WIPO UDRP Decision 2022-1524 explained

About this page

After the WIPO decision to censor the old debian.community web site, censors have sought to impede access to all the old web pages. Volunteers recall the days of cowards burning the books. From Wikipedia:

The books targeted for burning were those viewed as being subversive

Debian ringleaders and thought police have redirected all the old URLs to some nastiness attacking a single volunteer.

Debian ringleaders never paid the volunteer anything for decades of work he did. We found some of his first acts of authorship back in the 1990s.

The volunteer resigned from some roles at a time when he lost two family members.

Normal friends and colleagues provided sympathy and support. Debian ringleaders, like spoilt children who don't pay for anything, responded with hate and intolerance.

This page provides an important right of reply to the Debian vendetta culture and the false accusations regurgitated on the WIPO web site and elsewhere.

Genitalia or just a belly button? WIPO, female anatomy & Debian confused

The WIPO UDRP judgment makes a mysterious reference to alleged genitalia. They do not link to it or describe it in any detail but they appear to use it as a justification to completely censor thousands of articles and emails hosted on the old debian.community site. They do not explain the relevance to their censorship decision.

the evidence submitted by the Complainant shows that some posts present the DEBIAN mark together with information about a notorious sex cult, notorious sex offenders, and enslavement of women, and one post displays photographs of physical branding allegedly on victims’ genital skin

Here we looked up the background details from the US Dept of Justice and did some fact checking on the censored debian.community web site.

debian.community did not contain any claim that Debian is a sex cult, fully interchangeable with NXIVM in every way. The site was looking at the similarities in the psychology of these groups and their leaders.

NXIVM victims didn't simply walk into the cult and get branded on their first day. Rather, membership of the group crept on them. Likewise, Debian Developers who have become burnt out, been publicly humiliated, privately blackmailed or committed suicide didn't suffer some disaster on their first day. In reality, the problems crept up on these people too. In both NXIVM and Debian, the censored debian.community site examined the psychological tricks involving shame.

Well known public cases like NXIVM provide a useful reference point for such comparisons, even if we all agree the most extreme physical abuses of NXIVM have no parallel in Debian.

In the field of computer security, we are particularly concerned with the phenomena of social engineering which is all about gaining people's trust or gaining coercive control over them. In the study of social engineering, there are things to be learnt from every news story about a cult.

Debian vendettas typically revolve around significant dates in the calendar. For example, Chris Lamb and Molly de Blanc expelled Dr Norbert Preining on 17 December 2018 without due process. It was the anniversary of the Romanian dictator and his wife deciding to shoot their citizens without trial. Dr Richard Stallman was subject to a lynching, almost like a digital crucifixion, on the Easter weekend in 2021.

One of the more bizarre facts in the NXIVM case is that the FBI filed their arrest warrant for Keith Raniere on 14 February 2018, Valentines Day. There is nothing romantic about a sex cult, especially NXIVM. It is a bizarre coincidence, maybe nothing more, that both Debian and NXIVM phenomena coincide with so many notable dates.

The warrant is one of the first documents noting the use of a cage. The warrant goes on to examine tactics that involve ostracizing / excluding people and later befriending them so as to exploit them a second time.

In March 2018, US Dept of Justice reports began to appear about the NXIVM self-improvement group branding their victims in the pelvic areas.

In June 2018, US Dept of Justice reports described a victim being kept in a room for two years.

A virtual equivalent of this detention had been conducted in Debian, the enforced humiliation of a Debian Developer in Switzerland, Daniel Baumann. The Daniel Baumann experiment ran for four years from 2014 to 2018.

Due to the involvement of celebrity victims, women who are young, attractive, white and affluent, the case was widely discussed in the Internet communities and other cult-like groups.

Shortly after that, in September 2018, Debian Developer Enrico Zini directed Debian Developer Jonathan McDowell to put a malicious entry in the Debian keyring on the wedding anniversary of a well known Debian victim. It looks like a psychological nastiness (mafia-grade PsyOps) inspired by the genital branding controversy. We frequently see ringleaders insisting they have to "Enforce" the CoC (Code of Conduct). Here they are "Enforcing" the CoC on somebody's wedding anniversary. The closest digital equivalent to the NXIVM pelvic branding that anybody could think of.

Volunteers had been quick to make associations between the intrusive phenomena in NXIVM and Debian.

Here we have a video where Jonathan McDowell insists that entries in the keyring repository have to be permanent, kept in the history of the project forever, in the manner that a tattoo is permanent in the skin.

Female victims consented to release photographs of the branding to the media and they were widely published. Here are two links to news articles publishing the same pictures.

The Frank Report article goes on to compare it to the historical practice of branding numbers into Jews. In the case of the Jewish victims, there was no sexual element to the branding. NXIVM used the pelvic areas, Hitler used the victims' arms. The common theme is the invasive demands for power over all aspects of a victim's life. This is not a discussion about genitalia at all.

Here is an example of the branding in the Debian Salsa Git repository for the Debian keyring:

commit bd8346472644ec07c028a2b4b295b0151cb6544e
Author: Jonathan McDowell <noodles@earth.li>
Date:   Sat Sep 22 17:18:16 2018 +0100

    Add new DM key 0x6C6580E77BD756C4 ([REDACTED]) (RT #7485)
    
    Action: add
    Subject: [REDACTED]
    Username: [REDACTED]
    Role: DM
    Key: F50FF72AADF5C01BF0FCE5636C6580E77BD756C4
    Key-type: 4096R
    RT-Ticket: 7485
    Request-signed-by: enrico
    Notes: Move from DD keyring

The commit ID bd8346472644ec07c028a2b4b295b0151cb6544e has similar connotations to other forms of branding discussed above. This takes on more significance in the eyes of software developers.

We can look back into the 1990s to see the history of the Debian keyring. Ian Jackson explains that the purpose of these keys was simply to identify the person who uploads a specific package.

In the nasty messages that Enrico Zini sent to volunteers during 2018, he even writes quite explicitly that he is not making these modifications to the keyring due to any issues of competence or integrity:

All packages in which you are currently listed as maintainer or uploader will be added to your Debian Maintainer whitelist as soon as possible.

If there was a question of competence or integrity of the victim, Zini would not put their key on any of the keyrings and would not contemplate ever putting them back again.

Another close similarity to the NXIVM operations is the secrecy, in the same email Zini writes:

We are sending this email privately, leaving its disclosure as your decision (although traces in public databases are unavoidable).

Zini's words are a veiled threat: don't question our authority or you will be publicly humiliated. Therefore, the original purpose of the Debian keyring has been forgotten, this was all about a little mafiosi exercising power over the victims.

The warrant for Keith Raniere also mentions the efforts that he made to keep his volunteers from talking about their humiliations:

7. Nxivm operates largely in secrecy. Nxians were often required to sign non-disclosure agreements and to make promises not to reveal certain things about Nxivm's teachings.

Zini and the victim (Dr Preining) both have a shared knowledge of Dr Preining's punishment. The fear that this status will be disclosed to others keeps the punishee in a state of fear.

FBI: The master then told the prospective slave that, in order to learn more, she had to provide "collateral," which was meant to ensure that the prospective slave would keep what she was about to learn a secret. Collateral consisted of material or information that the prospective slave would not want revealed because it would be ruinous to the prospective slave herself and/or someone close to her.

Debian victims were never asked to provide naked photos of themselves. However, the FBI warrant also notes that victims were asked to provide other types of collateral similar to the content in debian-private:

FBI: Collateral provided by prospective slaves included ...; and letters making damaging accusations (true or untrue) against friends and family members

The amateur hour Code of Conduct verdicts in open source communities and the embarassing stuff on debian-private (leaked) are remarkably similar to the letters NXIVM used as collateral. The huge discussions about Dr Jacob Appelbaum were exposed as an example of falsified rape accusations. People were tricked into writing bad things about Dr Appelbaum. Some of those people came to regret the things they wrote in the heat of the moment.

Debian has not engaged in all the horrors of NXIVM or Scientology. Nonetheless, they have cherry-picked a subset of those tactics. Where the tactics overlap, the comparison is entirely valid.

Some of the NXIVM branding photos, which were already public, had been circulated in Debian circles. Some of those photos, which were already public and widely distributed in popular media web sites, eventually appeared in the old debian.community site.

As noted in the US Dept of Justice report, the photos depict the "pelvic area" which is not actual genitalia anyway.

Most people who looked at the photos felt they are pictures of the victims' thigh or abdomen.

In one of the photos, the victim shows us the branding by lowering her belt a couple of centimeters. She doesn't actually remove her pants. Her underwear is not removed, it is not even visible. The branding is in an area below the belly button.

The other concerning similarity to NXIVM is the cage / dungeon mentality. At the FOSDEM conference at Université Libre de Bruxelles (ULB) in 2019, Molly de Blanc, President of the Open Source Initiative (OSI), who is not a developer or engineer, she is just somebody's girlfriend, described how she would like to put the real developers in cages. She didn't just say it in passing, she created a slide with a picture of a cat behind bars. This was pre-meditated nastiness.

The Debian victim mentioned in this article had cats and had displayed pictures of them on his blog. It was very clear to insiders that this incredibly nasty woman was using the cat behind bars metaphor to attack that specific male developer.

There is a link to the full video and a screenshot of the cage image from the OSI President's talk:

Molly: Is there a single right way to enforce a code of conduct
Molly de Blanc, OSI President, cage, dungeon, Debian, FOSDEM, ULB

The NXIVM trial started shortly after the OSI president used this horrible slide in a public forum. NXIVM victims gave evidence about being confined to a cage or dungeon. Once again, the cages in the talk at FOSDEM / ULB and the NXIVM cage are so similar, both being close to identical, that the comparison is relevant.

On 11 August 2019, the OSI president was invited to give a keynote talk at FrOSCon 2019 in Germany. In the talk, she displays a hand-drawn diagram of three users pushing a developer.

OSI president: Well we can use our collective power to push others

In a professional environment, if we want others to follow us, we either pay them or we try to demonstrate excellent leadership. Pushing is just what it looks like: bullying, it is a crime.

Words about pushing have appeared frequently around NXIVM, even though the goals were different.

Weeks before the OSI president's FrOSCon talk, Rolling Stone published testimonials from a NXIVM volunteer, including the following quote attributed to Allison Mack:

All she knew was what Mack told her in a follow-up meeting at New York City’s Ace Hotel: that she was being invited to join an "intense, growing empowerment group where women were pushing each other to be stronger, physically, mentally, intellectually, so that they could live the kind of life that they wanted to."

On 11 November 2020, Business Insider published a review of Seduced, a docuseries about NXIVM. They include the following about pushing:

"Keith told me sending these (nude) pictures was a practice in pushing myself out of my comfort zone," Oxenberg said, adding that this went on for a year.

Looking at the whois records, we find that the debian.community domain name was only registered in October 2019, long after all those toxic interactions had become well established in the Debian community itself. The debian.community web site did not endorse or promote this toxic behavior, it only served to document it to help future victims.

    Name: debian.community

    ...

    Registry Expiration: 2032-10-23 22:35:54 UTC
    Updated: 2023-07-17 15:50:24 UTC
    Created: 2019-10-23 22:35:54 UTC

    ...

In March 2020, immediately before the Debian elections, the outgoing Debian leader Sam Hartman transmitted a rambling email about banning / excluding / ostracizing people who he can't work with. The notion of totally ostracizing somebody is reminiscent of the cult tactics described in the Keith Raniere arrest warrant.

Of significant note, open source software products like Debian and Fedora are ultimately regulated by the law of copyright. The Debian Project Leader has no special standing under copyright law. Every volunteer has an equal right as a joint author. No co-author can extinguish the rights of any other co-author. Sam Hartman's ramblings were just another example of cyberbullying and gaslighting.

It is inevitable that such comparisons will tarnish the trademark. Nonetheless, when we consider the psychological damage done by bullies who want to cage up their volunteers, many people feel that tarnishing is the lesser evil and protecting the public should take precedence over trademark law.

For those who do wish to look for genitalia, we are sorry to disappoint you. Nonetheless, looking at the official music videos for leading pop artists, we find many real examples of genitalia. Here are some of the more well known examples that are frequently displayed in public places:

Elton John, Dua Lipa, Cold Heart, censored

The latter has 499 million views. Quick, lets ban it before it reaches 500 million.

Will Debian and the WIPO lawyers start a war against Ava Max, Elton John and Dua Lipa? We doubt it. They prefer to pick on volunteers.

Our conclusion? The WIPO lawyers are unable to recognize essential elements of female anatomy. Or maybe they were simply rushed or bribed into an error that demonizes a web site created by volunteers.

debian.community never asked for money

A bad faith verdict is typically associated with situations where money or some other resource is diverted to the wrong person.

At no point does the judgment give any example of financial losses.

The debian.community web site was shut down for political reasons, not financial reasons.

debian.community never distributed substitute products

Another common pattern in bad faith verdicts is the distribution of inferior products or substitute products. For example, if a consumer is looking for information about Debian and a web site that looks like Debian is distributing Microsoft Windows, that would be a case of bad faith.

debian.community never tried to hide its real purpose

The censored web site never tried to portray itself as an official Debian publication. It never tried to disguise itself as a technical manual with subliminal messages hidden between the lines. It was always clear that this was a political web site.

Therefore, there was no bad faith.

Who created the debian.community web site?

The censored debian.community web site contained a melange of text and photographs taken from many different volunteers, including their comments on the super secret debian-private (leaked) gossip network. Some content appears to be generated by artificial intelligence (AI).

Simply looking at the vast amount of content that has appeared on those web sites, it is absurd to suggest they were all created by one person.

Doesn't censorship of a political web site violate the First Amendment of the US Constitution?

WIPO is based in Geneva, Switzerland. There are a number of countries in continental Europe, including Switzerland, who have enacted criminal speech / thought control laws reminiscent of the Schriftleitergesatz in 1930s Germany.

Doesn't the Debian Social Contract promise freedom and transparency?

Yes.

The original Debian people really believed in those values.

Today, some new kids on the block have the trademark but they don't have the integrity.

I don't consent to this censorship, how can I read the real web sites?

Numerous other web sites have appeared with more evidence about the problems that Debian is hiding.

Can people still register domain names containing the word Debian?

The debian.community authors argued that any real author of Debian has a right to use the name. This is referred to as legitimate interest in the UDRP and it is similar to the fair use doctrine.

A similar case that everybody knows about is the scientologie.org UDRP verdict. In this case, the domain was owned by a German who had a copyright interest in the Scientologie book.

The debian.community judgment suggests that the debian.community web site would have been protected by the legitimate interest clause if it promoted the copyrighted works that debian.community authors contributed to Debian.

Therefore, we can combine the feedback from the scientologie.org and debian.community verdicts to see there is hope for independent developers:

If a web site ticks both of those boxes then it is legitimate interest.

Can alternative Debian web sites ask for money without being accused of bad faith?

Legitimate interest web sites can use the trademark to ask for money but they need to make it clear who is receiving the money. They can not ask people to donate money "to Debian" but they can ask people to give money to a specific developer and for a specific cause.

For example, if a web site gives the coordinates of a Paypal account where the recipient's full name is included in the Paypal ID then there can be no confusion and it is not bad faith.

On a side note, creating Paypal accounts with Debian in the email address is a bad idea. Paypal is likely to shut down accounts that infringe trademarks far more quickly than any WIPO censorship process.

What is the thing that made Debian people go nuts?

They don't want you to know that Frans Pop, a developer of the installer, chose to commit suicide on the Debian Day anniversary. This is the Debian.Day Volunteer Suicide.

Ava Max, Every Time I Cry, Music Video, nipples, censored