Bonum Certa Men Certa

Sexual harassment: Nicolas Dandrimont & Debian Account Managers collective gullibility on Jacob Appelbaum

posted by Roy Schestowitz on Mar 13, 2024

Reprinted with permission from Daniel Pocock.

I previously wrote a high level overview of how Debian falsified harassment statements against Jacob Appelbaum.

Now it is time to look at the detail. Here is an exchange between Mehdi Dogguy and Nicolas Dandrimont. Dogguy was Debian Project Leader, Dandrimont has become a member of the Debian Account Managers team.

The key thing to note here is they are simply cutting and pasting smears about harassment from the Tor Project. The smears they are cutting-and-pasting do not come from real police or a court.

The Tor Project claims they hired an independent investigator. What qualifies somebody to be an investigator?

When claims were made about Jeffrey Epstein visiting MIT, the MIT management hired the law firm Goodwin Proctor to conduct the investigation. They told everybody that Goodwin Proctor was doing this work. People could bypass MIT and give reports directly to the lawyers. At the end of this process, MIT published the full report and the names of those who worked on the investigation.

Every step taken at the Tor Project was the opposite of the process followed by MIT. Their statement does not give any link to the report itself. Their statement does not identify the name of the investigator, the name of their firm or their credentials. This comment from Sheri Steel, the Tor Project leader stands out:

The investigator worked closely with me and our attorneys

In other words, it appears that the investigator was not able to work independently. If the name of the investigator was never made public, how could volunteers go around Miss Steel and speak to the investigator directly?

The Tor Project is using an address in New Hampshire, US, a jurisdiction that is well known for its attitude to freedom and deregulation. Here is an article about the qualifications of private investigators in New Hampshire. Notice in particular that NH accepts the registration of investigators who have been dishonorably discharged from the military and other police forces. There are no checks on the financial credibility or mental health of licensed investigators. The investigator could be anybody from an ex-fireman to an undercover mall cop.

The report from Tor Project is therefore only as good as the person who wrote it and what they were paid. If the investigator was in a weak financial position, they may have felt immense pressure to write a report that tells their client what the paymaster wants to hear. That is almost always the path of least resistance.

Large professional law firms would not put their name on a report like this.

According to a detailed report in German magazine Die Zeit, the claims against Appelbaum concern incidents at his apartment in Berlin. Under German criminal law, if Miss Steele or any other person who attended the party visit a police station and sign a complaint, the police have a mandatory obligation to investigate the matter. An investigation by the police is impartial and you do not have to pay them to do it. According to German law, every crime reported to the prosecutor must be recorded in writing by the public officials. In other words, if any woman had a genuine complaint against Dr Appelbaum, the prosecutor can not refuse to open a case. The nature of German civil code (StPO) is absolutely clear, the prosecutor is obliged to listen to every woman and investigate every single complaint.

The prosecutor does not charge victims a fee for making an investigation. This raises another question, why would any victim choose to give payment to an anonymous New Hampshire mall cop when they can use an impartial German state prosecutor for free?

Due to the nature of abuse, many genuine victims have great difficulty in coming forward to report a crime. For childhood abuse victims, it takes an average of 30 years for victims to come forward. Yet once a victim has decided to speak, if they have the courage to speak to a private investigator, why would they not speak to the police?

In every case, a police report can be more thorough, more credible and they can use their powers to protect genuine victims from further abuse.

If any woman was really in danger, if Tor Project genuinely cared about protecting women in future, why would they not use the criminal procedure?

Many of us put our trust in free, open source software for a whole range of critical services from the banking industry to nuclear plants. Users of Tor Project include activists in dangerous parts of the world who may be subjected to severe punishments, even execution, if they are caught communicating on the Internet. These people are trusting Tor and other open source software with their lives. Yet if we can't trust the people who make Debian and Tor, how can we trust the software?

If you are submitting an article to a peer-reviewed academic journal, you need to identify your sources, their names and the papers they published. The Debian Account Managers do none of those things, they cut-and-paste words from a blog about an anonymous source and accepted it all as truth. Given their role in the Debian Project, it is scary how they could be so gullible to fall for something like this.

Notice how Mehdi Dogguy wrote a statement that did not include references to sexual activity, see the title of the message, it is simply "Jacob Appelbaum and harrassement". The original paragraph used the word "abuse" without any qualification. Nicolas Dandrimont strongly insists on inserting the word sexual as a prefix to both those words. Such statements are a hideous defamation and can not be used without evidence.

Subject: Re: Jacob Appelbaum and harrassement
Date: Wed, 15 Jun 2016 14:53:35 +0200
From: Nicolas Dandrimont <olasd@debian.org>
To: Mehdi Dogguy <leader@debian.org>
CC: debian-private@lists.debian.org

[snip]
* Mehdi Dogguy <leader@debian.org> [2016-06-15 13:48:53 +0200]:
> In the meantime, we believe that the most urgent thing to do is to > make sure that Debian as a community is safe for its contributors, and > able to deal with people who abuse or manipulate, regardless of who > they are, whether it happens online or at Debian events.
Agreed.
> Over time, Debian has published clear statements of what our > contributors can expect from the community: the Diversity Statement > [1], and the Code of Conduct [2], have been ratified in General > Resolutions. DebConf events have an additional Code of Conduct that > attendees are expected to uphold [3]. > > [1] https://www.debian.org/intro/diversity > [2] https://www.debian.org/code_of_conduct > [3] http://debconf.org/codeofconduct.shtml > > Note that these documents alone can only set expectations, but do not > help if somebody fails to meet them.
Apart from the DebConf code of conduct which has some provisions for actions, I do agree that we're sorely lacking a process for "escalation".
> Abuse and manipulation do happen, sometimes even unconsciously, and are hard > to detect. When a member of our community feels discomfort or worse, they > need to be heard and understood. Not everyone is a good listener, especially > with someone they do not know well. Make sure you and people around you have > at least two people you can safely talk to when something goes wrong.
I had to do a double take on this paragraph, and I still can't believe what I'm reading. Let's suppose I'm a newcomer in the project. Who should those two people be? With my outreach team hat on, and in the context of having encouraged around twenty newcomers coming to the next big Debian event, I feel very uncomfortable with that response. Should the message we are sending be that "yep, if you're talking to someone one on one, it's your fault"?
> People normally make mistakes, and they need to have a chance to > realise what happened, own up to their mistakes, and take action to > prevent them from happening in the future. Other people need to have a > chance to take action if that does not happen.
You should make very sure that your public interventions on the matter are worded more carefully. We're not talking about mere mistakes here, we're talking about sexual assault, and harassment (sexual or otherwise). Those are things that leave permanent scars on the victims, and can ruin their lives. Not really something you can dismiss with "well, it happens".
If such events happen in our community, I do hope that some of us will have the strength to make the attacker realize that what they did is wrong, help them to make amends and, if that comes to it, help them heal themselves. But, first and foremost, as a community, we need to make very sure that all the community is safe, and that we stand by each other when we need each other. If that means excluding some elements of our community to keep others safe, then we should not be afraid to do it.
> If you want to report any issues, you can contact DAM > <da-manager@debian.org> and the Anti-Harassment team [4] > <antiharassment@debian.org> > > [4] https://wiki.debian.org/AntiHarassment
What is the current status of the anti-harassment team with DebConf being very close and their attention being more than needed for that period?
Bye, -- Nicolas Dandrimont

On a side note, Nicolas Dandrimont asked me to consider his girlfriend for an Outreachy internship. I have regularly made complaints about these conflicts of interest in Debian. Anybody who talks about these conflicts of interest is accused of sexual harassment. When I complain about Dandrimont's girlfriend, I'm doing it for all the other women who missed out on this opportunity.

Notice how Dandrimont asks to be removed from the selection process but he goes on to make comments about the projects and finishes with an offer to help rank the candidates anyway. This is not what it looks like when somebody honestly recuses themself from a decision.

The selection process described by Dandrimont would be no more credible than the investigation at the Tor Project.

Subject: Recusing myself from Outreachy applicant selection decisions, internships funding
Date: Fri, 14 Oct 2016 12:37:46 +0200
From: Nicolas Dandrimont <olasd@debian.org>
To: leader@debian.org, outreach@debian.org
CC: mapreri@debian.org, pocock@debian.org

Hey all,
As of today, the person I'm involved with, Pauline Pommeret, is applying to an Outreachy internship in Debian (on the GPG cleanroom environment project - I don't see her mail on the list archive yet, so something must have gone wrong, but it should arrive soon enough).
To avoid an obvious conflict of interest, I am recusing myself for any decisions regarding applicant selections for this round.
I am of course still happy to serve as a liaison with the Outreachy program administrators, and to forward our applicants to them for general funding when selected, if the money allocated by Debian runs out.
This would especially be relevant, in my opinion, to RTC projects, as I'm not sure at all that we should fund them from Debian money directly. Karen Sandler also told me that one of the Outreachy sponsors was interested in funding interns on Reproducible Builds. All in all, we should be able to have two or three internship slots with Debian only disbursing one.
I'll stay on the outreach@d.o alias for now, but let me know if you need help ranking applicants, and I'll ask DSA to remove me so you can discuss at ease.
Cheers, -- Nicolas Dandrimont

Other Recent Techrights' Posts

Wayland is About Less Choice, About Removing Choices, It's Not About Freedom
IBM insists that it cares about "diversity"
Keeping Things Accessible
Gemini Protocol seems to be growing
Not Much Better Than LLM Slop: Linux Foundation-Funded 'News' Site Writes Linux Foundation 'News', Composed by Linux Foundation Operative, Quoting Linux Foundation Staff
...they get paid (sponsored) to produce this spam. Then they call it "journalism".
Annual Southern California Linux Expo (SCALE 22x) 'Bought' by Microsoft and Microsoft Exceeded Sponsorship Limits by Giving Double the Maximum Permitted Amount
When people get bribed they tend to forget how to utter a simple word: "No."
 
Start X
Just because something is old does not mean it is bad
Slopwatch: Linuxsecurity, Google News Slopfarms, and Linux Journal (LJ)
Today we take a quick look at 3 slopfarms
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 27, 2025
IRC logs for Friday, June 27, 2025
Links 28/06/2025: "CC Signals" Virtue-Signals to Slop Ponzi Schemes, North Korea Aims for Tourism
Links for the day
Links 27/06/2025: International Tensions and Contentions Over Plagiarism Perfumed as "Hey Hi" and "Fair Use"
Links for the day
Gemini Links 27/06/2025: Poetry and Censorship by Social Control Media Centralisation
Links for the day
Links 27/06/2025: Journalists Under Fire and Microsoft Has Serious Slop Problems
Links for the day
X is Dying, But Not XServer/X11. Twitter X.com is Dying.
People or businesses or government officials (and departments) that still rely on Social Control Media are playing Russian Roulette with their future online
Escaping Colonialism (or 'Hegemony') Requires Abandoning GAFAM, Microsoft in Particular
Europe is already in the process of abandoning Microsoft
Microsoft Will Shut Down More Studios This Week, Its Media Operatives Will Tell Lies About the Magnitude of the Shutdowns and Layoffs (They Always Do)
Many people who get counted as "workforce" are "temps" or similar
What Linux Foundation 'Research' is: Paid Marketing
What is Linux Foundation 'Research'?
No, IBM Does Not Care About People With Disabilities
"Aktion T4" did not seem to bother Watson
Microsoft's Financial Problems Mean Shutdowns, Not Just Mass Layoffs
If the original rumour is true, then expect almost 30,000 Microsoft workers to be let go this year
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 26, 2025
IRC logs for Thursday, June 26, 2025
The Netherlands: GNU/Linux Measured at All-Time High
Are any Dutch cities going to announce dumping Microsoft?
Gemini Links 27/06/2025: "Interstitial Existence" and Autocorrect
Links for the day
EPO Examiners Point Out to the Heads of Delegations in the Administrative Council of the EPO That the "AI Policy" of the Office is Illegal
"the Central Staff Committee (CSC) asks the Administrative Council to exert its supervisory role and instruct EPO management to enter into genuine dialogue with the staff representation on the AI Policy, to revise the “Leverage AI” target of 90% AI-automated classification in the SP2028 and to put in place the measures supported by staff in the resolution."
Technical People Need Technical Lawyers
Technical Litigants in Person (LIPs) have many real and concrete advantages
10,000+ Articles in About 20 Months (and How We Got Here)
More bloat does not beget efficiency and "bells and whistles" tend to have a hidden cost
French Cities Dumping Microsoft Because They Recognise Software Freedom, Open Standards, GNU/Linux Autonomy
We hope that more French cities - maybe Paris - will follow Lyon.
Links 26/06/2025: Illegal Kangaroo Court (UPC) Failing Scandinavia, K-Pop Agencies Abuse People
Links for the day
Gemini Links 26/06/2025: AuraGem Twitch Proxy is Back and UI Sluggishness
Links for the day
LWN is a Voice of GAFAM (Through Linux Foundation, Their Front Group or Occupying Force Inside Linux)
remember who the chief editor works for and who sponsors many of the articles
Links 26/06/2025: Noise Pollution Considered High in Europe, Mass Layoffs Next Week in Microsoft Confirmed, Very Large in Scale and Scope
Links for the day
The 'Case' of the Serial Strangler From Microsoft is a Lot of Copypasta (Maybe Also LLM Slop) From the Matthew Garrett 'Case'
5RB deserves to know and the matter shall be properly reported in due course (when the time is right)
EPO Squeezing the Staff - Part II - Office Breaks Rules, Ignores Courts, Defies Justice
False promises everywhere
No, I Don't Want Your Latest XYZ, ThankYouVeryMuch...
Wayland is finally ready?
China Keeps Breaking Into Microsoft Systems, So for True Sovereignty, Nations Wary of China Need to Dump Microsoft
Looking at data from Taiwan (not China) and Maharlika (not Philippines, the king is dead and Spain is out), there are encouraging signs
Linux Journal Wants Ads on Its LLM Slop or Ads as 'Articles'
it's basically another BetaNews
How to Kill a Monopoly
in 10 simple steps
IBM - Like Microsoft - is a Dying Company and Perishing Brand ("AI" is a Lie and Decoy)
"Arvind is cutting costs (layoffs, PIPs, forced RTO, etc...) like crazy. IBM offices are closing all over the place in the US."
"Code of Conduct" Invoked When Fedora and Red Hat Users (Since the 1990s) Don't Want to Use Wayland
That is IBM "DEI"
Mozambique: GNU/Linux Rose From 0.5% Last Year to 3% This Year
what (or how) statCounter is measuring
Microsoft Layoffs Next Week: About 10% to be Laid Off in Microsoft Gaming (2 Days Before Independence Day), About 20%+ of XBox Staff
Microsoft is rapidly collapsing
Next Month Marks 11 Years Since Our In-Depth EPO Coverage
The same is happening to Microsoft right now
Free Software Foundation (FSF) Campaigns Against Vista 11, Adds 4 New Associate Members Per Day
If more people understood the underlying principles, more of them would flock to Free software overnight
Canonical Seems to Have Culled Some Sources of LLM Slop From Planet Ubuntu
It's like "junk food", it's not information
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 25, 2025
IRC logs for Wednesday, June 25, 2025
On "Weak Claims"
For the record, they sent me unjustified threats, repeatedly tried injunctions (censorship)
EPO Squeezing the Staff - Part I - Burnout and Family Health
more exceptional circumstances
This Month's Mail (MX) Server Survey Shows Microsoft at 0.20% "Market Share"
We need to remind people that desktops and laptops decline (in proportion to other client devices) and at the "back end" GNU/Linux is already dominant and has long been dominant
Links 26/06/2025: Filespooler Guide and Learning to Code
Links for the day