In my article last week, I talked about how Bitcoin is decentralized, that is, lacks a single point of failure or choke point. One of the things many critics of the article pointed out was that mining is somehow centralized and therefore, my argument didn’t hold.

In this article, I’m going to examine mining centralization in depth, go through some scenarios to understand what the risks are, how it could play out and what the implications are going forward.

Mining Centralization can mean two different things:

Manufacturing of mining equipment being mostly in the hands of a single company.
Majority of hash power being controlled by a single company

These two are different and when someone says “mining centralization”, it’s not always clear which they mean. The rest of the article is organized to examine the risks and possible attacks of each. Note we’ll examine some scenarios here, by no means exhaustive, but they should give a pretty good idea of the possible risks and mitigations of Mining Centralization.

Bitmain does indeed produce a majority of double-sha256 (proof-of-work hashing algorithm behind BTC, BCH and a few others) mining equipment and the majority of hash power on the Bitcoin network as of this writing come from miners manufactured by Bitmain. We suppose here that though Bitmain may manufacture a majority of the mining equipment, they don’t necessarily control the equipment.

What are the risks of a single manufacturer producing most of the equipment used to secure the network?

Scenario 1: Backdoor

In this scenario, we assume that Bitmain sells most of the equipment that they manufacture.

The risk here is that Bitmain has put in some sort of backdoor to the mining equipment through some hidden hardware, firmware or software. Some possible things a backdoor could do:

Force the mining equipment to point to a Bitmain-controlled pool mining whichever coin Bitmain chooses.
Override the block template to give rewards to a Bitmain-controlled address.
Throw away valid proof-of-work unless the miner is pointing to a Bitmain-controlled pool.
Shut down the miner using some predetermined signal. (Kill-switch)

The first two possible back doors would be really obvious to anyone paying the least bit of attention. Furthermore, they would be really obvious to prove with even a little bit of logging. The consequences of the discovery of a backdoor of this magnitude would pretty much destroy Bitmain’s reputation as a company and additionally make it the target of a class action lawsuit at a minimum. This would be the equivalent of a kamikaze attack on Bitcoin, which might hurt Bitcoin short-term, but would completely destroy Bitmain as a Bitcoin ASIC manufacturer.

The third and fourth can be done in a more subtle way, but would still be susceptible to discovery. Throwing away proof of work has the effect of delaying blocks while making the non-Bitmain pool look more unlucky. Using a kill switch disables the equipment. The direct effects of both are actually detrimental to Bitmain as they have to deal with customer refunds and complaints about their miner not working. All benefits would have to be secondary, such as attracting more people to their pool. They also carry enormous risks as competitors might discover such backdoors and utilize them to Bitmain’s detriment. The risk of discovery alone more or less destroys whatever reputation Bitmain enjoys and the benefits uncertain and far off.

Note that these are things any mining manufacturer could put into their equipment. Hardware is very hard to audit and by buying equipment from a particular manufacturer, you’re in a sense trusting them not to cheat you.

In the 4–5 years of existence, Bitmain hasn’t resorted to these tactics, and there’s no reason to think that they would. Such backdoors involve a lot of planning, a high chance of discovery and/or failure and a low chance of reward.

Scenario 2: Manufacturer Defect

This scenario assumes that everything else is the same as scenario 1, but the equipment has some fatal defect. Perhaps the equipment catches on fire above a certain temperature. Perhaps the equipment calculates the timestamp wrong.

The worst possibility here is that the equipment creates invalid blocks and that’s easily seen by the rest of the network. Again, this only hurts the manufacturer, as they are the ones that have to deal with their customers’ anger.

Scenario 3: Price Gouging/Buying Restrictions/Shipping Delays

In this scenario, the equipment manufacturer uses its dominant position to add additional costs for buyers of the equipment. The costs may be charging more for the equipment, forcing the usage of certain payment methods, delaying shipping, perhaps even restrictions on how the equipment may be used.

All of these tactics become intolerable under competition as the total costs of the equipment can’t go above that of the competition without hurting sales and thus must be used judiciously, if at all. The additional revenue from acting this way is offset by long term reputational damage.

The actual manufacturing of equipment can lead to some bad outcomes, but the more dangerous scenario is one where there is a concentration of hash power. Specifically, one company may control more than half of the hash power on the network.

These can further be subdivided into two different categories:

One company controls pools totaling >50% of network hash power
One company controls machines totaling >50% of network hash power

The possible attacks are similar, but the way the attacks can be thwarted are a bit different. If a single entity controls a bunch of pools, individuals that participate in the pool can simply switch to a different pool to thwart the attack. If a single entity controls a bunch of machines, that is no longer an option. Keep this in mind as we go through the possible ways in which a majority hash power entity can attack the network.

Scenario 4: Majority-only chain

One obvious thing the majority hash power can do is simply reject blocks from everyone else, in essence taking every block reward for themselves. They could also deny transactions they don’t like and possibly try to double spend as well.

This is not as easy an attack to pull off as it would seem, just from the math, if the majority is not much more than 50%.

To illustrate why, imagine that a hypothetical manufacturer called Mitbain controls 60% of the hash power and decides to execute the block rejection attack. The probability that the rest of the network finds a given block is 40%. It’s clear that because the minority still has some hash rate, at some point, Mitbain will be behind by 1 block to the rest of the network.

In order to overtake the lead, Mitbain will need to find 2 more blocks than the rest of the network. This is not as simple as it sounds. Given sufficient time with a majority of the network hash rate, overtaking is inevitable, but this does not necessarily happen very quickly.

The math is a little involved, but the number of expected blocks until Mitbain overtakes the rest of the network is actually quite high. With 60% of the network hash power, the expected number of blocks until Mitbain overtakes the network is actually 6 blocks! Note this is with 60% of the hash power, so that’s not 60 minutes for those 6 blocks, but 100 minutes.

Not only that, but in the best case scenario for the attacker, the entire network will be invalidating the previous 5 blocks for the attacker’s 6 new blocks. Every transaction that happened in the previous 5 blocks would be invalidated as if they never happened and the transactions in the 6 new blocks seen as canonical. This is what’s called a block reorganization or a reorg for short and is how a double-spend attack can be performed in Bitcoin. Of course, the attacker could be “nice” and include more or less the same transactions as the original blocks that it’s overtaking, but there’s no guarantee.

No rational merchant or exchange would ever take less than 30 confirmations in a scenario like this (at least without some knowledge about what’s going on).

Time is in minutes

The above chart shows how many blocks you can expect to reorg every time the rest of the network finds a block. You can see that even having something like 70% of the network hash rate makes executing this attack pretty long and drawn out. If after spending enough hash power to find 6 blocks, Mitbain is still behind by 2–3 blocks, would Mitbain really want to continue?

Furthermore, a large reorg signals to the rest of the network that something nefarious is going on and nodes will likely view these new blocks with suspicion. It’s entirely possible that full node operators on the network will simply invalidate these blocks (this is possible through the invalidateblock command) and happily view the other chain made by the rest of the network as canonical, in which case, Mitbain would have wasted an enormous amount of hash power, announced its bad intentions and have a fork that many nodes don’t recognize for all its trouble. This would be a hard fork without any replay protection and the community would decide which one is worth more.

In addition, during the attack, there are large reorgs every time a non-Mitbain miner finds a block, which make taking payments extremely risky. Essentially, without something like 80% of the network, this attack renders Bitcoin all but unusable during the attack.

If, instead, Mitbain simply mined normally on the network, the mining rewards would essentially be the same without arousing any suspicion or incurring any reputational damage. The double-spend, fee sniping and transaction denial value would have to outweigh the risk of failure including loss of mining rewards, loss of reputation and damage to Bitcoin itself.

To put it simply, this attack really doesn’t make much sense from an economic perspective because there is simply not enough upside for the attacker. What’s more, even if successful, Bitcoin would still survive! There is no guarantee that the temporary degradation of the network is enough to make all the Bitcoin owners sell.

Scenario 5: Turning Off Hash Power

The majority hash power don’t have to attack the network in order to have influence, however. The majority can simply refuse to mine and provide the proportional security for the network. For example, the majority, say 80% of the hash power, can refuse to mine as a way to add political pressure for a certain feature. This would be similar to a hunger strike.

This scenario would cause some difficulties on the network. 10 minute blocks would now become 50 minute blocks. The mempool would probably fill up fairly quickly and transactions would be especially slow. This may, in turn, lead to higher fees.

This scenario is much more expensive for the attackers, however. They are giving up 1437 BTC/day or about $10M/day in revenue at current exchange rates. Even if the equipment were to be utilized on another network, their profitability and opportunity cost would suffer quite a bit.

What’s more, the Bitcoin network confirmation times would recover in a matter of weeks while the lost revenue will never come back for the would-be hunger strikers.

What Majority Hashing Cannot Do

It’s perhaps useful here to recap what a majority of hashing power cannot do.

First, the majority cannot take any coins you already possess away from you. All your coins are yours and the worst an attacker could do is double-spend incoming transactions or deny your outgoing transactions from going through for a while. This is normal and expected as we saw for transactions that didn’t have a high enough fee around December.

Second, the majority cannot change the rules of Bitcoin. In a sense, they can create new consensus rules, but that would be a hard fork, which requires everyone to upgrade. They’re free to try to convince the rest of the network that their rules are better, but as sovereign individuals, Bitcoin users have no obligation to follow such rules. The power of whom to follow lies entirely with the owner of the node.

Third, the majority cannot hurt you without hurting themselves to some degree. Such an attacker can degrade the network, but not without themselves incurring a lot of opportunity cost. They can attempt to double-spend, but not without significant risk of being blacklisted by many nodes.

At least from a manufacturing standpoint, the risks are being lowered continually. As much as people hate Bitmain, let’s not forget what manufacturers existed before them were like. Butterfly Labs, CoinTerra and KnC Mining are just some of the names in this space and they had some serious trouble even filling pre-orders.

Bitmain brought a professionalism to the mining industry that simply wasn’t there before. They were selling fully assembled, ready-to-go miners at conferences in 2014 where these other companies were delaying the delivery of pre-orders from months, sometimes years, before. The competence that Bitmain brought to the mining industry is why those other players are bankrupt.

That said, there is no reason to believe that Bitmain’s market dominance is permanent.

One of many new entrants into the Bitcoin mining game

First, there is a lot of competition coming. There are no less than 4 startups that I know of that are entering the mining space attempting to dethrone Bitmain. There are also larger companies like Samsung, Intel and Nvidia that are looking into getting into this very lucrative industry.

Second, unlike Bitcoin itself, there is no strong network effect in mining equipment manufacturing. People looking to mine may care a bit about who the machines are manufactured by, but most care much more about how much money they can make. In other words, having bought miners from Bitmain in the past does not lock them into buying more of their products. If anything, many people looking to mine will pay more to get non-Bitmain products.

Third, Bitmain is a very large company at this point. They are working on machine-learning ASICs, altcoin ASICs, buying up companies and funding lots of different projects. Large companies are often less nimble than their smaller counterparts and time can expose any flaws that a company this big can have.

This is not to say that Bitmain will simply give up their large share of this very lucrative industry, but there is certainly a lot of room for competition. If you believe in the free market as I do, it’s easy to see that any imbalance will even out over the long term. Right now there’s a manufacturing imbalance. Mining manufacturing centralization is a short term problem.

Miner centralization has been a boogie man for people in the Bitcoin community for a long time. What’s worse, a lot of people continue to believe that a majority can “control the network”. The emergent properties of decentralization help quite a bit here and Bitcoin is much better protected against such centralized control than many believe.

Furthermore, mining centralization is not structured in such a way as to last too long. Mining is a commodity game and those tend to lower in price as time goes along. Obviously, Bitmain will try very hard to protect the market share they have, but such attempts without producing the best product tend to be expensive and short-lived.

Mining is not a single point of failure and Bitcoin will survive.

There’s a persistent myth that blockchain tech is brand new and that if only given enough time, somebody will make something that’s useful for something other than money. This is what I call the “blockchain, not Bitcoin” syndrome and in this article, I’m going to dispel the myth that uses for blockchain are just around the corner, that they’re going to add decentralization to all the things, and that it’s some revolutionary new tech.

The concept is about as bankrupt as the company whose logo which this imitates. (credit: phneep)

Corporate obsession with blockchain started in 2014, shortly after Bitcoin got on their radar. Instead of paying attention to the revolutionary, innovative, decentralized and digitally-scarce money that is Bitcoin, they instead took a concepts from the software and called it “blockchain”.

Multiple industry groups were found at this time, like Hyperledger and R3 as well as companies like Digital Asset Holdings that tried to create a market around this tech.

What they had in common was the use of the word blockchain as a panacea for a bunch of problems in all sorts of industries. In typical corporate fashion, they took the word “blockchain” and bastardized it to mean whatever they wanted it to mean.

The life that the word “blockchain” took on around 2015 was incredible. Tons of people, especially people that weren’t technical, often with only a vague sense of how Bitcoin worked, were saying things like “I believe in the technology, but I don’t believe in Bitcoin”. This was apparently the “consensus” response for business-types that wanted to seem like they were current on the technology.

You can understand why for two reasons. First, Bitcoin’s reputation from 2011 to 2015 or so, and to some degree today, was unsavory. Bitcoin was associated with activities like buying drugs, paying for an ad on backpage or even being an anarcho-capitalist/libertarian/Ron Paul crazy. Second, by praising the technology, an executive could appear to be on the leading edge of something that’s too technical for others to question effectively.

In other words, endorsing “blockchain” and not Bitcoin gave many business-types the appearance of expertise and knowledge about the topic without all the unsavory connotations associated with Bitcoin at the time. What’s clear from the subsequent actions is that they had no idea what blockchain was and seeded the consequences of their own ignorance.

Their ignorance led to mediocre engineers with very little understanding of incentive systems, game theory or even public key cryptography to masquerade as blockchain experts. These “experts” bamboozled business-types into believing that the solution to the biggest problem for a particular industry could be built with a blockchain, some developers and some money. But we’re getting ahead of ourselves. Before the full fledged “blockchain, not Bitcoin” syndrome caught fire, plenty of fuel in the form of hype preceded it.

This pretense of knowledge led to books like The Blockchain Revolution, which promised fixes to pretty much every sector in the economy while giving just enough tantalizing technical concepts in vague enough terms that many executives felt the adolescent fear of missing out on the new technical trend of “blockchain technology”.

To be fair, many were taken in by promises of solutions to real problems for their industry. For health care, “blockchain” would somehow make patient history available to care providers at exactly the right time without violating patient privacy. For law, “blockchain” would somehow create perfectly fair contracts without the need for expensive lawyers. For supply chains, “blockchain” would somehow prove whose fault it was that some parts were substandard or that not enough parts were delivered. For art, music and TV, “blockchain” would somehow reward the creators what they were due while combating piracy and taking out the middle men. For online ads, “blockchain” would somehow make tracking accurate, reduce fraud and take out the many different middle men that collectively take a large portion of the profit. We could go on and on and on about the impossibly difficult problems that “blockchain” supposedly would solve.

It’s not a coincidence that these promises correspond to giant problems in each industry. Blockchain became a blank canvas onto which any problem could be painted as being solvable. Literally hundreds of startups and industry consortiums, many using ICOs, promised to solve the biggest inefficiencies in every industry using “blockchain”.

Many of these startups were created by veterans of a given industry who thought that the only missing piece was developers to write the blockchain system that would solve everything. They reasoned that they had the expertise to know what the problems were and that getting a few blockchain experts would be all that would be needed to make their industry so much better and create tremendous profit for themselves.

This would work if only these developers could deliver on what the industry veterans wanted! How hard could it be to make a flawless, auditable, decentralized, encrypted database that execute terabytes of smart contracts quickly and efficiently using oracles that check each other using zero-knowledge proofs? Surely a few lines of code in Solidity could create a scalable, provably correct, maintainable system that would solve the biggest pain points of industry X, right? Well, no.

No, because no such explanations exist

Blockchain became a meaningless buzzword that meant “solving the biggest challenge in industry X” using fancy jargon to convince people that the challenge could be met. The reality was far different. What most of these startups discovered is that blockchain is not a panacea. They ran head first into problems that we’ve known for a long time like the oracle problem, or the consensus problem, or the analyzability of Turing-complete contracts, or the free rider problem. It turns out blockchain, far from being a panacea is actually a hindrance to creating these solutions because of the requirement, at least nominally, of decentralization.

To make matters worse, the developers tasked with creating these systems were often completely ignorant about user and node incentives and possible exploits in an adversarial environment.

The results of such shenanigans are sadly predictable. When you promise more than you can deliver with mediocre talent in a technology that few people understand, you’re not going to be able to deliver much. Most of these efforts have accomplished nothing. The few that created proof-of-concepts have not progressed to full-fledged products. The few products that have launched have very little traction (less than 2000 users per day is considered a complete failure for an app or website).

Despite all this, ICOs touting decentralized blockchains for industry X, enterprise blockchain efforts to optimize Y and even public blockchains for some service Z continue to be touted as the future. Several different arguments generally come up when this discrepancy between promises and results are pointed out.

How can you be sure nothing will come out of blockchain technology other than Bitcoin?

It’s true, it only takes one counterexample to disprove my thesis that blockchain is really only useful for sound money. However, without bastardizing the word blockchain, the essence of what blockchains provide is decentralized, authoritative, expensive to alter data. This is not a surprise as these properties are exactly what you want for sound money like Bitcoin.

Unfortunately, what non-monetary projects generally need, given that it’s software for an industry that’s regulated, changing and growing, is a centralized, upgradeable and scalable system. Each need is made greatly more difficult when combining with a blockchain. In other words, blockchain is the wrong tool for the job.

Even if by some miracle a popular app is created on a blockchain, a centralized equivalent without the extraneous blockchain will be cheaper, faster, more reliable, more maintainable while having the exact same single points of failure as the “decentralized” blockchain-y version. Or put another way, any popular dApp is destined to lose against a centralized competitor on cost, speed, features and scale.

So many people are working on this! Something has to come out of it.

Lots of people working on something doesn’t mean desires magically turn into reality (see: alchemy, cold fusion, flying cars, etc).

That’s even overstating the point. Flying cars are at least possible. What most of these projects are working on are square circles or perpetual motion machines: decentralized services that have centralized control, that is, logical impossibilities.

I can hear my critics now, “Jimmy is against experimentation, entrepreneurship and trying new things!” This is a classic bait and switch tactic. Experimentation is fine to start. Pouring more money into failed experiments is just putting good money after bad. These “blockchain” experiments have a history of being futile and have little basis in reality. They are wastes of capital and human effort and don’t lead to any useful goods or services. All they do is allow charlatans to rent-seek.

Lots of money has gone into it! Someone is going to come up with something!

Certain engineering challenges are simply not a matter of funding, they are a matter of innovation. What’s worse, when a company is handcuffed by being required to use a particularly cumbersome technology like blockchain, there’s even less chance of anything coming out of it. This is the classic error of a solution looking for a problem. And no, more money won’t magically find you a profitable market problem for which a blockchain happens to be the most optimal solution.

“Blockchain, not Bitcoin” is not a new idea. The past five years have produced nothing with this so-called “blockchain” technology and we’re unlikely to see anything in the next five. The only thing that blockchain seems to be good at is promising to fix the biggest problems while delivering very little and consuming tremendous capital.

Blockchain is a solution looking for a problem. Too many people have been taken in by “blockchain” and pretend to see clothes on a naked emperor. The imaginary clothes may seem like perfect solutions to the biggest problems of their industry. Unfortunately, wishful thinking is not reality.

Sorry to be the bearer of bad news, but the emperor has no clothes. Blockchain without Bitcoin is a big nothing burger.

En janvier 2020, je quittais Gmail. Après plus de 10 ans de bons et loyaux services, j’allais abandonner le service de messagerie de Google pour aller voir ailleurs. Ce départ n’était pas dû au fait que j’avais trouvé un nouveau service plus intéressant, plus performant ou plus à la mode, je voulais simplement faire un petit geste pour la protection de ma vie privée.

J’avais déjà entamé cette « dégooglisation » de ma vie depuis plusieurs mois grâce aux indispensables outils de Framasoft qui proposent des apps alternatives à celles des géants du web, généralement plus respectueuses de la vie privée. Les révélations d’Edward Snowden sur l’ampleur du pistage que l’on subit sur Internet avaient eu le temps de bien mûrir et je n’étais plus en accord avec le modèle économique de Google. Il était donc temps pour moi d’aller voir ailleurs.

ProtonMail, efficace sans être complexe

Sauf qu’une adresse mail ne se change pas comme ça, surtout quand on a passé 10 ans à construire son identité numérique autour d’elle. Des centaines de comptes, tout autant de mots de passe, des applications connectées à sa boite mail dans tous les sens. La tâche paraissait insurmontable. Comment déménager autant de données et tout rebâtir de zéro ?

Hé bien, c’est impossible. Ou quasiment. Mais cela ne veut pas dire qu’il faut perdre espoir. Comme pour un déménagement, il faut juste faire les choses petit à petit.

Je me suis donc d’abord créé un compte sur ProtonMail. Le service a relativement bonne réputation concernant le respect de la vie privée et propose le chiffrement des communications de bout en bout. Cela signifie que techniquement mes courriers sont sécurisés et qu’ils ne sont lisibles par aucun intermédiaire. Il existe d’autres services de mail encore plus sécurisés et que l’on peut installer sur son propre serveur, mais j’avais besoin d’une solution clé en main qui n’exige pas de mettre les mains dans le cambouis. ProtonMail, avec son interface web et ses applications iOS et Android, était donc tout désigné. Surtout qu’il existe d’excellents guides pour migrer de Gmail vers ProtonMail.

5 euros par mois : le coût de la vie privée

Premier petit bémol, les comptes gratuits chez ProtonMail n’embarquent que 500 mégaoctets de stockage (contre plusieurs gigaoctets sur Gmail). Moi et mes 2 Go et quelques de mails allions donc être un peu à l’étroit. Bien décidé à laisser Google derrière moi, j’ai fait quelque chose que je n’avais pas fait depuis 10 ans : payer pour un service de mail. L’offre ProtonMail Plus offre 5 Go de stockage pour 5 euros par mois. Ce n’est évidemment pas une somme anecdotique (surtout quand on commence à faire le calcul sur plusieurs mois), mais c’est malheureusement le prix à payer aujourd’hui pour préserver sa vie privée sans se prendre la tête.

Si vous ne souhaitez pas embarquer vos archives de mail comme je l’ai fait, il est possible de se satisfaire de 500 Mo de stockage, mais il faudra penser à faire ponctuellement le ménage. L’abonnement Plus arrive aussi avec d’autres avantages (sur lesquels nous reviendrons). Devoir payer alors que la concurrence offre un service gratuit équivalent (et même mieux sur certains points) est une pilule difficile à avaler, mais il faut choisir entre ça ou se faire traquer partout sur le web. Refusant de rendre Google encore un peu plus riche, j’ai donc décidé de voter avec mon portefeuille.

Mais, à l’usage alors ?

Une fois la migration de mes mails finie, je me suis donc mis à utiliser mon adresse Proton comme boite mail principale, en redirigeant tout de même mes courriers Gmail vers cette nouvelle adresse (on vous explique comment faire par ici). L’interface était à l’époque un peu austère et loin du niveau de finition qu’offre Gmail, mais depuis l’entreprise a déployé une nouvelle version plus moderne et plus léchée.

À l’usage, le client web de Proton n’a pas grand-chose à se reprocher. On retrouve vite ses marques si l’on vient de Gmail, et une fois ses dossiers ou ses libellés bien en place, on peut filtrer et dicter des règles de tris automatiques comme chez Google. Certaines fonctionnalités avancées comme les sous-labels n’existent pas encore, mais dans l’absolu 95 % des utilisateurs et utilisatrices s’y retrouveront côté fonctionnalité et ergonomie.

Si vous êtes comme moi un obsédé du rangement de mail, l’offre ProtonMail Plus offre un autre avantage : la possibilité de créer jusqu’à 200 dossiers et labels (là où l’offre gratuite est limitée à trois). Autre petit plus, vous aurez aussi accès à ProtonDrive (le Google Drive maison) ainsi qu’à d’autres fonctionnalités avancées comme la possibilité de créer des adresses mail secondaires si vous voulez séparer votre vie personnelle et professionnelle au sein de l’interface Proton.

Si l’interface web de ProtonMail est réussie, ses applications mobiles le sont un peu moins. Que ce soit sur smartphone ou tablette, l’interface est vieillotte et pas très bien optimisée. Certaines fonctionnalités comme le mode « Conversation » (qui groupe tous les messages d’un fil de mail) manquaient jusqu’à l’année dernière. Les applications restent tout à fait efficaces et utiles pour un usage d’appoint, mais il faudra parfois accepter certains défauts. Le service évolue rapidement cela dit.

Depuis plus d’un an, je ne suis donc quasiment jamais revenu sur ma boite mail Google et j’en suis ravi. J’ai l’impression de m’être émancipé un tout petit peu de l’économie de la surveillance. Bon, soyons honnêtes cela dit, beaucoup de mes mails transitent encore chez Google avant d’atterrir dans ma boite Proton. On ne se débarrasse pas comme ça d’une identité numérique vieille de 10 ans. Mais mes comptes et mes contacts les plus importants m’écrivent désormais directement sur mon adresse ProtonMail, et je tente à chaque mail reçu via Gmail d’aller mettre à jour mes informations de contacts chez le site expéditeur. Chaque adresse mail changée a le goût d’une petite victoire face à Google.

Deuxième bémol, je suis aujourd’hui assez seul sur mon service de mail chiffré. La plupart de mes contacts utilisent encore des adresses Gmail, Outlook ou d’autres, qui lisent donc mes échanges. Chiffrer un mail est une bonne chose, mais s’il arrive en clair chez Google pour pouvoir être lu par mon interlocuteur ou mon interlocutrice, alors je suis toujours espionné par les grands méchants du web. L’intérêt dans ce cas-là est donc réduit. En revanche, en empêchant Google de scanner tous mes mails promotionnels, toutes mes alertes Le Bon Coin ou mes informations de livraison (l’immense majorité de ma boite mail en somme) je cesse malgré tout de nourrir l’algorithme et gagne un peu plus en vie privée.

Un choix militant

Pour conclure simplement : ProtonMail est un excellent service de mail si l’on est prêt à faire quelques sacrifices. Toutes les fonctionnalités de tri ou de prédiction « intelligente » de Gmail ne sont par exemple pas présentes puisque l’entreprise ne scanne pas votre courrier. Certaines autres fonctionnalités ne sont pas disponibles sur toutes les plateformes et les possibilités de personnalisation sont un peu moins poussées que chez Google.

ProtonMail prend tout son sens avec un abonnement

Enfin, à moins d’avoir un usage très basique de sa boite mail, on se heurtera rapidement aux limites de l’option gratuite. ProtonMail prend en fait tout son sens avec un abonnement, et comme nous le soulignions plus haut, c’est probablement l’un des aspects les plus compliqués à surmonter après des années à évoluer sur l’Internet du « tout gratuit ».

Mais le modèle économique de Proton n’étant pas vraiment compatible avec la publicité, il faut bien trouver d’autres sources de revenus. Passer à ProtonMail c’est donc aussi un acte militant, c’est adopter une nouvelle approche du web et refuser que nos données personnelles soient une monnaie d’échange. Tout ça dans un client mail plutôt bien pensé.

Pensez à la newsletter pour suivre Numerama

Le débat entre les pessimistes, qui craignent pour l’environnement, et les optimistes, tenants du business as usual, ne porte donc pas sur la nécessité d’agir – personne n’est vraiment pour la disparition des éléphants ou la contamination des nappes phréatiques aux pesticides –, mais sur la gravité du problème, l’intensité et la vitesse avec laquelle il faudrait réagir, la possibilité de changer modes de production et habitudes de consommation, la manière (régulation, taxes, incitations, soutien public…) et les moyens (financiers, techniques) de mener la transition.

La question technologique est particulièrement prégnante, bien qu’à peu près occultée. Les scénarios prospectifs se fondent en général sur une population plus nombreuse, consommant plus d’énergie et se déplaçant (elle-même ou ses marchandises) plus loin et plus fréquemment. De fait, les solutions techniques sont présumées disponibles et abordables, sinon à portée de main, que ce soit pour les énergies « décarbonées », les solutions de mobilité du futur ou la capacité des rendements agricoles à toujours s’accroître – ou à se maintenir. Les plus audacieux, comme Jeremy Rifkin, vont jusqu’à promettre de telles « ruptures » technologiques – un vocable à la mode – que tout ou presque en deviendrait gratuit ou à « coût marginal zéro », à commencer par l’énergie issue de sources renouvelables2.

Pourtant, si le rôle de l’innovation technologique est en effet central, il y a une différence entre les problèmes – qui sont bien là – et la multitude de solutions techniques proposées – dont certaines ne sont qu’au stade de l’annonce ou du concept (capture et séquestration du CO2, voitures à hydrogène…). Et, sans remettre en question ni la formidable inventivité humaine ni les moyens considérables de recherche et de développement dont nous disposons, nous pouvons nous demander si c’est un nouvel âge d’abondance qui se profile ou si nous n’allons pas, au contraire, vers la pénurie, selon les termes actuels d’un vieux débat « malthusien ».

La formidable inventivité humaine

Après tout, nous avons toujours trouvé. L’humanité a réussi à repousser les limites imposées par la nature ou sa condition physique. Elle l’a souvent fait pour réagir au risque de pénurie. Certes, les êtres humains du Néolithique ne sont pas entrés dans l’âge de bronze par manque de silex. Mais la révolution néolithique elle-même a probablement été provoquée par le franchissement d’un seuil de densité humaine, qui devenait de moins en moins compatible avec le nomadisme des chasseurs-cueilleurs : une pénurie de territoires (faiblement) productifs. Quant à la hache de bronze, elle illustre un deuxième ressort historique de l’innovation technique, l’art de la guerre, car nos ancêtres en ont vite découvert l’intérêt, indépendamment du défrichage des forêts.

La pénurie a bien été un aiguillon essentiel, à l’origine d’une grande partie des innovations de la révolution industrielle, car la croissance permanente de la consommation allait bientôt dépasser les capacités de ponction sur les ressources renouvelables, locales ou importées. Jusque tard dans le xixe siècle, il y eut une limite purement « surfacique » à la production de produits essentiellement animaux et végétaux : colorants naturels (garance, pastel, indigo, lichen…), graisses, colles et suif des chandelles (à base de déchets d’animaux et d’os), acides et alcools produits par fermentation (vinaigre), cuirs et fourrures, fibres (laine, lin, coton, chanvre), etc. Les locomotives et machines à vapeur étaient lubrifiées à l’huile de cachalot et les égreneuses à coton revêtues de paroi stomacale de morse3 !

L’exploitation des forêts comme combustible et bois d’œuvre conduit, à partir du xviie siècle, à une crise du bois européenne. La double invention de la pompe à vapeur et de la machine à vapeur, au tournant du xviiie siècle, permettra l’exhaure des mines souterraines et l’accès aux énormes ressources de charbon situé sous le niveau des nappes phréatiques des bassins houillers anglais.

Parallèlement, la chimie minérale va répondre aux besoins cruciaux artisanaux et industriels : acides pour le traitement des métaux, la préparation des teintures, des fibres, etc. et produits alcalins (soude et potasse) pour la fabrication des savons et des lessives, du verre, le dégraissage des laines… Au milieu du xviiie siècle, le salpêtre des caves humides et la soude des algues et des salicornes (plantes méditerranéennes dont Marseille tire sa vocation savonnière) ne suffisent plus à répondre à la demande. Les conflits d’usage deviennent intenables jusqu’à ce que Nicolas Leblanc mette au point, dans les années révolutionnaires, un procédé industriel de production de soude à partir de sel, de craie et de charbon. Quant à la chimie organique, elle doit son développement aux besoins croissants de colorants et à la découverte du benzène et de ses dérivés – dans les reliquats de distillation du charbon des légendaires « usines à gaz » utilisées pour l’éclairage. Enfin, la polymérisation, dans les années 1930, ouvre la voie aux matériaux artificiels (matières plastiques, fibres synthétiques, résines et colles…) issus du pétrole et du gaz, en quantité jusqu’ici inimaginable.

Les coûts écologiques de la technique

La période charnière qui va de la moitié du xviiie à la fin du xixe siècle a été déterminante dans le changement d’échelle de la production, les percées technologiques importantes et nombreuses, et la « grande transformation » des rapports économiques4. Le xxe siècle enchaînera avec les gains de productivité de la mécanisation, de la robotisation puis de l’informatisation, améliorant les techniques permettant l’accès à des ressources abondantes, réduisant considérablement, surtout, le temps de travail humain investi pour la production des produits finis, rendant possible le niveau de consommation actuel.

Globalement (hors l’épineux problème de répartition), le système technique, enchâssé dans un système social, moral et culturel qu’il modifiait à mesure, a plutôt bien répondu aux « besoins ». Mais cela a eu un prix : celui d’une fuite en avant, d’une accélération permanente entre des risques de pénuries et de nouvelles solutions pour y répondre, créant elles-mêmes de nouveaux besoins et de nouveaux risques ; celui de pollutions, de destructions sociales et environnementales sans précédent. Nos « ingénieurs thaumaturges » font rarement des omelettes sans casser des œufs.

Le procédé Leblanc changea l’échelle des pollutions. Bien sûr, elles existaient avant la chimie industrielle : la ville médiévale et artisanale conciliait, avec difficulté, l’utilisation de l’eau pour les besoins domestiques avec les rejets nauséabonds des tanneurs, des corroyeurs, des blanchisseuses, des savonniers ou des teinturiers5, tandis que l’air était souvent vicié par la combustion de bois et de charbon. Mais les rejets des premières usines chimiques allaient atteindre aussi les campagnes, provoquant d’ailleurs de vives réactions6.

Les nouveaux matériaux présentaient un grand désavantage par rapport au bois, aux fibres ou au cuir : non biodégradables, ils allaient générer un problème de déchets sans précédent et une pollution globale – comme les nouveaux « continents » océaniques (bel oxymore) de plastiques. Les techniques agricoles, en passant de solutions traditionnelles (boues d’épuration, alternance des cultures…) pour augmenter la productivité des sols aux nitrates de synthèse (après épuisement du guano chilien), ont été diablement efficaces, mais au prix de l’eutrophisation des rivières, de la mort biologique des sols, de l’émission de puissants gaz à effet de serre, etc. « La mine, l’aciérie, l’usine à papier, l’abattoir. Voilà les quatre fondements de cette civilisation dont nous sommes si fiers. Si tu n’es pas descendu dans la mine, si tu n’as pas senti le souffle sulfureux de l’usine à papier, si tu n’as jamais respiré la fauve et fade odeur de l’abattoir, si tu n’as pas vu le four Martin dégorger son flot de métal en délire, ô mon ami, tu ne connais pas toutes les tristesses du monde, toutes les dimensions de l’homme7. » Mais qui pratique encore les usines aujourd’hui ? La mondialisation est passée par là, facilitée par l’abondance du pétrole et l’essor du transport conteneurisé8. La production de nos objets manufacturés complexes, comme l’automobile ou l’électronique, dépend de flux imbriqués de milliers de fournisseurs dans des dizaines de pays ; les produits plus simples se sont concentrés dans les pays aux coûts salariaux plus bas ou aux normes environnementales plus faibles – la ville de Qiaotou, dans le Zhejiang chinois, produit 80 % des boutons et des fermetures à glissière du monde. Les coquilles Saint-Jacques et les boyaux de porc vides font l’aller-retour entre la Bretagne et la Chine pour être nettoyés, avant de revenir pour être garnis de farce.

Ces coûts de transport faibles ont permis l’éloignement entre nos actes (consommer) et leurs conséquences environnementales et sociales (produire). On externalise les pollutions au Bangladesh, devenu haut lieu du travail du cuir, comme l’électricité et les usines à gaz permirent de repousser la pollution en périphérie des villes à la fin du xixe siècle. Edison permet de s’éclairer et de se chauffer sans l’odeur et les traces de suie du charbon, du pétrole ou du gaz. La pollution est bien là – les centrales à charbon restent la première source mondiale d’électricité et de chaleur – mais délocalisée à l’extérieur du tissu urbain.

Le mythe salvateur plus prégnant que jamais

À quoi ressembleraient nos campagnes, s’il avait fallu y monter les nouvelles usines – et assumer leurs rejets – pour notre consommation exponentielle de téléphonie, d’informatique, de jouets, de vêtements ? Pour y répondre, il faut regarder les zones industrielles chinoises. Mais grâce à la distance, nous nous berçons d’illusions sur la « dématérialisation » de l’économie et la croissance « verte » à base de nouvelles technologies.

Le numérique n’a rien de virtuel. Il mobilise toute une infrastructure, des serveurs, des bornes wifi, des antennes-relais, des routeurs, des câbles terrestres et sous-marins, des satellites, des centres de données… Il faut d’abord extraire les métaux (argent, lithium, cobalt, étain, indium, tantale, or, palladium…), engendrant destruction de sites naturels, consommation d’eau, d’énergie et de produits chimiques nocifs, rejets de soufre ou de métaux lourds et déchets miniers. Ensuite fabriquer les composants, comme les puces au silicium qui nécessitent quantité d’eau purifiée, mais aussi du coke de pétrole, du charbon, de l’ammoniaque, du chlore, des acides, etc., fournis par le cœur du capitalisme « carbonifère9 ». Puis faire fonctionner le tout, avec plus de 10 % de l’électricité mondiale ! Enfin, se débarrasser des déchets électroniques, parmi les plus complexes à traiter : une partie – majoritaire – est incinérée ou jetée en décharge ; une autre rejoint les circuits « informels » (Afrique de l’Ouest, Chine…), où ils sont brûlés à l’air libre et empoisonnent les sols et les eaux. Le reste rejoint quelques usines spécialisées, qui ne récupèrent que partiellement les ressources. In fine, le taux de recyclage de nombreux métaux rares est inférieur à 1 %, un terrible gâchis.

Notre économie 2.0 a toujours le même souffle sulfureux, malgré les exhortations à une économie (plus) circulaire, à la transition énergétique ou à l’« écologie industrielle ». Pourtant, plus que jamais, nous vivons dans la religion exclusive du « techno-solutionnisme », en plaçant tous nos espoirs dans les innovations et les effets bénéfiques (futurs) du numérique, en fantasmant un monde où tout sera bien mieux optimisé, où les outils et les services numériques seront facteurs d’efficacité et de sobriété : énergies renouvelables distribuées par des smart grids, covoiturage bientôt servi par des véhicules autonomes, déplacements fluidifiés dans les smart cities, économie de la fonctionnalité réduisant les équipements individuels, etc., sans parler des biotechnologies et des applications médicales.

À l’entendre, la high-tech – Californie en tête – va continuer à « révolutionner » notre quotidien, mais surtout s’apprête à sauver le monde, à l’image de milliardaires comme Elon Musk, héros des green techs, des voitures électriques aux batteries pour panneaux solaires, en attendant Hyperloop et les voyages sur Mars. Mieux, les technologies de demain ne seront pas seulement propres, elles seront réparatrices : les bactéries modifiées génétiquement dépollueront les sols, les big data et les capteurs protégeront les forêts tropicales, la science ressuscitera même le mammouth laineux, dont l’Adn dégèle en même temps que le permafrost.

Peut-on compter sur une « sortie par le haut » à base d’innovation technologique ? Il serait périlleux de tout miser dessus. En premier lieu parce que la plupart des technologies prétendument « salvatrices » nécessitent, à plus ou moins grande échelle, des ressources métalliques, non renouvelables, et viennent accélérer, plutôt que remettre en cause, le paradigme « extractiviste » de notre société thermo-industrielle10. Elles font en effet appel à des métaux plus rares et aggravent les difficultés à recycler correctement, soit parce que les usages dissipatifs augmentent (quantités très faibles utilisées dans les nanotechnologies et l’électronique ; multiplication des objets connectés…), soit parce que la complexité entraîne un downcycling des matières recyclées, du fait des mélanges (alliages, composites…) et des applications électroniques. La matérialité de notre consommation entraîne une contrainte systémique : avec une approche monocritère sur la question – certes vitale – du CO2, on engendre ailleurs des risques sur la disponibilité des ressources et des dégâts environnementaux.

En second lieu parce que les gains d’efficience sont balayés par un formidable effet « rebond ». Indéniablement, la consommation d’énergie des véhicules, des avions, des centres de données, des procédés industriels baisse régulièrement, les innovations sont nombreuses et les progrès réels. Mais la croissance du parc automobile, des kilomètres parcourus, des données échangées et stockées est largement supérieure aux gains unitaires. Entre 2000 et 2010, le trafic internet a été multiplié par cent. Que vaut alors une amélioration de quelques dizaines de points d’efficacité énergétique par octet ?

Vers les technologies sobres et résilientes ?

Il n’y a pas de solution technique permettant de maintenir – et encore moins de faire croître – la consommation globale d’énergie et de ressources. En continuant à alimenter la « chaudière du progrès11 », nous nous heurterons tôt ou tard aux limites planétaires, régulation climatique en tête.

C’est donc – aussi – vers l’économie de matières qu’il faut orienter l’innovation. Avant tout par la sobriété, en réduisant les besoins à la source, en travaillant sur la baisse de la demande et pas seulement sur le remplacement de l’offre. Un exercice délicat, face à des « besoins » humains nourris par la rivalité mimétique et une frontière floue entre « fondamentaux » et superflu, qui fait aussi le sel de la vie. Mais on peut imaginer toute une gamme d’actions, comme bannir le jetable, les supports publicitaires, l’eau en bouteille, revenir à des emballages consignés, composter les déchets même en ville dense, brider progressivement la puissance des véhicules et les alléger, avant de passer au vélo, adapter les températures dans les bâtiments et enfiler des pull-overs, car il est bien plus efficace, plus simple, plus rapide, d’isoler les corps que les bâtiments !

Pour recycler au mieux les ressources et augmenter la durée de vie de nos objets, il faudra les repenser en profondeur, les concevoir simples et robustes (Ivan Illich aurait dit « conviviaux »), réparables et réutilisables, standardisés, modulaires, à base de matériaux simples, faciles à démanteler, n’utiliser qu’avec parcimonie les ressources rares et irremplaçables comme le cuivre, le nickel, l’étain ou l’argent, limiter le contenu électronique. Quitte à revoir le « cahier des charges », accepter le vieillissement ou la réutilisation de l’existant, une esthétique moindre pour les objets fonctionnels, parfois une moindre performance, de l’intermittence, une perte de rendement ou un côté moins « pratique ».

Il faudra enfin mener une réflexion sur nos modes de production, privilégier des ateliers réimplantés près des bassins de consommation, un peu moins productifs mais plus intensifs en travail, moins mécanisés et robotisés, mais économes en ressources et en énergie, articulés à un réseau de récupération, de réparation, de revente, de partage des objets du quotidien.

Face aux forces en présence et aux tendances de fond, cela paraît bien utopique. Mais peut-être pas plus que le statu quo, un maintien ad vitam aeternam de notre civilisation industrielle sur sa précaire trajectoire exponentielle. La robotisation et l’intelligence artificielle nous promettent un chômage de masse à des niveaux inégalés tandis que nous serons rattrapés par l’effondrement environnemental. Pourquoi ne pas tenter plutôt la voie d’une transition post-croissance vers un nouveau « contrat social et environnemental » ?

1.

Bjorn Lomborg, l’Écologiste sceptique, Paris, Cherche Midi, 2004.

2.

Jeremy Rifkin, la Nouvelle Société du coût marginal zéro, Paris, Les Liens qui libèrent, 2016.

3.

Henry Hobhouse, les Graines du changement. Six plantes qui ont changé l’humanité, trad. Patricia Barbe-Girault, Orléans, Regain de lecture, 2012.

4.

Karl Polanyi, la Grande Transformation. Aux origines politiques et économiques de notre temps [1944], trad. Catherine Malamoud et Maurice Angeno, préface de Louis Dumont, Paris, Gallimard, coll. « Tel », 1983.

5.

André Guillerme, les Temps de l’eau. La cité, l’eau et les techniques, Ceyzérieu, Champ Vallon, 1983.

6.

Jean-Baptiste Fressoz, l’Apocalypse joyeuse. Une histoire du risque technologique, Paris, Seuil, 2012.

7.

Georges Duhamel, Scènes de la vie future, Paris, Mercure de France, 1930, p. 135.

8.

Marc Levinson, The Box. Comment le conteneur a changé le monde, trad. Antonine Thiollier, Paris, Max Milo, 2011.

9.

Lewis Mumford, Technique et civilisation [1934], trad. Natacha Cauvin et Anne-Lise Thomasson, préface d’Antoine Picon, Marseille, Parenthèses, 2015.

10.

Voir Yves-Marie Abraham et David Murray (sous la dir. de), Creuser jusqu’où ? Extractivisme et limites à la croissance, Montréal, Écosociété, 2015 ; Alain Gras, le Choix du feu, Paris, Fayard, 2007.

11.

Baudouin de Bodinat, la Vie sur Terre. Réflexions sur le peu d’avenir que contient le temps où nous sommes, tome I (1996) et tome II (1999), suivis de deux notes additionnelles, Paris, Encyclopédie des nuisances, 2008.

I've spent about the last decade of my life developing tools for note taking and file management, the most important of which is an encrypted note-taking app. And when I talk to others about how their lives changed once they knew their thoughts and words were private, the response is always the same: "I feel free," is what I hear. They talk about the subtle, but powerful, difference privacy brings you. You become accustomed to the luxury of knowing what you say will never be repeated.

Those who haven't tried the private online life ask me what it's like. Well here you go:

Imagine you were in a room with 50 people. All around you, in every direction, are people breathing in the same circulated air as you. It's crowded. The environment dramatically changes your thoughts. You are distracted. You are influenced by what you hear. You don't have the same thoughts you have as if you were alone.

Now imagine that every thing you said in that room had a 1% chance of being heard by someone else. Life changes. Suddenly you worry what you said. What you might say. You are a whole different person. You become a subdued version of yourself, limited in your creativity and oomph.

Internet living is about being in a room with 50 million people. We are not ourselves there. We have to be much more cautious about ourselves. We adapt to wherever we are. And ourselves multiply. We are a hundred different people, depending on where we find ourselves on the world web that day. I know that when I speak with friends on Slack, or write a note on Evernote or Google Docs, there is an ever-present 1% chance that what I am typing will one day be seen by someone else. And with this thought lingering in the back of my mind at all times, I do not write like I would write in a private journal. I write as if an audience were present. I pause between every few sentences to look both ways.

I write as if to say, "if this got out, how would it make me look? What would others think of me?" And in that way, my writing loses its most important part: me.

That's why I spent the time on encryption and privacy. I don't want the worry and the hassle of others watching me. I don't want to have to check my doors every night. I want to know I am safe to be me. And safe to have my best thoughts. To write without worry of perfection.

I just want to write like it's nobody's business.

Les Anonymous ont menacé le milliardaire Elon Musk de représailles suite à la publication de plusieurs messages du milliardaire sur les réseaux sociaux. Ils accusent le fondateur de Tesla de manipuler le marché des cryptomonnaies à son propre avantage.

Elon Musk est connu pour ses frasques sur les réseaux sociaux. Il s’était également présenté comme l’un des plus vifs supporters du Bitcoin et du marché des cryptomonnaies, avant de s’engager dans un drôle de jeu ces deux derniers mois. Le milliardaire a multiplié les trolls sur Twitter, laissant sous-entendre pendant quelques temps que Tesla avait revendu son stock de Bitcoin, avant de préciser que ce n’était pas le cas. Ses messages bipolaires ont fait plonger plusieurs fois le cours des cryptomonnaies. Son “breakup meme” de jeudi dernier a causé à lui seul une chute de 7% du cours du Bitcoin.

Paradoxalement, la SEC, l’agence qui contrôle les manipulations du marché, n’a pas réagi aux nombreux messages qui lui étaient adressés sur les réseaux sociaux. Les internautes étaient pourtant nombreux à dénoncer l’attitude du milliardaire. Mais l’agence n’a aucune autorité sur le marché des cryptomonnaies, la faute à un énorme vide juridique.

En réaction, le collectif de hackers a donc décidé de passer à l’action. Dans un communiqué, les Anonymous expliquent que l’attitude d’Elon Musk impacte les petits épargnants qui ont investi dans les cryptomonnaies. “A en juger par les nombreux commentaires sous ses propres messages, il semblerait que les petits jeux auxquels Elon Musk joue ont détruit beaucoup de vies” explique le collectif. “Des millions de petits épargnants ont investi dans les cryptomonnaies avec l’espoir que cela leur permette de changer de vie” poursuit le collectif – beaucoup ont revendu aujourd’hui tous leurs actifs avec des pertes parfois colossales, par crainte de perdre tous leurs investissements.

“Les personnes qui investissent dans les cryptomonnaies prennent des risques – tout le monde est au courant de la volatilité du secteur, mais vos tweets montrent un profond dédain vis-à-vis des petits épargnants et vous continuez à vos en moquer avec des memes” dénonce le collectif.

Sur Internet, les voix sont de plus en plus nombreuses à s’élever contre le milliardaire. Les raisons sont multiples. Beaucoup évoquent un conflit d’intérêt. Tesla a investi massivement dans le Bitcoin et les récentes chutes du cours impactent certes sa trésorerie mais lui permettraient également d’investir de nouveau massivement dans l’actif, alors que son cours s’était précédemment envolé. Le milliardaire a également encouragé ses fans à investir dans le Dogecoin, une cryptomonnaie sans aucune utilité qui a été même abandonnée par ses créateurs.

Dans leur communiqué, les Anonymous critiquent également le positionnement du milliardaire. “Il semblerait que votre quête pour sauver le monde soit davantage basée sur un complexe de supériorité qu’un réel intérêt pour l’humanisme. De nombreux de vos employés ont d’ailleurs dénoncé les conditions de travail intolérables que vous appliquez depuis des années.”

Si Elon Musk est parvenu à se forger un solide capital, son comportement bipolaire lui a déjà valu plusieurs démêlés avec la justice. Le milliardaire n’avait pas hésité à accuser un plongeur britannique qui était venu en aide à des enfants thaïlandais coincés dans une cave d’être un pédophile. Le milliardaire s’était défendu devant les tribunaux en expliquant qu’il était commun en Afrique du Sud, son pays natal, d’appeler quelqu’un “pedo guy”. Durant la pandémie, le milliardaire a également tout fait pour empêcher la fermeture de ses usines Tesla, alors devenues des foyers de contaminations, au mépris de la santé de ses employés. Les anciens employés du milliardaire sont également nombreux à critiquer son manque d’humanisme dans ses relations professionnelles.

Le milliardaire semble s’être fait de nouveaux ennemis. Les Anonymous promettent aujourd’hui une riposte. Il reste toutefois très difficile de prédire la finalité. Les Anonymous sont un mouvement décentralisé. Leurs actions ne sont donc pas coordonnées.

[embedded content]

Details of the police department’s drone program were included in an email sent last summer by Karen Conway, director of police research and development. In the email, Conway told other high-ranking police officials that the department’s counter-terrorism bureau “utilized 1505 funds for a pilot Drone program that operates within the parameters of current laws.”

The drones “have been purchased and the Electronic & Technical Support Unit (Counter-terrorism) is in the process of creating a training to start a pilot. Some of the Drone uses will be for missing persons, crime scene photos, and terrorist related issues,” Conway said in the June 12, 2020, email to former Deputy Supt. Barbara West and Michele Morris, the department’s risk manager.

The department’s “1505” fund is made up of forfeiture proceeds — money and other assets seized in connection to criminal investigations. The money isn’t included in the department’s official budget and has reportedly been used in the past to purchase other controversial technology, like Stingrays, which mimic cell towers and send out signals to trick phones into transmitting their locations and other information.

A state law that went into effect in July 2018 requires law enforcement agencies to report seizure and forfeiture information to the Illinois State Police.

Over the past two years, the department reported taking in seized or awarded assets valued at an estimated $25.9 million. That haul stems from investigations into alleged drug crimes and money laundering, but the reports don’t give the full scope of the department’s take because details about seized vehicles were redacted.

The reports state that roughly $7.7 million was spent over that period on operating expenses, witness protection, informant fees and controlled drug buys, as well as travel, meals, conferences, training and continuing education. The spending isn’t itemized, but the reports state that operating expenses can cover vehicles, guns and equipment, such as drones.

Conway’s message about the drone program was among a cache of hacked city emails that were leaked online last month by Distributed Denial of Secrets, a transparency nonprofit likened to WikiLeaks. Other emails show the Chicago Fire Department owns drones worth at least $23,000, though a spokesman clarified on Wednesday that it hasn’t yet earned permission to start a drone program.

Details of the police department’s drone program were included at the bottom of an email sent last summer by Karen Conway, director of police research and development.

Asked about the police department’s drone program, a spokesman said it “regularly investigates new technology and strategies.”

“The Department considers every tool available when it comes to maintaining public safety and actively searches for innovative opportunities,” spokesman Don Terry said in a statement without specifically mentioning drones.

“CPD has strict guidelines for all tools and programs to ensure individual privacy, civil rights, civil liberties and other interests are protected,” Terry added. “We also meet with community partners to make certain that all enforcement efforts meet the highest standards and have support among the individuals Chicago police officers are sworn to serve and protect.”

Terry and other spokespeople for the police department and the mayor’s office didn’t respond to specific questions about the emails. Kristen Cabanban, a spokeswoman for Chicago’s Law Department, issued a statement Friday saying city agencies wouldn’t answer questions about the contents of the hacked emails.

Ed Yohnka, spokesman for ACLU-Illinois, has concerns about the drone program.

Maudlyne Ihejirika/Sun-Times

ACLU raises alarms

Over the course of multiple emails about the drone programs, Susan Lee, the former deputy mayor of public safety, twice noted there were concerns over the expected response from privacy advocates. However, city employees included in the discussions never independently raised alarms over privacy issues.

Ed Yohnka, a spokesman for the American Civil Liberties Union of Illinois, told the Sun-Times the emails show the city “continues to pursue the invasive technologies without any public disclosure, oversight or publicly adopted privacy policies,” undercutting Terry’s claims.

“We should not be surprised. This behavior goes back more than two decades when Chicago first began to place surveillance cameras all across the city,” Yohnka said. “To this day, residents of the city have never seen a privacy policy for the use of those cameras.”

In 2018, the ACLU accused former Mayor Rahm Emanuel of being the heavy hand behind legislation in Springfield that would have allowed police officers to use drones equipped with facial recognition technology to monitor protests. Versions of the legislation passed both the state house and senate but a final bill was never signed into law.

“Given that the city not so long ago sought legislation to permit using drones to surveil public gatherings, including those engaged in First Amendment activity, it is worth questioning its motivations,” Yohnka said of the new revelation.

In a report issued in February lambasting the city’s response to the protests and unrest that broke out in the wake of the police killing of George Floyd last year, city Inspector General Joseph Ferguson noted that drones were likely flying overhead at some demonstrations.

On May 30, the day an early downtown protest devolved into chaos, Ferguson said CPD officials contacted the Illinois State Police “to request its deployment, and ISP made determinations about which resources to deploy, including crowd control teams, canine units, videographers, drones and SWAT teams.”

“By ISP’s accounting of their deployment in Chicago and their operating procedures, they used videographers and/or drone footage to capture records of potential uses of force and arrests,” Ferguson wrote. “However, a review of ISP’s force reporting obligations and compliance was out of the scope of this report.”

Use of drones in car chases discussed

Karen Conway, director of police research and development for the Chicago Police Department

LinkedIn

Conway’s comments about the police department’s drone program were included in an email discussing a new vehicle pursuit policy.

The memo also included other technology options the department was considering to apparently minimize the risk of engaging in chases: a device to shut down a fleeing vehicle’s engine and a system for remote tracking. The latter option, StarChase, is a mechanism that allows cops to shoot a GPS-equipped dart at a suspect’s car.

Last August, the police department issued revised directives on pursuits, but the general order bears no mention of the technologies.

An email sent on Aug. 16, 2019 by Tamika Puckett, the city’s former chief risk officer, presented drones as a potentially cheaper alternative to StarChase.

“StarChase might be too costly of an option for our needs. If so, then we should research the drone issue, especially the city ordinance and what changes need to be made to it in order to even consider this an option,” Puckett wrote to Morris and other staffers.

Chicago’s drone ordinance is highly restrictive, though law enforcement agencies operating in the city are afforded an exception to its prohibitions if their drone use complies with state law. That law allows police to use drones for a variety of purposes, namely countering terrorism, searching for missing persons, photographing crime scenes and even pursuing crime suspects.

While the conversations about drones apparently happened in fits and starts, the high-level correspondence stretched on for months. Many of the emails related to the city’s need to purchase drone insurance.

In an email chain on that topic dated March 5, 2020, Lee expressed her intention to hold a meeting “because all three public safety agencies want drones.” Although her email doesn’t name the agencies, later emails show the police and fire departments ultimately obtained drones. It’s unclear whether the Office of Emergency Management and Control also purchased drones.

Fire department owns multiple drones but program’s in limbo

Over the course of those emails, Keith Wilson, a former deputy district fire chief, reported on Sept. 22, 2020, that the department owned four drones worth $23,000. Two days earlier, Angela Weis, Lightfoot’s senior adviser on public safety policy and operations, told Lee that the fire department planned to use the drones for search and rescue operations.

The Chicago Fire Department Foundation, a nonprofit that supports firefighters and paramedics and their families, previously published a blog post last April reporting that Wintrust Financial had donated three drones to the department.

“For the CFD, the use of drones has the potential to make a large impact in how effectively the Department can mitigate fires, disasters or large-scale incidents, offering an aerial perspective and helping to identify areas of evacuation and most urgent needs for response,” according to the post. “Equally important is the utilization of images and videos post-incident to assist in fire investigations, critiques and training purposes.”

On October 5, 2020, Puckett ultimately told former Chicago Fire Commissioner Richard Ford II that “the city purchased drone property and liability insurance coverage for our drone programs citywide,” apparently closing the loop on a conversation that stretched nearly a year.

On Wednesday, Larry Langford, a spokesman for the fire department, confirmed it purchased an additional drone but is currently only using the donated drones for training purposes.

“We do not have permission yet to implement a drone program,” said Langford. “We have many members now certified to fly a commercial drone but we do not use them in regular operations until the actual program is blessed and in place.”

This year has seen an unprecedented shift to online and remote work, which clearly demonstrated the need for a cloud storage service that protects its users’ data. Proton Drive, our new storage service, uses end-to-end encryption to ensure no third parties (not even Proton) can access your personal files. 

Learn more about Proton Drive’s security 

How to share files in Proton Drive

You can share the files you have on Proton Drive with family, friends, and colleagues by creating a publicly shareable, secure URL in Proton Drive. To create a link, select the file you want to share and then click the link button in the toolbar.

This will bring up the Share with link options window.

By default, Proton Drive will generate a password that is included in the link. This way, anyone who clicks the link will be taken to a landing page where they can download the file. 

The file you shared remains encrypted until it reaches the device of the person who clicked the link.

Password-protected shareable links

If you share a sensitive file, you can choose to protect your shareable links with a password by simply checking the box Password protection.

The file-sharing process works the same, except whoever clicks one of these links is taken to a landing page where they must enter the password you set. Only then will they be able to download your file. 

To maintain security, we advise you share the password with your intended recipient via an end-to-end encrypted messaging service, like ProtonMail or Signal.

You can also disable any file-sharing link you have created at any time by selecting the file that has been shared and then clicking the Sharing option button in the toolbar. This will bring up the Share with link window. (You can also get to this window by right-clicking the file you shared and selecting Sharing option) To disable the link, click Stop sharing in the bottom corner.

Link sharing is currently enabled for individual files. However, if you need to share multiple files, you can create a ZIP folder and share that using a secure Proton Drive link. In the future, we will add the ability to share entire Proton Drive folders as well. 

File sharing is an important milestone for Proton Drive

End-to-end encrypted file sharing is an essential step for Proton Drive, and makes it much easier for you to share content with your friends and family and for teams to collaborate on projects. With this new file-sharing feature, you can share sensitive documents while keeping them securely encrypted with only a couple clicks.

Going forward, we plan to add Proton Drive apps for Android and iOS to make it even easier for you to securely access your files on your mobile devices. 

How to access Proton Drive

Many paid ProtonMail users have already received early access to the Proton Drive beta. These users include anyone with a:

Lifetime plan
Visionary plan
ProtonMail Plus and ProtonVPN Plus plan bundle on a one- or two-year billing cycle
ProtonMail Professional with a ProtonVPN Plus plan bundle

If you have one of these subscriptions, you can go to drive.protonmail.com and sign in using your ProtonMail login credentials.

Our mission is to build an internet that puts people first. If having an internet that promotes security, privacy, and freedom is important to you, consider signing up for one of our paid plans.

Tell us what you think of our file-sharing feature

Your feedback and comments on Proton Drive and its new file-sharing feature are invaluable. They help us improve Proton Drive so that we can make the secure cloud storage system you want. 

You can send us your comments and feedback on Proton Drive inside the web app during the beta. You can also email us at drive@protonmail.com.

To report issues, click Help > Report bug.

If you have any questions about this beta, please let us know.

Email is interoperable, meaning that Gmail accounts can communicate with Yahoo accounts which can communicate with ProtonMail accounts and so on. Unfortunately, that also means that if you email someone who uses an email service with poor privacy protections (like Gmail), your messages may be subject to its privacy policies, regardless of what email service you use.

All major email providers will give some level of protection against eavesdropping or tampering of their users’ emails, but most do not provide the maximum privacy and security available. We believe that everyone deserves email privacy and security, and that means ensuring that no one else has access to your emails.

What is end-to-end encrypted email?

When you send an email, your message is routed from server to server until it reaches your recipient’s inbox. All major email providers use TLS (Transport Layer Security), which provides an encrypted route for your email as it is sent between servers. This keeps your message private while it is in transit.

However, with TLS encryption, your emails are decrypted once they reach your email provider’s server rather than upon reaching your recipient’s device. This gives email providers that only use TLS access to all the messages stored on their servers.

By comparison, end-to-end encrypted email is inaccessible to anyone but the intended recipient, making it much more secure. End-to-end encrypted email is encrypted at the source (your device) and only decrypted once it reaches its endpoint (the recipient’s device).

As only the two ends of the conversation are able to access and read end-to-end encrypted email messages, your email provider, ISPs, and government bodies are unable to access the information enclosed.

However, end-to-end email encryption only works if both people are using the same E2EE email service, such as ProtonMail. If you email someone who uses an email service that only uses TLS (such as Gmail), your messages will be subject to its privacy policies and accessible by that email provider, even if you email them from a ProtonMail account.

To navigate these privacy issues, we use both end-to-end encryption and zero-access encryption to protect your emails. You can also use our ‘Encrypt for Outside’ function to send end-to-end encrypted messages to users who do not have an E2EE email service  —  these messages are password protected and expire after 28 days.

Why should email providers use end-to-end encryption?

Although TLS allows email services to securely transport your emails, there are considerable privacy and security risks involved if your emails are not end-to-end encrypted. Emails that are not sent using end-to-end encryption can be decrypted by the email provider.

Vulnerability to attack

As most email providers hold all of your messages on their servers, any hacker that is able to penetrate those servers will also have access to all of your information and the information of everyone else whose emails are stored on that server. 

The most recent and perhaps most serious breach of this kind is the Microsoft Exchange hack, though there is a long history of email server hacks, with victims including Yahoo, Sony, and even the NSA.

Data privacy

Email providers such as Google are known for gathering huge amounts of data on their users. Although Google stopped scanning emails for advertising purposes back in 2017, Gmail’s bots can still access your emails’ content for other purposes, such as applying labels to your emails and communicating with other Google apps. When users install ‘add-ons’ to their Gmail account, they are also sometimes unknowingly giving up their entire inbox to be read by third-party developers.

Perhaps more worryingly, data that is stored unencrypted on an email provider’s server can be seized during legal proceedings or investigations. Depending on the data protection laws that your home country has in place, there can be low thresholds to making these types of data requests. Once a data request is made, email providers often have no choice but to comply.

Essentially, whether by brute force or legal compliance, if your email provider does not store your emails with end-to-end encryption, you cannot control who can access your information.

Protect your privacy online

At ProtonMail, we’re creating trusted ways for people to stay in control of their information at all times. We believe that everyone deserves privacy online and that the internet should serve the interests of all people rather than selling your data to the highest bidder.

Online privacy is much more than encrypted email, but it’s a good place to start. You can sign up for a free secure ProtonMail account here. With a ProtonMail account, you can also send private emails to non-ProtonMail accounts using our Encrypt for Outside option. For further privacy online, we also have a free secure VPN that protects your internet browsing activity.

All of ProtonMail’s user data is stored exclusively in European countries with strong privacy protections, such as Switzerland. This means that unlike other email providers, ProtonMail does not fall under the jurisdiction of intrusive anti-privacy laws and cannot be coerced into working with the NSA.

End-to-end email encryption FAQ

How does end-to-end encrypted email work?

End-to-end email encryption (E2EE) works by using a set of keys to encrypt the email before it is sent and decrypt the message upon receipt. One key is a ‘public key’ that is used to encrypt emails that are sent to you, and the other key is a ‘private key’ that is only known to you (or your device).

The public key encrypts email messages in such a way that they are only able to be decrypted by the intended recipient, with the corresponding private key. As long as the private key is kept private, your emails remain secure.

For an in-depth guide to how E2EE works, you can read the ProtonMail guide to end-to-end encryption.

What is zero-access encryption?

When someone emails your ProtonMail account from an email provider that does not use end-to-end encryption, we will immediately encrypt that email upon receiving it using your public encryption key. Once it has been encrypted with your public key, you become the only person that is able to decrypt that email on our servers. This is called zero-access encryption, and it ensures that your information remains safe, even if the ProtonMail servers were somehow breached.

How can I use end-to-end encryption for my emails?

The simplest way to ensure the emails you send are end-to-end encrypted is to use ProtonMail, as we offer end-to-end encryption as standard, combined with zero-access encryption to keep your emails as private and secure as possible.

E2EE only works if those you are emailing are also using end-to-end encryption to protect their emails. If you use ProtonMail to send an email to an email account that does not use end-to-end email encryption, their email provider will be able to see those messages. So it’s best if both parties are using ProtonMail.

At ProtonMail, we have zero access to user data, so any emails you send using your ProtonMail account are inaccessible to us, and we are unable to hand over your data to any third parties. In addition, we use open source cryptographic libraries, which helps ensure that the encryption algorithms we use are vetted and do not have any known security vulnerabilities.

Can end-to-end encrypted emails be hacked?

While emails with end-to-end encryption are much more secure than emails that are sent via TLS, it cannot be said that any email is “unhackable”. The best way to protect your end-to-end encrypted emails is to ensure you use a strong, unique password for your ProtonMail account. 

If you repeat your password across services, it is possible that a security breach on one of those other services will result in your password being leaked. Using a strong and unique password for each of your accounts and devices means that even if one password is leaked, the rest of your accounts online remain secure. End-to-end email encryption works best when combined with other internet privacy protections such as using a VPN to protect your internet browsing activity and ensuring two-factor authentication is enabled whenever possible, in addition to using strong passwords.

Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit. Note that while blog comments also remain open, questions and feedback will not be responded to individually. Where relevant, we will incorporate the most frequently asked questions or comments into a blog update.

C’est un variant du virus informatique Ryuk qui a infecté le système informatique de Fraikin l’avant-veille du long week-end de l’Ascension. « Une attaque courante et ordinaire depuis 2020, année où les cyberattaques contre les entreprises françaises ont quintuplé, rapporte Benoît Baudier, DSI de Fraikin. Entré depuis internet par un PC, le virus a infecté notre réseau informatique et bloqué les accès aux fichiers systèmes, au répertoire client et aux données de gestion commerciale, de maintenance et d’exploitation de la flotte. Une rançon était réclamée en échange de la transmission d’un anti-virus. Ne voulant pas payer, nous avons été obligés de recourir à une gestion manuelle lourde pour éviter un arrêt de l’entreprise pour une réfection du système qui aurait provoqué une chute de nos activités commerciales », relate ce responsable.

L’accès aux applications mobiles étant bloqué, les données des conducteurs et des véhicules ont dû être récupérées manuellement.Sauvés par la sauvegarde

Informé par son hébergeur IBM et conseillé par son prestataire en cybersécurité, le loueur a réagi très vite. « En 24 heures, nous avons détecté le point d’entrée, isolé les serveurs infectés et identifié le virus, poursuit Benoît Baudier. Nous avons alors mis à jour les antivirus et utilisé la sauvegarde de la veille de l’attaque pour rétablir les opérations administratives de gestion de la flotte cliente, des conducteurs, des paies, ainsi que les opérations commerciales. Nous avons réussi à rétablir l’accès aux données des applications essentielles durant les trois jours du week-end, détaille ce DSI. Nous avons alors déployé le plan de continuité d’activité (PCA) que nous avions mis en place et les collaborateurs ont pris en charge la gestion manuelle de la maintenance de la flotte. Nous avons alerté la CNIL et l’Agence nationale des systèmes informatiques. Nous avons aussi prévenu nos sous-traitants et nos clients, avec qui nous travaillons en interaction, pour les rassurer ».

Conseil en cybersécurité et mobilisation du personnel

Dès le matin du lundi 17 mai, Fraikin avait éliminé le virus sans avoir payé la rançon et tout en n’ayant perdu qu’une journée de facturation. Cependant, le loueur poursuivait encore fin mai le rétablissement des activités non prioritaires laissées en suspens. Et il n’avait pas encore calculé le coût total de cette attaque qu’il transmettrait à son assureur. La crise passée, Benoît Baudier faisait le compte des actions entreprises. « D’avoir pu disposer d’un conseil externe en cybersécurité est une bonne pratique pour toute entreprise car cela nous a permis de limiter la perturbation à trois jours, constate-t-il. Et la mobilisation des collaborateurs du service informatique, de l’ensemble des salariés et du comex a été remarquable. Cela a renforcé la cohésion sociale et la solidarité au sein de l’entreprise. »

La rapidité d’intervention de la DSI de Fraikin et sa gestion de crise ont permis de relancer l’activité en trois jours.

PARTAGER SUR

Michel Grinand