08.28.20

Gemini version available ♊︎

Debian Leadership Falsified Harassment Claims in Jacob Appelbaum (of Tor, Wikileaks Etc.) Expulsion

Posted in Debian, Deception at 5:34 pm by Dr. Roy Schestowitz

Reprinted with permission from Daniel Pocock

In 2016, there was an enormous amount of noise about Jacob Appelbaum from the Tor Project and winner of the Henri Nannen Prize for journalism.

An anonymous web site had been set up with allegations of harassment, abuse and rape. Unlike the #MeToo movement, which came later, nobody identified themselves and nobody filed a police complaint. It appears that the site was run by people who live in another country and have no daily contact with Appelbaum. Therefore, many people feel this wasn’t about justice or immediate threats to their safety.

Long discussions took place in the private mailing lists of many free software communities, including Debian. Personally, as a I focus on my employer, clients and family and as there are so many long email discussions in Debian, I don’t follow most of these things. I’ve come to regret that as it is now clear that at least some claims may have been falsified, a serious injustice has transpired and this could have been easily detected.

I don’t wish to discount the experiences of anybody who has been a victim of a crime. However, in the correspondence that was circulated within Debian, the only person who has technically been harassed is Jacob Appelbaum himself. If Appelbaum does have a case to answer then organizations muddying the waters, inventing additional victims, may undermine the stories of real victims.

The Debian Account Managers (DAM) had sent various emails summarizing the situation. I quote one of those:

Subject: Re: What is true and what is false in accusations against Jacob Appelbaum
Date: Sun, 21 Aug 2016 14:32:03 +0200
From: Enrico Zini <enrico@enricozini.org>
To: Debian Private List <debian-private@lists.debian.org>

On Fri, Aug 19, 2016 at 02:33:53PM +0100, Dimitri John Ledkov wrote:

> No, the decision was not made based on those accusations but based on
> Debian's own member contribution / testimonials to the appropriately
> delegated team.

Indeed. I noticed a tendency, when famous people are involved, to put
the celebrity at centre stage and give everyone else nameless walk-on
parts.

In this story, and in Debian especially, there were several players on 
stage. In -private we have read first-person stories by Erinn Clark,
Jérémy Bobbio, and Ximin Luo. In DAM's mailbox we have read stories from
3 more people who are well known and trusted in our community.

... snip ...

Enrico (with input from Joerg and Christoph), as DAM

I had taken comments like that at face value and not looked any deeper. Zini is referring to six “testimonies” in total, three have been hidden and Zini expects us to trust him. Secret evidence is normal in countries like North Korea but it has no place in Debian.

Nonetheless, in 2018 I resigned from some of my activities for Debian due to family circumstances. Later on, I heard that people who knew nothing about my family life and the death of my father had started trying to create gossip. This motivated me to get further away from these people but on the other hand, I became curious about finding the truth in Appelbaum’s case.

I started with the quote above from the DAMs and went looking for the evidence of Erinn Clark, Jérémy Bobbio (Lunar) and Ximin Luo. I found messages from each of these people, which I quote:

From: Ximin Luo <infinity0@debian.org>
Date: 2016:06:15 16:21 +0200

I and several other DDs are also Tor Project members, which is where these
accusations first surfaced. I myself have tried to stay away from the messy
details of the situation, but I do know that some of these other DDs have
personally spoken to some of the accusers, whom they have known as friends in
real life for a while. These accusers are also known and respected within the
infosec community, which is why you will see so many of them voicing opinions
against Jake. It's probably not too hard to deanonymise some of them, if you
tried.

From: Erinn Clark <erinn@debian.org>
Date: Wed, 15 Jun 2016 11:08:32 -0400

+1
I've been much more involved in Tor than Debian for the past 7 years, but I can
personally vouch for at least 3 of anonymous victims (who are known to me).
This is not a state-sponsored attack.

From: Jérémy Bobbio <ltlunar@debian.org>
Date: 15/06/2016, 18:39

I can personally vouch for 2 of the stories on the website. I also have
direct experience of Jake playing with people's boundaries, mine
included since I first met him in Florence four years ago.

--
Lunar
lunar@debian.org
.''`.
: :A :
`. `'`
`-
# apt-get install anarchism

I remembered Zini’s words, “first-hand accounts”, but that is clearly not true. These three emails do not say they are from victims. They are not even witnesses, only acquaintances. They made brief references to stories from a third party. They may all be referring to the same source(s). In four years that have passed, not one of the people referred to has filed a formal complaint, so these scant emails are nothing more than rumours and innuendo.

It appears that all the developers who trusted the analysis of the DAMs have had the wool pulled over our eyes. Zini had taken these three people who heard the story from a friend and told us they were victims with first-hand accounts. We took his word for it. Zini had implied there were at least three victims in the Debian community but there were none.

This deception prompted me to look more closely at the emails that Enrico Zini of the DAM team has been sending on behalf of the Debian community. The message that caught my eye was a message from Zini to the editor of ITWire. Zini is disrespectful to the journalist, Sam Varghese and he is lobbying the editor to try and change an existing news report. Zini uses exactly the same fake victims as part of the justification and he even asserts the DPL quote is correct:

Subject: On coverage of Abbelbaum being "banned" from Debian
Date: Wed, 22 Jun 2016 09:34:50 +0200
From: Enrico Zini <enrico@enricozini.org>
To: andrew.matler@itwire.com

Dear Editor in Chief of iTWire,

you may want to do something about this article by Sam Varghese on
Debian revoking membership of Jacop Appelbaum:

http://www.itwire.com/business-it-news/open-source/73441-appelbaum-banned-from-debian-events-after-sexual-misconduct-charges.html

While the first part is factually correct in its DPL quote, the article
ends with baseless hints of Debian and Tor having fallen victims to
manipulations by GCHQ psyops.

I consider that to be psycological violence[1] against the various well
known people who came out to report abuse, and I wish that news coverage
about this situation could rather contribute to creating a community
that encourages victims of abuse to speak up.

Quoting the DPL again, "In reaching their decision, the Debian Account
Managers took into account the public disclosures from members of the
Tor project and others, and first-hand accounts from members of the
Debian community."

We are not talking about vague rumors spread by a couple of
infiltrators, we are talking about first-person accounts provided by
well known and respected members of both communities, with a track
record of contributions of many years.

These people who had the guts to speak up deserve credit and respect,
and the article published on your site gives them none.

[1] https://en.wikipedia.org/wiki/Gaslighting

Regards,

Enrico

Enrico Zini, Debian, Falsified harassment claims, Jacob Appelbaum, Perjury

Enrico Zini, DebConf18, Taiwan

The Debian Project Leader (DPL) had copied the same words from Zini and used them in statements distributed to the press. I couldn’t help wondering: if the illusion of victims in Debian hadn’t been conjured up by Zini, Debian never would have made a public attack on Appelbaum.

Looking through the web, I was able to quickly find a range of news articles mentioning the first-hand accounts or Debian’s expulsion of Appelbaum. Each of these journalists and editors had been deceived by Zini too, with staggering consequences for Appelbaum.

Here are some of them using the exact same words:

  • ITWire – published the quote
  • Daily Dot – mentions “first-hand accounts”
  • The Verge – uses the phrase “first-hand accounts”

All the largest media outlets, including respected names such as The Guardian, NY Times, Wired and Washington Post had mentioned the story in one way or another. The ferocity with which accusations were spread and elaborated by people like Zini may well have contributed to this extraordinary impact.

While this looks like an incredibly serious deception, I still wanted to give Zini the benefit of the doubt and consider the possibility that this was an act of gross incompetence and not a deliberate lie. How can we reliably distinguish one from the other?

The first thing that makes me consider this was no accident is that the publicity didn’t occur in January after the New Year’s Eve party. A more thoroughly researched piece by Die Zeit notes the Tor Project supervisory board elections were imminent at the time of the accusations in June. This provides a clear motive for rivals seeking Appelbaum’s position. The second major consideration is that Erinn Clark, one of the not-victims quoted above, was lobbying for Debian to make a public attack on Appelbaum. That is cronyism, Erinn Clark had a clear conflict of interest arguing for public revenge on behalf of a personal friend. Nevertheless, Debian’s leader was pursuaded by Clark and others to make a damaging public attack on Appelbaum, including a reference to the fake victims. Thirdly, one of the three people had tried to correct Zini, but Zini never made any effort to correct the communications after this:

From: Ximin Luo <infinity0@debian.org>
Date: 21/08/2016, 17:31

... snip ...

To nitpick, I did not submit a "first-person" story about Jake. I said that the
accusations were from credible people and not anonymous sources or government
agents.

... snip ...

Zini’s mistake was no typo.

People’s lives are destroyed by vendettas like this and Debian has recklessly amplified them. The DAMs and other people who were appointed to consider such matters appear to take it no more seriously than running a WhatsApp group or a multi-user role-playing game. To this day, the falsified references to fake victims remain in the debian-private list archives accessible to all volunteers. Many newspaper editors would be keen to remove such statements and publish retractions but Zini has pursued a competing goal, lobbying them to make their reporting more adverse to Appelbaum, as the email to ITWire demonstrates.

Two years after the Appelbaum events, Zini gave a talk at DebConf18, Multiple People, where he comes out about his move into the queer space. That is not such a big world. Appelbaum, the accused, also explains that he identifies as queer: there is real concern that Zini may have had conflicts of interest with people who were mutual acquaintances of Appelbaum. According to the anonymous claim of rape published against Appelbaum under the pseudonym River, the victim was unconscious and woke to find she was not alone with Appelbaum: other people were in the room watching. If that assault really happened, with an audience from this inner circle of infosec specialists, how many of the people were from Debian? Was Zini in that room himself? If they saw this happening with an unconscious victim, why didn’t they intervene?

Whenever I’ve asked about conflicts of interests in Open Source projects, people have responded unprofessionally, denouncing the questions as harassment with almost the same ferocity that they threw at Jacob Appelbaum. People have tried to ridicule these basic ethical concerns as mere conspiracy theories. In the worst cases, some people threatened never to talk to me again. That would be very convenient: helping me identify the remaining members of the Debian community who do have some integrity.

Open Source organizations have taken to vague and overgeneralized Codes of Conduct that say little about these issues, the Debian Code of Conduct being a typical example. Compare that to the Association for Computing Machinery (ACM) Code of Ethics, where point 1.3 makes it unambiguous:

Computing professionals should be honest about their qualifications, and about any limitations in their competence to complete a task. Computing professionals should be forthright about any circumstances that might lead to either real or perceived conflicts of interest or otherwise tend to undermine the independence of their judgment.

On the contrary, Zini did not have the competence to investigate a serious crime but he may have had multiple conflicts of interest.

Linux Australia had taken a more moderate approach than Debian, anouncing on 22 June 2016 they would wait for the matter to become clearer before any decision about Appelbaum’s participation in events down under. They were persuaded to change their minds, either they were threatened like me or subject to a subversive lobbying campaign, similar to Zini’s attempt to corrupt IT Wire’s reporting. Barely eight days later, on 1 July 2016, they came out with a statement saying that Appelbaum would be banned from future events.

The attack statements from all of these organizations include monotonous texts about Codes of Conduct. None of them comment on how potential victims can seek support from people qualified to assist victims of crime. None of them remind people that the accused is innocent until proven guilty by a competent tribunal.

If I hadn’t already resigned from my role in Debian, I would do so now. It is completely inexcusable that people in leadership positions can set up a kangaroo court, falsify evidence and hide their conflicts of interest when dealing with such a serious matter.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

DecorWhat Else is New


  1. Links 17/1/2022: More Microsoft-Connected FUD Against Linux as Its Share Continues to Fall

    Links for the day



  2. The GUI Challenge

    The latest article from Andy concerns the Command Line Challenge



  3. Links 17/1/2022: digiKam 7.5.0 and GhostBSD 22.01.12 Released

    Links for the day



  4. IRC Proceedings: Sunday, January 16, 2022

    IRC logs for Sunday, January 16, 2022



  5. Links 17/1/2022: postmarketOS 21.12 Service Pack 1 and Mumble 1.4 Released

    Links for the day



  6. [Meme] Gemini Space (or Geminispace): From 441 Working Capsules to 1,600 Working Capsules in Just 12 Months

    Gemini space now boasts 1,600 working capsules, a massive growth compared to last January, as we noted the other day (1,600 is now official)



  7. [Meme] European Patent Office Space

    The EPO maintains a culture of illegal surveillance, inherited from Benoît Battistelli and taken to a whole new level by António Campinos



  8. Gemini Rings (Like Webrings) and Shared Spaces in Geminspace

    Much like the Web of 20+ years ago, Gemini lets online communities — real communities (not abused tenants, groomed to be ‘monetised’ like in Facebook or Flickr) — form networks, guilds, and rings



  9. Links 16/1/2022: Latte Dock 0.11 and librest 0.9.0

    Links for the day



  10. The Corporate Cabal (and Spy Agencies-Enabled Monopolies) Engages in Raiding of the Free Software Community and Hacker Culture

    In an overt attack on the people who actually did all the work — the geeks who built excellent software to be gradually privatised through the Linux Foundation (a sort of price-fixing and openwashing cartel for shared interests of proprietary software firms) — is receiving more widespread condemnation; even the OSI has been bribed to become a part-time Microsoft outsourcer as organisations are easier to corrupt than communities



  11. EPO's Web Site Constantly Spammed by Lies About Privacy While EPO Breaks the Law and Outsources Data to the United States

    The António Campinos-led EPO works for imperialism, it not only protects the rich; sadly, António’s father isn’t alive anymore and surely he would blast his son for doing what he does to progress his career while lying to staff and European citizens



  12. Links 16/1/2022: Tsunami and Patents

    Links for the day



  13. IRC Proceedings: Saturday, January 15, 2022

    IRC logs for Saturday, January 15, 2022



  14. Links 16/1/2022: Year of the GNU/Linux Desktop and Catch-up With Patent Misinformation

    Links for the day



  15. Patrick Breyer, Unlike Most German Politicians, Highlights the Fact That Unified Patent Court (UPC) and Unitary Patent Are Incompatible With EU Law

    A longtime critic of EPO abuses (under both Benoît Battistelli and António Campinos leadership), as well as a vocal critic of software patents, steps in to point out the very obvious



  16. Links 15/1/2022: Flameshot 11.0 and Libvirt 8.0

    Links for the day



  17. Blogging and Microblogging in Geminispace With Gemini Protocol

    Writing one’s thoughts and other things in Geminispace — even without setting up a Gemini server — is totally possible; gateways and services do exist for this purpose



  18. Links 15/1/2022: Raspberry Pi in Business

    Links for the day



  19. IRC Proceedings: Friday, January 14, 2022

    IRC logs for Friday, January 14, 2022



  20. Gemini Clients: Comparing Moonlander, Telescope, Amfora, Kristall, and Lagrange (Newer and Older)

    There are many independent implementations of clients (similar to Web browsers) that deal with Gemini protocol and today we compare them visually, using Techrights as a test case/capsule



  21. 2022 Starts With Censorship of Christmas and Other Greetings at the EPO

    The nihilists who run the EPO want a monopoly on holiday greetings; to make matters worse, they’re censoring staff representatives in their intranet whilst inconsistently applying said policies



  22. Links 14/1/2022: FFmpeg 5.0 and Wine 7.0 RC6

    Links for the day



  23. White House Asking Proprietary Software Companies That Add NSA Back Doors About Their Views on 'Open Source' Security

    The US government wants us to think that in order to tackle security issues we need to reach out to the collective 'wisdom' of the very culprits who created the security mess in the first place (even by intention, for imperialistic objectives)



  24. Links 14/1/2022: EasyOS 3.2.1 and Qt 6.3 Alpha

    Links for the day



  25. Scientific Excellence and the Debian Social Contract

    The Debian Project turns 30 next year; in spite of it being so ubiquitous (most of the important distros of GNU/Linux are based on Debian) it is suffering growing pains and some of that boils down to corporate cash and toxic, deeply divisive politics



  26. Links 14/1/2022: openSUSE Leap 15.2 EoL, VFX Designers Are Using GNU/Linux

    Links for the day



  27. IRC Proceedings: Thursday, January 13, 2022

    IRC logs for Thursday, January 13, 2022



  28. 2022 Commences With Microsoft-Themed (and Microsoft-Connected) FUD Against GNU/Linux

    A psychopathic Microsoft, aided by operatives inside the mainstream and so-called 'tech' media, keeps spreading old and invalid stigma about "Linux" and Free software; few people still bother responding to these fact-free FUD campaigns, which boil down to ‘perception management’ PR/propaganda



  29. Between January 2021 and January 2022 the Number of Active Gemini Capsules Nearly Quadrupled Based on Publicly-Available Catalogue of Capsules

    Geminispace has grown to about 2,000 known capsules and 1,600 of them are active, permanently online, fully accessible; in January last year these numbers were about 4 times smaller



  30. Links 13/1/2022: NetworkManager 1.34 and Everett 3.0.0

    Links for the day


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts