Bonum Certa Men Certa

Debian Leadership Falsified Harassment Claims in Jacob Appelbaum (of Tor, Wikileaks Etc.) Expulsion

Reprinted with permission from Daniel Pocock

In 2016, there was an enormous amount of noise about Jacob Appelbaum from the Tor Project and winner of the Henri Nannen Prize for journalism.



An anonymous web site had been set up with allegations of harassment, abuse and rape. Unlike the #MeToo movement, which came later, nobody identified themselves and nobody filed a police complaint. It appears that the site was run by people who live in another country and have no daily contact with Appelbaum. Therefore, many people feel this wasn't about justice or immediate threats to their safety.



Long discussions took place in the private mailing lists of many free software communities, including Debian. Personally, as a I focus on my employer, clients and family and as there are so many long email discussions in Debian, I don't follow most of these things. I've come to regret that as it is now clear that at least some claims may have been falsified, a serious injustice has transpired and this could have been easily detected.



I don't wish to discount the experiences of anybody who has been a victim of a crime. However, in the correspondence that was circulated within Debian, the only person who has technically been harassed is Jacob Appelbaum himself. If Appelbaum does have a case to answer then organizations muddying the waters, inventing additional victims, may undermine the stories of real victims.



The Debian Account Managers (DAM) had sent various emails summarizing the situation. I quote one of those:



Subject: Re: What is true and what is false in accusations against Jacob Appelbaum
Date: Sun, 21 Aug 2016 14:32:03 +0200
From: Enrico Zini <enrico@enricozini.org>
To: Debian Private List <debian-private@lists.debian.org>



On Fri, Aug 19, 2016 at 02:33:53PM +0100, Dimitri John Ledkov wrote:

> No, the decision was not made based on those accusations but based on > Debian's own member contribution / testimonials to the appropriately > delegated team.

Indeed. I noticed a tendency, when famous people are involved, to put the celebrity at centre stage and give everyone else nameless walk-on parts.

In this story, and in Debian especially, there were several players on stage. In -private we have read first-person stories by Erinn Clark, Jérémy Bobbio, and Ximin Luo. In DAM's mailbox we have read stories from 3 more people who are well known and trusted in our community.

... snip ...

Enrico (with input from Joerg and Christoph), as DAM


I had taken comments like that at face value and not looked any deeper. Zini is referring to six "testimonies" in total, three have been hidden and Zini expects us to trust him. Secret evidence is normal in countries like North Korea but it has no place in Debian.



Nonetheless, in 2018 I resigned from some of my activities for Debian due to family circumstances. Later on, I heard that people who knew nothing about my family life and the death of my father had started trying to create gossip. This motivated me to get further away from these people but on the other hand, I became curious about finding the truth in Appelbaum's case.



I started with the quote above from the DAMs and went looking for the evidence of Erinn Clark, Jérémy Bobbio (Lunar) and Ximin Luo. I found messages from each of these people, which I quote:



From: Ximin Luo <infinity0@debian.org>
Date: 2016:06:15 16:21 +0200



I and several other DDs are also Tor Project members, which is where these accusations first surfaced. I myself have tried to stay away from the messy details of the situation, but I do know that some of these other DDs have personally spoken to some of the accusers, whom they have known as friends in real life for a while. These accusers are also known and respected within the infosec community, which is why you will see so many of them voicing opinions against Jake. It's probably not too hard to deanonymise some of them, if you tried.



From: Erinn Clark <erinn@debian.org>
Date: Wed, 15 Jun 2016 11:08:32 -0400



+1 I've been much more involved in Tor than Debian for the past 7 years, but I can personally vouch for at least 3 of anonymous victims (who are known to me). This is not a state-sponsored attack.



From: Jérémy Bobbio <ltlunar@debian.org>
Date: 15/06/2016, 18:39



I can personally vouch for 2 of the stories on the website. I also have direct experience of Jake playing with people's boundaries, mine included since I first met him in Florence four years ago.

-- Lunar lunar@debian.org .''`. : :A : `. `'` `- # apt-get install anarchism


I remembered Zini's words, "first-hand accounts", but that is clearly not true. These three emails do not say they are from victims. They are not even witnesses, only acquaintances. They made brief references to stories from a third party. They may all be referring to the same source(s). In four years that have passed, not one of the people referred to has filed a formal complaint, so these scant emails are nothing more than rumours and innuendo.



It appears that all the developers who trusted the analysis of the DAMs have had the wool pulled over our eyes. Zini had taken these three people who heard the story from a friend and told us they were victims with first-hand accounts. We took his word for it. Zini had implied there were at least three victims in the Debian community but there were none.



This deception prompted me to look more closely at the emails that Enrico Zini of the DAM team has been sending on behalf of the Debian community. The message that caught my eye was a message from Zini to the editor of ITWire. Zini is disrespectful to the journalist, Sam Varghese and he is lobbying the editor to try and change an existing news report. Zini uses exactly the same fake victims as part of the justification and he even asserts the DPL quote is correct:



Subject: On coverage of Abbelbaum being "banned" from Debian
Date: Wed, 22 Jun 2016 09:34:50 +0200
From: Enrico Zini <enrico@enricozini.org>
To: andrew.matler@itwire.com



Dear Editor in Chief of iTWire,

you may want to do something about this article by Sam Varghese on Debian revoking membership of Jacop Appelbaum: http://www.itwire.com/business-it-news/open-source/73441-appelbaum-banned-from-debian-events-after-sexual-misconduct-charges.html

While the first part is factually correct in its DPL quote, the article ends with baseless hints of Debian and Tor having fallen victims to manipulations by GCHQ psyops.

I consider that to be psycological violence[1] against the various well known people who came out to report abuse, and I wish that news coverage about this situation could rather contribute to creating a community that encourages victims of abuse to speak up.

Quoting the DPL again, "In reaching their decision, the Debian Account Managers took into account the public disclosures from members of the Tor project and others, and first-hand accounts from members of the Debian community."

We are not talking about vague rumors spread by a couple of infiltrators, we are talking about first-person accounts provided by well known and respected members of both communities, with a track record of contributions of many years.

These people who had the guts to speak up deserve credit and respect, and the article published on your site gives them none.

[1] https://en.wikipedia.org/wiki/Gaslighting

Regards,

Enrico


Enrico Zini, Debian, Falsified harassment claims, Jacob Appelbaum, Perjury

Enrico Zini, DebConf18, Taiwan



The Debian Project Leader (DPL) had copied the same words from Zini and used them in statements distributed to the press. I couldn't help wondering: if the illusion of victims in Debian hadn't been conjured up by Zini, Debian never would have made a public attack on Appelbaum.



Looking through the web, I was able to quickly find a range of news articles mentioning the first-hand accounts or Debian's expulsion of Appelbaum. Each of these journalists and editors had been deceived by Zini too, with staggering consequences for Appelbaum.



Here are some of them using the exact same words:





All the largest media outlets, including respected names such as The Guardian, NY Times, Wired and Washington Post had mentioned the story in one way or another. The ferocity with which accusations were spread and elaborated by people like Zini may well have contributed to this extraordinary impact.



While this looks like an incredibly serious deception, I still wanted to give Zini the benefit of the doubt and consider the possibility that this was an act of gross incompetence and not a deliberate lie. How can we reliably distinguish one from the other?



The first thing that makes me consider this was no accident is that the publicity didn't occur in January after the New Year's Eve party. A more thoroughly researched piece by Die Zeit notes the Tor Project supervisory board elections were imminent at the time of the accusations in June. This provides a clear motive for rivals seeking Appelbaum's position. The second major consideration is that Erinn Clark, one of the not-victims quoted above, was lobbying for Debian to make a public attack on Appelbaum. That is cronyism, Erinn Clark had a clear conflict of interest arguing for public revenge on behalf of a personal friend. Nevertheless, Debian's leader was pursuaded by Clark and others to make a damaging public attack on Appelbaum, including a reference to the fake victims. Thirdly, one of the three people had tried to correct Zini, but Zini never made any effort to correct the communications after this:



From: Ximin Luo <infinity0@debian.org>
Date: 21/08/2016, 17:31



... snip ...

To nitpick, I did not submit a "first-person" story about Jake. I said that the accusations were from credible people and not anonymous sources or government agents.

... snip ...


Zini's mistake was no typo.



People's lives are destroyed by vendettas like this and Debian has recklessly amplified them. The DAMs and other people who were appointed to consider such matters appear to take it no more seriously than running a WhatsApp group or a multi-user role-playing game. To this day, the falsified references to fake victims remain in the debian-private list archives accessible to all volunteers. Many newspaper editors would be keen to remove such statements and publish retractions but Zini has pursued a competing goal, lobbying them to make their reporting more adverse to Appelbaum, as the email to ITWire demonstrates.



Two years after the Appelbaum events, Zini gave a talk at DebConf18, Multiple People, where he comes out about his move into the queer space. That is not such a big world. Appelbaum, the accused, also explains that he identifies as queer: there is real concern that Zini may have had conflicts of interest with people who were mutual acquaintances of Appelbaum. According to the anonymous claim of rape published against Appelbaum under the pseudonym River, the victim was unconscious and woke to find she was not alone with Appelbaum: other people were in the room watching. If that assault really happened, with an audience from this inner circle of infosec specialists, how many of the people were from Debian? Was Zini in that room himself? If they saw this happening with an unconscious victim, why didn't they intervene?



Whenever I've asked about conflicts of interests in Open Source projects, people have responded unprofessionally, denouncing the questions as harassment with almost the same ferocity that they threw at Jacob Appelbaum. People have tried to ridicule these basic ethical concerns as mere conspiracy theories. In the worst cases, some people threatened never to talk to me again. That would be very convenient: helping me identify the remaining members of the Debian community who do have some integrity.



Open Source organizations have taken to vague and overgeneralized Codes of Conduct that say little about these issues, the Debian Code of Conduct being a typical example. Compare that to the Association for Computing Machinery (ACM) Code of Ethics, where point 1.3 makes it unambiguous:



Computing professionals should be honest about their qualifications, and about any limitations in their competence to complete a task. Computing professionals should be forthright about any circumstances that might lead to either real or perceived conflicts of interest or otherwise tend to undermine the independence of their judgment.


On the contrary, Zini did not have the competence to investigate a serious crime but he may have had multiple conflicts of interest.



Linux Australia had taken a more moderate approach than Debian, anouncing on 22 June 2016 they would wait for the matter to become clearer before any decision about Appelbaum's participation in events down under. They were persuaded to change their minds, either they were threatened like me or subject to a subversive lobbying campaign, similar to Zini's attempt to corrupt IT Wire's reporting. Barely eight days later, on 1 July 2016, they came out with a statement saying that Appelbaum would be banned from future events.



The attack statements from all of these organizations include monotonous texts about Codes of Conduct. None of them comment on how potential victims can seek support from people qualified to assist victims of crime. None of them remind people that the accused is innocent until proven guilty by a competent tribunal.



If I hadn't already resigned from my role in Debian, I would do so now. It is completely inexcusable that people in leadership positions can set up a kangaroo court, falsify evidence and hide their conflicts of interest when dealing with such a serious matter.

Recent Techrights' Posts

For the First Time in a Month OSI's "OpenSource.org" Blogs and It's Basically a Microsoft Blog Post (Microsoft Controls OSI)
For the first time in a month OSI writes something and it is Microsoft propaganda composed by a Microsoft-salaried operative
Microsoft, Already Borrowing 3 Billion Dollars a Month, is Trying to Cause Many People to Resign
MSN (i.e. Microsoft) and others openly admit it
They Want Activists to Just Barely Walk and Eat, Not Do Activism Anymore
It's sort of like the ending of '1984'
Non-Free JavaScript Programs in Banks Aren't Even the Biggest Problem
Technology was supposed to make life easier; in practice, however, for most of us the opposite effect can be observed
IBM is Obliterating Fedora
"Fedora releases were shipping with an increasing number of bugs on launch day even while I was using it for a several year stretch."
 
Links 07/08/2025: US Punishes India Instead of Russia, Attacks Law Firms to Prevent Scrutiny
Links for the day
Read Us in Geminispace as Well
it's definitely a lot simpler than using a Web browser
Once a Site About BSD and GNU/Linux, and After Months of Silence, LinuxBSDos.com Comes Back Only as a Slopfarm
very frustrating
Links 07/08/2025: Hardware Wars, Mass Recall of Colgate Total Clean Mint, More Microsoft Holes Found
Links for the day
Gemini Links 07/08/2025: "Right To Manage" and LoRa Analysis
Links for the day
GAFAM 'Says' is Front Page "News"
The point of journalism is to check and assess facts, not parrot what people and companies merely claim
Links 07/08/2025: Apple Makes False Promises, More Trouble for Microsoft
Links for the day
OSS Didn't Always Mean Open Source Software
"oligarchs all the way down"
The Register MS Does More Microsoft Sez or GitHub Sez (Says) Pieces
60 minutes ago
Quit Perpetuating the Narrative of Gemini Protocol 'Dying' (It's False)
The "whisper campaign" against Gemini Protocol
Criticising Social Control Media in Social Control Media
Many people are quitting Social Control Media (fewer of them announce this in public)
Slopfarms Are Typically Fake News
Slopfarms typically relay falsehoods
Gemini Links 06/08/2025: Replacing a Pocket Watch and Buying in Bulk
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, August 06, 2025
IRC logs for Wednesday, August 06, 2025
August Hits Microsoft Hard: Dead Divisions, Dead Products, Layoffs Again (on Week 1)
Microsoft's debt is soaring
Slopwatch: Slow Day for LLM Slop, Serial Sloppers Still at It in Their Slopfarms
The Web would be better off if those sites went offline
Red Hat Layoffs Expected in 5 Days (Monday)
"They will announce and proceed with the cuts on 08/11."
Links 06/08/2025: Substack in Trouble, Slop Sceptic Shira Perlmutter Seeks Emergency Injunction Pending Appeal
Links for the day
Gemini Links 06/08/2025: Pinephone, Reverse-Engineering, and More
Links for the day
Links 06/08/2025: Faked Values of Slop Companies and Government Bailouts
Links for the day
FOSSY 2025 Conference Safety
The GAFAM-funded FOSSY 2025 is over
Microsoft's Favourite Pay-to-Say 'Analyst' Firm Has Just Collapsed
'Analysts' that helped propel Microsoft to fictional values akin to Ponzi schemes
Ask Google (Jeeves)
What does Google "know", not know, or would rather forget (or embellish)?
They Want You To Talk About Trump or 'The Other Bill' in Relation to Trafficking of Underage Girls for Sexual Exploitation
Just something we wanted to say...
How to Quadruple Your "Goodwill" Value and Grow Your (Wall) Street "Value" From $152B to $4000B Without Producing a Single Successful Product/Service
The longer it goes on for, the bigger the implosion will be
Staying Productive
Two very reputable institutions recently told us they now reckon Microsoft is somehow funding those SLAPPs against us
A Blow for Patent Ambitions of Bill Epsteingate
It's about money
66 Countries Where More People Use iPhones (or iPads) Than Microsoft Windows, According to statCounter Data
a list of countries where iOS now exceeds Windows
Apple's iOS Bigger Than Microsoft Windows in Many Countries
This ought to alarm Microsoft
The Mainstream Media Talks About Spotify Share Price and Price Hikes, Not Its Debt Increasing by About 33% in Just 12 Months
Spotify isn't a company in good shape
New "US Editor for The Register" is 80% Microsoft and Windows
they typically just treat Microsoft like the "Holy Grail" of "IT"
Microsoft is Apparently Sending Gag Orders or NDAs to Staff That Got Laid Off (“We were told not to post on LinkedIn. Not to say anything.”)
The main lies we keep seeing
Richard M. Stallman Has Published AI Memos Since 1980 (45 Years Ago)
Back when the term AI actually meant something
Gemini Links 06/08/2025: BitTorrent and Feedly Bots
Links for the day
Windows All-Time Lows, Android All-Time Highs in Kuwait
New lows for Windows can be found in many countries this month
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, August 05, 2025
IRC logs for Tuesday, August 05, 2025
Openwashing Slop... Using Slop!
So get ready for "open" "hey hi" with its proprietary models to engage in openwashing, helped by serial sloppers who use the LLMs to produce fake 'articles'.
On "Tragedy of the Commons in the Production of Digital Artifacts"
There's a better way to do things. None of that should involve GAFAM.
Gemini Links 05/08/2025: Opel Zoo near Frankfurt and Alhena 5.2.5
Links for the day
The Inflammatory Influence of Social Control Media Giants
CPC's ByteDance says it's cool
Microsoft v Planet Earth
Is Microsoft profitable?
IRC Turns 37
Internet Relay Chat (short: IRC), which started in 1988, turns 37 this month
Shortly After a Microsofter Took Over The Register as Editor in Chief Microsoft Tim (Tim Anderson) is Back and It's Still Microsoft Propaganda, Sometimes Funded by Microsoft
Notice his focus
Stricter Enforcement of Worker Adjustment and Retraining Notification (WARN) Act is Sorely Needed
Who's keeping track anyway?
Calling Plagiarism "Intelligence" is Pure Genius, Brilliance!
One thing to "like" (or dislike) about LLMs is how they're falsely marketed using various buzzwords
Geminispace Promises Simplicity But Also Provides a "bunch of forums that get flood-filled by agitation against the very essence of Gemini itself"
claims of stagnation in Geminispace started because of a person who spent a long time agitating against GNU/Linux as well
Zimbabweans Aren't Into Windows or Microsoft
This cannot be good news for GAFAM
Microsoft's Washington Layoffs Aren't Everything, They're Definitely Not Happening in Just One State in the US
Washington is just more strict with WARN notices
Gemini Links 05/08/2025: Lagrange v1.18.6, No Stagnation in Geminispace, and Fake Coding (Slop)
Links for the day
The Register's Editor in Chief (Who Left for Google) Told Me "AI" Was a Bubble, But Now The Register Gets Paid to Participate in Inflating This Bubble
A lot of the online media is a scam
The Register is Desperate for Money, According to The Register
I decided to check how they're doing as a business
Some Cola Formulas Aren't Secret, But the Barrier is the Branding
That's the power of the channel/distribution, marketing, and brand recognition (accomplished through endless marketing)
Introducing Mission:Libre and FreeXR (and BreakXR)
efforts that accompany the foundations put there by the Free Software Foundation in 1985
Slopwatch: WebProNews, LinuxSecurity, and Some Success Stories
Google News still has a slopfarm issue
Links 05/08/2025: Hey Hi (AI) Passing Fads and GAFAM "Embracing the Military"
Links for the day
Links 05/08/2025: Samsung and Microsoft Layoffs
Links for the day
Rumours of Mass Layoffs at Red Hat Next Week (August 11th, 2025)
The eleventh means next Monday
IBM is Shutting Down (Piecewise)
IBM is basically being liquidated
The Debian Language Police Department (PD)
"there has never been complaints about anyone that was offended by this -off package"
Tesla's Debt More Than Doubled in 2 Years and the Company Will Operate in the Red (at a Loss) Quite Soon
If your first-quarter net income is $409 million and you borrow billions from banks, plus interest to pay on those loans, then you're not far from returning to losses
When The Register MS Says "Linux Backdoor" It Actually Talks About Malware
The leading story in The Register US/MS this morning is Microsoft
Microsoft Windows Fell to 19% "Market Share" in Montenegro
Microsoft must be well aware of this trend
Why We Also Include Gopher Links in Our Gemini (Protocol) Links
There are still many people who use Gopher to relay their messages (like blog posts). They're mostly technical people.
Shouting is an Indication of a Lack of Convincing Argument
Beware what they are attempting to distract from
Mongolia: Microsoft Windows at All-Time Low
in 2009 when Windows was at 99.45% in Mongolia the company was "worth" less than 200 billion dollars
About a Quarter of Today's "linux" News in Google News Came From One Domain and It's a Slopfarm
Not kidding!
Gemini Links 05/08/2025: Zombie Threat and Switching to NixOS
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, August 04, 2025
IRC logs for Monday, August 04, 2025
ChatGPT in Trouble
Watch out for the newer buzzwords
The Register MS Links to the Wrong statCounter Page
They link to older data
Dr. Andy Farnell Explains How Google Turned From "Librarian" Into "Oracle", Telling Us What to Think Instead of Where to Look
Google was always a lousy librarian
Microsoft Layoffs Continue in August 2025
If Microsoft is doing so well, how come about 10 rounds of layoffs in about 7 months in 2025?