «Bazaar» model: ahocratic work flows that depend on an array of previous skills and experiences. Of course, there is a learning curve that can be collectively managed versus macho condescending RTFM (read the fucking manual) and meritocratic dynamics, but still, not having access to these skills is a handicap.
Additionally, even though volunteering can be signified as a mutual support network, it risks invisibilizing labor. Can a server be really sustainable just with volunteer work? Normally, if you are a volunteer, you adjust in your little time pockets. What about all the implications (at an emotional, body and social level) of handling responsibilities, stress and pressure? Yes, of course, we’re a community but that doesn’t redeem us from burning out.
Another common characteristic of these initiatives is to undergo donation campaigns which tend to be a headache, require a lot of energy and can put a project at stake. The «free account» mentality so reinforced by internets data economy paradigm and diffusion of responsibility (thinking that the «other» will have «more money than we do», for example) are barriers.
Lets put Giss.tv as an example. A streaming platform for «free media, free as in speech, free as in software» with 133 active radio mountpoints. They constantly struggle to keep afloat. Recently they sent an email asking for support. The response? Only 0.5% of the community donated. Donation campaigns are very much coin-based and that, online, means payment gateways and plastic money most of the time. Without getting into details about ecommerce booms and expansion, there is less access to these systems in non-EU/USA and rural regions. We could also discuss security aspects behind this but that’s another chapter. Bitcoin as an alternative is very questionable at a critical economical point of view and in terms of liability.
Technological sovereignty doesn’t start just in the last mile
«Though buzzing in «internet user penetration», Asia Pacific and Latin America are the hot spots of electronic industry, generally under devastating conditions of labor exploitation and appalling environmental impact. Going one step back in the chain, to the source: minerals are extracted and sucked up from places like Eastern Congo and passed through a variety of intermediaries before being purchased by multinational electronic companies.»11
Critical insights like Silvia Federici’s in «Technological Fetishism» reminds us to ask ourselves about the full process that underlies digital technology: the exploitation and extractive aspect of it’s production, the deterioration of your capacity to affect each other at other levels…
Little end-note scribble
I can’t and don’t want to compact the whole topic about autonomous feminist infrastructure here and I am no-one to intend on painting the full picture. But, in any case, I have started to drift and will continue to do so this year in GenderIT so tune in and look out for future pings.
Person who sows discord on the Internet by starting arguments or upsetting people, by posting inflammatory, extraneous, or off-topic messages in an online community (such as a newsgroup, forum, chat room, or blog) with the intent of provoking readers into an emotional response or of otherwise disrupting normal, on-topic discussion, often for the troll’s amusement. Source: Wikipedia↩
«LOIC will tear us apart», page 123, from the book «The Coming Swarm» by Molly Sauter.↩
«Blockades and blockages: DDoS as direction action», page 53, from the book «The Coming Swarm» by Molly Sauter.↩
«Blockades and blockages: DDoS as direction action», página 50, del libro «The Coming Swarm» escrito por Molly Sauter.↩
“The Zapatista Tactical FoodNet” Source: Thing.net↩
«Blockades and blockages: DDoS as direction action», page 53, from the book «The Coming Swarm» by Molly Sauter.↩
Large CCTV Botnet Leveraged in DDoS Attacks Source: Sucuri Blog↩
«It’s Guy Fawkes Day — Here’s How Those Masks Make It From Factories To Protesters Around The World» | Business Insider Source: Business Insder↩
In the activist hacker community, normally there is a distinction made between «hackers» and «crackers», the latter being people that break and circumvent security systems without a political substrate.↩
Distributed Denial of Service Attacks Against Independent Media and Human Rights Sites | Zuckerman, Roberts, McGrady, York & Palfrey Source: Cyber Harvard↩
“The backbone of our thirsty complicities: from internet hiccups to collective synapsis at AWID 2016” by Nadège Source: GenderIT↩