So, we decided to change the web site (this is actually an underground and near-invisible activity, I have to admit) to remove Google Analytics and start using a solution fuly integrated into the web site itself (with possibly private data being stored exclusively in France). Now, we use the Matomo open-source solution.

In the coming weeks, the web pages mentionning the use of Google Analytics will also be manually updated to reflect this change.

There should be no impact on your daily navigation here. But, feel free to inform us if you observe some incident possibly related to this change.

It appears that a hacker introduced itself into our web site through an insecure WordPress plugin. The security defect has been corrected relatively quickly, but it left a wide open gap during a few days. The hacker was able to

1. create several privileged access points into the web site (administrator accounts).
2. modify posts and pages to add a script susceptible to bring a malware infection (that I could not more precisely identify).
3. modify the web site to point back to another infected web site.
4. modify the web site to create himself an additional backdoor entry point.

this most probably happened during the Friday November 9th night (or very early on Saturday November 10th). It hit four of my web sites in a row (on four other sites I caught the infection before it could become extensive or dangerous for the users/visitors).

The corrections I implemented allow me to assure that the incident is now (Sunday November 11th at noon) closed for all four infected web sites.

The consequences for you, the visitors:

1. it is possible (though quite unprobable) that some personal data have been taken, but it was not a clear objective of the hacker.
2. all users with an account on the web site have been informed, their passwords force-modified to a safer value (it appears nobody had really fragile or re-used password – my advice: never re-use one web site password on another web site).
3. during a few tens of hours, Roumazeilles.net was used to propagate one or more malwares to visitors of our pages and posts. My advice: Immediately check your computer with a good anti-virus.

I hope (and I believe) that this is all.

Technical details on this specific attack (we were not alone in the list of victimized web sites).

1. The site to be rebuilt in a matter of hours.
2. Passwords to be changed.
3. Several hours lost for nothing.

There wasn’t much to steal (the users are not very many). But it is impossible to know with certainty if hackers did not leave with a copy of the emails and associated user names. If you want to know what kind of data may have been revealed, you may check it on personal data summary page.

Apparently, the hacker(s) was (were) more interested in switching the user traffic toward a malware-loaded web site in a foreign country (probably hacked too) under the name of a little blue pony. If you remember being directed there, take time to check your computer with a good anti-virus software.

Feel free to contact me if you have questions.

1. A Privacy Policy.
2. When you submit a comment on the site, it is now explicit (through a checkbox) that you understand that this will imply our storing of some of your personal data, and that you consent to it.(« explicit » and « positive » consent).
3. Creation of a Data Protection Officer (that’s me!) in charge of answering questions and requests of modificaiton and removal of your personal data if you ultimately want to revoke your consent.

the objective is to make more explicit and fully compliant, the choices that we already made to respect our visitors, and their privacy. Like we do since the beginning.

Just a short notice. I discovered a very simple and relatively powerful Internet privacy solution, Ultrasurf, for those of us who may be interested in browsing the Internet in near complete anonymity: hide IP addresses and locations, clean browsing history, cookies & more …

It may be the future of Internet privacy.

I have been looking quickly at some of the possible solutions to protect your privacy while exchanging files over the Internet. I found the following ideas:

• Omemo is a recent Spanish development. I tried it and it is very obvious that the program is still in beta. Essentially, I was unable to download a file if it was not very small in size or to upload any. Let’s wait until it works.
• GigaTribe seems a good solution if you are willing to pay for the Premium package. It builds a closed network with your friends, but the standard (free) software is not able to grab files from multiple computers at the same time. So performance is very limited for the free version. GigaTribe3 is said to correct a number of issues some time later in 2008.
• Freenet is rather difficult to use at first, but if you run Thaw, one of the applications provided at installation, you will get a large choice of file downloads and performance while limited is not ridiculous: A few days for 2GB of video, it could be much worse. However, some may be troubled by the kind of data found there: While the common P2P data can be observed, you will also find conspiracy-related information and a quite significant load of pornography and child pornography (normally not found on the more open Internet).

I don’t know where the future of P2P lies, but it is certainly around some of these darknets (networks that are protected from external Peeping Toms). Freenet is supposed to be the best and most secured one, even if it is not perfect (it seems clear that some powerful agencies have setup some Freenet nodes in order to be able to spy the traffic).