Bonum Certa Men Certa

Sexual harassment: Nicolas Dandrimont & Debian Account Managers collective gullibility on Jacob Appelbaum

posted by Roy Schestowitz on Mar 13, 2024

Reprinted with permission from Daniel Pocock.

I previously wrote a high level overview of how Debian falsified harassment statements against Jacob Appelbaum.

Now it is time to look at the detail. Here is an exchange between Mehdi Dogguy and Nicolas Dandrimont. Dogguy was Debian Project Leader, Dandrimont has become a member of the Debian Account Managers team.

The key thing to note here is they are simply cutting and pasting smears about harassment from the Tor Project. The smears they are cutting-and-pasting do not come from real police or a court.

The Tor Project claims they hired an independent investigator. What qualifies somebody to be an investigator?

When claims were made about Jeffrey Epstein visiting MIT, the MIT management hired the law firm Goodwin Proctor to conduct the investigation. They told everybody that Goodwin Proctor was doing this work. People could bypass MIT and give reports directly to the lawyers. At the end of this process, MIT published the full report and the names of those who worked on the investigation.

Every step taken at the Tor Project was the opposite of the process followed by MIT. Their statement does not give any link to the report itself. Their statement does not identify the name of the investigator, the name of their firm or their credentials. This comment from Sheri Steel, the Tor Project leader stands out:

The investigator worked closely with me and our attorneys

In other words, it appears that the investigator was not able to work independently. If the name of the investigator was never made public, how could volunteers go around Miss Steel and speak to the investigator directly?

The Tor Project is using an address in New Hampshire, US, a jurisdiction that is well known for its attitude to freedom and deregulation. Here is an article about the qualifications of private investigators in New Hampshire. Notice in particular that NH accepts the registration of investigators who have been dishonorably discharged from the military and other police forces. There are no checks on the financial credibility or mental health of licensed investigators. The investigator could be anybody from an ex-fireman to an undercover mall cop.

The report from Tor Project is therefore only as good as the person who wrote it and what they were paid. If the investigator was in a weak financial position, they may have felt immense pressure to write a report that tells their client what the paymaster wants to hear. That is almost always the path of least resistance.

Large professional law firms would not put their name on a report like this.

According to a detailed report in German magazine Die Zeit, the claims against Appelbaum concern incidents at his apartment in Berlin. Under German criminal law, if Miss Steele or any other person who attended the party visit a police station and sign a complaint, the police have a mandatory obligation to investigate the matter. An investigation by the police is impartial and you do not have to pay them to do it. According to German law, every crime reported to the prosecutor must be recorded in writing by the public officials. In other words, if any woman had a genuine complaint against Dr Appelbaum, the prosecutor can not refuse to open a case. The nature of German civil code (StPO) is absolutely clear, the prosecutor is obliged to listen to every woman and investigate every single complaint.

The prosecutor does not charge victims a fee for making an investigation. This raises another question, why would any victim choose to give payment to an anonymous New Hampshire mall cop when they can use an impartial German state prosecutor for free?

Due to the nature of abuse, many genuine victims have great difficulty in coming forward to report a crime. For childhood abuse victims, it takes an average of 30 years for victims to come forward. Yet once a victim has decided to speak, if they have the courage to speak to a private investigator, why would they not speak to the police?

In every case, a police report can be more thorough, more credible and they can use their powers to protect genuine victims from further abuse.

If any woman was really in danger, if Tor Project genuinely cared about protecting women in future, why would they not use the criminal procedure?

Many of us put our trust in free, open source software for a whole range of critical services from the banking industry to nuclear plants. Users of Tor Project include activists in dangerous parts of the world who may be subjected to severe punishments, even execution, if they are caught communicating on the Internet. These people are trusting Tor and other open source software with their lives. Yet if we can't trust the people who make Debian and Tor, how can we trust the software?

If you are submitting an article to a peer-reviewed academic journal, you need to identify your sources, their names and the papers they published. The Debian Account Managers do none of those things, they cut-and-paste words from a blog about an anonymous source and accepted it all as truth. Given their role in the Debian Project, it is scary how they could be so gullible to fall for something like this.

Notice how Mehdi Dogguy wrote a statement that did not include references to sexual activity, see the title of the message, it is simply "Jacob Appelbaum and harrassement". The original paragraph used the word "abuse" without any qualification. Nicolas Dandrimont strongly insists on inserting the word sexual as a prefix to both those words. Such statements are a hideous defamation and can not be used without evidence.

Subject: Re: Jacob Appelbaum and harrassement
Date: Wed, 15 Jun 2016 14:53:35 +0200
From: Nicolas Dandrimont <>
To: Mehdi Dogguy <>

* Mehdi Dogguy <> [2016-06-15 13:48:53 +0200]:
> In the meantime, we believe that the most urgent thing to do is to > make sure that Debian as a community is safe for its contributors, and > able to deal with people who abuse or manipulate, regardless of who > they are, whether it happens online or at Debian events.
> Over time, Debian has published clear statements of what our > contributors can expect from the community: the Diversity Statement > [1], and the Code of Conduct [2], have been ratified in General > Resolutions. DebConf events have an additional Code of Conduct that > attendees are expected to uphold [3]. > > [1] > [2] > [3] > > Note that these documents alone can only set expectations, but do not > help if somebody fails to meet them.
Apart from the DebConf code of conduct which has some provisions for actions, I do agree that we're sorely lacking a process for "escalation".
> Abuse and manipulation do happen, sometimes even unconsciously, and are hard > to detect. When a member of our community feels discomfort or worse, they > need to be heard and understood. Not everyone is a good listener, especially > with someone they do not know well. Make sure you and people around you have > at least two people you can safely talk to when something goes wrong.
I had to do a double take on this paragraph, and I still can't believe what I'm reading. Let's suppose I'm a newcomer in the project. Who should those two people be? With my outreach team hat on, and in the context of having encouraged around twenty newcomers coming to the next big Debian event, I feel very uncomfortable with that response. Should the message we are sending be that "yep, if you're talking to someone one on one, it's your fault"?
> People normally make mistakes, and they need to have a chance to > realise what happened, own up to their mistakes, and take action to > prevent them from happening in the future. Other people need to have a > chance to take action if that does not happen.
You should make very sure that your public interventions on the matter are worded more carefully. We're not talking about mere mistakes here, we're talking about sexual assault, and harassment (sexual or otherwise). Those are things that leave permanent scars on the victims, and can ruin their lives. Not really something you can dismiss with "well, it happens".
If such events happen in our community, I do hope that some of us will have the strength to make the attacker realize that what they did is wrong, help them to make amends and, if that comes to it, help them heal themselves. But, first and foremost, as a community, we need to make very sure that all the community is safe, and that we stand by each other when we need each other. If that means excluding some elements of our community to keep others safe, then we should not be afraid to do it.
> If you want to report any issues, you can contact DAM > <> and the Anti-Harassment team [4] > <> > > [4]
What is the current status of the anti-harassment team with DebConf being very close and their attention being more than needed for that period?
Bye, -- Nicolas Dandrimont

On a side note, Nicolas Dandrimont asked me to consider his girlfriend for an Outreachy internship. I have regularly made complaints about these conflicts of interest in Debian. Anybody who talks about these conflicts of interest is accused of sexual harassment. When I complain about Dandrimont's girlfriend, I'm doing it for all the other women who missed out on this opportunity.

Notice how Dandrimont asks to be removed from the selection process but he goes on to make comments about the projects and finishes with an offer to help rank the candidates anyway. This is not what it looks like when somebody honestly recuses themself from a decision.

The selection process described by Dandrimont would be no more credible than the investigation at the Tor Project.

Subject: Recusing myself from Outreachy applicant selection decisions, internships funding
Date: Fri, 14 Oct 2016 12:37:46 +0200
From: Nicolas Dandrimont <>

Hey all,
As of today, the person I'm involved with, Pauline Pommeret, is applying to an Outreachy internship in Debian (on the GPG cleanroom environment project - I don't see her mail on the list archive yet, so something must have gone wrong, but it should arrive soon enough).
To avoid an obvious conflict of interest, I am recusing myself for any decisions regarding applicant selections for this round.
I am of course still happy to serve as a liaison with the Outreachy program administrators, and to forward our applicants to them for general funding when selected, if the money allocated by Debian runs out.
This would especially be relevant, in my opinion, to RTC projects, as I'm not sure at all that we should fund them from Debian money directly. Karen Sandler also told me that one of the Outreachy sponsors was interested in funding interns on Reproducible Builds. All in all, we should be able to have two or three internship slots with Debian only disbursing one.
I'll stay on the outreach@d.o alias for now, but let me know if you need help ranking applicants, and I'll ask DSA to remove me so you can discuss at ease.
Cheers, -- Nicolas Dandrimont

Other Recent Techrights' Posts

1901 Days in High-Security Prison (and 8 More Years in Severe Confinement) for the 'Crime' of Exposing War Crimes and Corruption
Julian Assange clip = Microsoft Lobbying (Openwashing)
Here's the latest pair of blog posts
In Northern Mariana Islands, Where Julian Assange Pled Guilty 4 Weeks Ago, Windows Remains Second to Android, and GNU/Linux Still Grows in Oceania
It was the first month ever that statCounter saw more Web requests there from Android than from Windows
Good News About GNU/Linux, Geminispace, FSF, and Backlash Against Microsoft
here are a few quick takes
Backlash and Negative Press After Microsoft Tells Diversity, Equity, and Inclusion (DEI) People to DIE
Follow-up stories
Red Hat's Official Site Yesterday: Promoting 'Secure' Boot in Machines You Don't Own or Control Anyway
"To be clear, CentOS Linux no longer exist"
UEFI 'Secure Boot' Once Again Bricking PCs and Fake Security Models Are Perishing in Geminispace
Let's Encrypt has just fallen again
[Meme] Conservative (and Fake) Nuclear Physicist Bill Gates
Didn't even graduate from college, media treats him like a world-renowned expert in nuclear energy
The Gemini Capsule of Tux Machines Turns 2 in Six Days
Many people actually use Gemini, some participate in it by creating their own capsule (or capsules)
GNU/Linux Rises to 4% in Saudi Arabia, Says statCounter, Windows Has Fallen to 11% (Android Exceeds 60%)
Microsoft might soon fall below 10% in KSA (Saudi Arabia)
IRC Proceedings: Thursday, July 18, 2024
IRC logs for Thursday, July 18, 2024
GNU/Linux news for the past day
GNU/Linux news for the past day
If GitLab Gets Sold (Datadog and Google Named Among Potential Buyers), It'll Prove Our Point About GitLab
Beware the bait on the hook
Hot Summer: Microsoft Flirting With the "5% Windows" Club in Afghanistan
The share of Windows in Afghanistan has fallen to almost 5% (1 in 20 Web requests)
[Meme] Nothing Says "Independence Day" Like...
Firing DEI on Independence Day period
Links 18/07/2024: Hardware, Conflicts, and Gemini Leftovers
Links for the day
Links 18/07/2024: Retroactively Pseudonymised Litigant and Alberta’s Energy ‘War Room’
Links for the day
Gemini Links 18/07/2024: A Welcome to Gemini and Politics of Assassinations
Links for the day
Fabian Gruenbichler & Debian: former GSoC student added to keyring
Reprinted with permission from Daniel Pocock
Links 18/07/2024: ORG Complaint to ICO About Facebook, Korean Double Agent Unmasked
Links for the day
Joel Espy Klecker & Debian on Joe Biden's health and Donald Trump's assassination
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 17, 2024
IRC logs for Wednesday, July 17, 2024
Links 18/07/2024: Hostname Pedantry and Retro Coding
Links for the day
Fedora Week of Diversity (FWD) 2024 Attracting 0.01% of the IBM Staff "Was a Success"
They expect volunteers (unpaid slaves) to do the PR for them...
African's Largest Population (Nigeria) Approaching 80% Android "Market Share" Amid Steady Monthly Increases While Microsoft Has Mass Layoffs in Nigeria
Microsoft- and Apple-sponsored Western (or English-speaking) media chooses to ignore that or treat it as irrelevant (a racist disposition in its own right)
[Meme] The Warlord's Catspaw
Thugs that troll us
Microsoft Misogyny Will be the Fall of Microsoft (Covering Up for Misogynists is a Huge Mistake and Highly Misguided Short-term Strategy)
Microsoft's undoing may in fact be its attitude towards women
Microsoft's Bing Falls to Fourth in the Europe/Asia-Based Turkey, Share Halved Since LLM Hype, Now Only 1% (Sometimes Less)
Turkey (Eurasia) is another example of Microsoft failing with LLM hype and just burning a lot of energy in vain (investment without returns)
Red Hat Keeps Behaving Like a Microsoft Reseller (for Proprietary Stuff!), Microsoft Employees as Authors in
In some ways this reminds us of Novell
Links 17/07/2024: New Attacks on the Press, European Patents Squashed Even at Kangaroo Court (UPC)
Links for the day
Gemini Links 17/07/2024: Proponents of Censorship and New Arrivals at Gemini
Links for the day
Links 17/07/2024: School Budget Meltdown and Modern Cars as Tracking Nightmares
Links for the day
This Should Certainly be Illegal, But the Person Who Helped Microsoft Do This is Still Attacking the Critics of It
perhaps time for an "I told you so post"
Censorship as Signal of Opportunity for Reform
It remains sad and ironic that Wikileaks outsourced so much of its official communications to Twitter (now X)
[Meme] A Computer With an Extra Key on the Keyboard Isn't Everyone's Priority
(so your telling me meme)
The World Wide Web Has Been Rotting for Years (Quality, Accuracy, and Depth Consistently Decreasing)
In the past people said that the Web had both "good" and "bad" and that the good outweighed the bad
Comoros: Windows Plunges to Record Low of About 6% in Country of a Million People (in 2010 Windows Was 100%)
Many of these people earn a few dollars a day; they don't care for Microsoft's "Hey Hi PC" hype
Africa as an Important Reminder That Eradicating Microsoft Doesn't Go Far Enough
Ideally, if our top goal is bigger than "get rid of Microsoft", we need to teach people to choose and use devices that obey them, not GAFAM
Billions of Computers Run Linux and Many Use Debian (or a Derivative of It)
many devices never get updated or even communicate with the Net, so exhaustive tallies are infeasible
The Mail (MX) Server Survey for July 2024 Shows Microsoft Collapsing to Only 689 Servers or 0.17% of the Whole (It Used to be About 25%)
Microsoft became so insignificant and the most astounding thing is how the media deliberate ignores it or refuses to cover it
[Meme] Microsoft is Firing
Don't worry, Microsoft will have some new vapourware coming soon
More DEI (or Similar) Layoffs on the Way, According to Microsoft Team Leader
What happened shortly before Independence Day wasn't the end of it, apparently
Windows Down From 98.5% to 22.9% in Hungary
Android is up because more people buy smaller mobile devices than laptops
Microsoft Windows in Algeria: From 100% to Less Than 15%
Notice that not too long ago Windows was measured at 100%. Now? Not even 15%.
[Meme] Many Volunteers Now Realise the "Open" in "OpenSUSE" or "openSUSE" Was Labour-Mining
Back to coding, packaging and testing, slaves
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 16, 2024
IRC logs for Tuesday, July 16, 2024
Microsoft Windows "Market Share" in New Zealand Plunges to 25%
Android rising
[Meme] Ein Factory
A choice between "masters" (or "master race") is a false choice that results in mass exploitation and ultimately eradication (when there's little left to exploit)
Links 17/07/2024: Open Source Initiative Lies and Dark Net Thoughts
Links for the day
SUSE Goes Aryan: You May Not Use the Germanic Brand Anymore (It's Monopolised by the Corporation)
Worse than grammar Nazis
Media Distorting Truth to Promote Ignorance
online media is rapidly collapsing
Gratis But Not Free as in Freedom: How Let's Encrypt is Dying in Geminispace
Let's Encrypt is somewhat of a dying breed where the misguided CA model is shunned