Daily links from Cory Doctorow (original) (raw)


A break-glass-style fire-alarm box; it has been altered to read OVERRIDE: BREAK GLASS, and the space behind the words has been filled with a Matrix waterfall effect.

This week on my podcast, I read my recent Medium column, "When Automation Becomes Enforcement," about the debate of interoperability and end-to-end encryption in the EU's Digital Markets Act, and how that relates to the long-running battle over who's in charge: you, or your computer?

https://pluralistic.net/2022/04/03/when-automation-becomes-enforcement/

When I first encountered the idea of disappearing messages, I thought they were stupid, but I was wrong. I thought that the point of disappearing messages was to let you send secrets to someone you didn't trust, because the message would disappear and thus be safe.

Obviously, this is stupid. If you send a secret to someone you don't trust, that untrustworthy person can take a screenshot, or use another device to photograph their screen. Or, you know, they can just remember the secret and blab it. Technology can't make untrustworthy people trustworthy.

But then I had the other use-case for disappearing messages explained to me: not enforcing agreements about data-handling, but rather, automating them. You and I might trust each other not to blab our mutual secrets, but we might also agree that the best way to keep those secrets from leaking is to delete the record of our conversation.

We understand that we're both fallible. We know that even with the best of intentions, we might forget to delete our chat logs, and that exposes them to being leaked, or coerced from us. A disappearing messages tool hands "remembering to delete files on a regular basis" – something humans are bad at doing – to a computer, which is very good at this.

The reason I assumed that disappearing messages were designed for the stupid fantasy of trusting untrustworthy people is that there's a long history of this. Microsoft tried (unsuccessfully) to snuff out rivals to Microsoft Office in the mid-2000s with a product called "Information Rights Management" (IRM).

IRM was DRM for Office files, whose pitch was that you could send a Word doc or an Excel sheet to someone you didn't trust, and IRM would stop them from leaking or printing or forwarding those docs.

IRM could be defeated by all the same measures as disappearing messages, but Microsoft claimed it could mitigate these with Trusted Computing – which would prevent you from installing non-Microsoft operating systems and software on your computer.

Microsoft used the unreliability of IRM to insist that all our computers be designed to disobey us, and take orders from Microsoft instead. If Microsoft said you couldn't install an OS, or an app, or take a screenshot, your computer would listen to Microsoft – not you. In the process, Microsoft would become tech's gatekeeper, with the power to approve or deny all new services and products.

Since then, this idea has spread to other companies, especially (and ironically), Apple – the company whose interoperable Office programs (Pages, Numbers, Keynote) Microsoft wanted to extinguish with IRM and Trusted Computing.

https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

Today, Apple is one of the Big Tech companies targeted by the EU's Digital Markets Act (DMA), which will require the largest tech companies to connect their messenging platforms to small companies systems on request.

This has the potential to do great good – and also great harm. On the positive side, forcing interop on tech giants will allow users who stick with them to leave for better rivals, without having to abandon their connections to customers, community and family. That will create space for co-ops, nonprofits and startups with better privacy policies and firmer commitments to user rights (for example, companies that, unlike Apple, would exit the Chinese market rather than allowing the Chinese state to backdoor its encryption).

On the negative side, the additional complexity of interop could lead to errors in the end-to-end encryption (E2EE) of instant message systems, which could expose users to terrible risks that the digital rights community has warned us about for 30+ years.

The DMA does include language requiring that interop embrace and uphold E2EE, but it also sets deadlines for the integration of interop with E2EE, and it's entirely conceivable that these deadlines will arrive before a satisfactory, secure technical solution is in place. That has digital rights activists (including me) worried.

But within the debate over DMA and E2EE is a latent, unarticulated disagreement about measures like disappearing messages – ambiguous security measures that some users treat as agreement automation tools and others as enforcement tools. If disappearing messages are enforcement tools, then interop is in big trouble – because that enforcement requires that every chat client treat its owner as an attacker, and override their judgment when senders demand it.

That's antithetical to the mission of DMA: to allow users to decide how their devices operate. I want there to be disappearing messages with "override" buttons – that would let you decide to retain your boss's harassing messages, say, so you could show them to your lawyer.

For many years, disappearing message vendors were able to avoid speaking clearly about their products' use-case, benefiting from the enforcement/automation ambiguity. Some users naively assumed they were getting enforcement, while others understood that automation was all they could hope for.

Now, though, interop is forcing the question – and that's a good thing. The users who thought they were getting enforcement from disappearing messages were living in a fool's paradise, after all!

We definitely need to ensure that the DMA doesn't weaken E2EE – but that doesn't have anything to do with ensuring that the DMA turns disappearing messages into an enforcement tool. Not only is that impossible – merely attempting it will give more market-structuring power to monopolists.

Here's a link to the podcast episode:

https://craphound.com/news/2022/04/10/when-automation-becomes-enforcement/

And here's a direct link to the MP3 (hosting courtesy of the Internet Archive; they'll host your stuff for free, forever):

https://archive.org/download/Cory_Doctorow_Podcast_422/Cory_Doctorow_Podcast_422_-_When_Automation_Becomes_Enforcement.mp3

And here's the RSS for my podcast:

https://feeds.feedburner.com/doctorow_podcast


An English language dictionary, open to the entry for 'dictionary,' which is obscured by a burned area, in the center of which is the glowing, menacing red eye of HAL9000 from '2001: A Space Odyssey.'

Writing for the Washington Post, Taylor Lorenz documents the phenomenon of algospeak: an emergent lexicon of euphemisms deployed by social media users to avoid blocking or downranking from the algorithms that govern the biggest platforms:

https://www.washingtonpost.com/technology/2022/04/08/algospeak-tiktok-le-dollar-bean/

The first social media – blogs – were built on the idea of "user-pull" (users would decide which creators to follow) and "reverse chrono" (users received the most recent posts first). The growth of Big Tech depending on killing both of these: today, social media primarily treats your subscriptions as just one input to a recommendation algorithm that decides what you do (and don't) see.

At the same time, the centralization of social media created and corralled vast audiences, often through underhanded tactics – for example, Mark Zuckerberg explicitly told his CFO that they should acquire Instagram because users were defecting from Facebook to IG:

https://arstechnica.com/tech-policy/2020/07/zuck-email-instagram-deal-could-neutralize-a-potential-competitor/

The platforms have systematically starved, enclosed, captured or killed the toolchain that would allow audiences and publishers to connect with one another, creating a kind of chokepoint capitalism, where everyone who has something to say has to pass through a gateway operated by a tech giant:

https://pluralistic.net/2021/10/10/dead-letters/

This has turned communicators of all kinds – from fashion influencers to public health specialists – into Kremlinologists who obsessively analyze the behavior of social media algorithms in the hopes of learning how to please them and (more importantly) how to avoid their punishments.

Hence algospeak. Social media users have learned the hard way that using the word "dead" can doom their speech to obscurity, so they opt for the (literally) Orwellian "unalive." "Sexual assault" becomes "SA" and "vibrator" becomes "spicy eggplant."

As Lorenz notes, this is most prominent on Tiktok, because Tiktok – more than any other platform – ignores the relationship between its users when deciding what to display to them. Even if millions of users follow a Tiktoker, that is no guarantee that any of them will see new posts from them. The Tiktok algorithm – not the preferences of its users – determines that.

After Facebook paid a Republican dirty-tricks company to stoke fear of Tiktok by associating it with the Chinese military, Tiktok found itself under increased scrutiny, and began to block pandemic-related content in a bid to stave off covid disinformation scandals:

https://www.washingtonpost.com/technology/2022/03/30/facebook-tiktok-targeted-victory/

That led to the company downranking videos that mentioned the pandemic in any way – a bizarre circumstance when the pandemic and its consequences were the most salient facts in the lives of every human being on Earth! Naturally, Tiktokers found a way to keep discussing the pandemic: they started calling it the "Backstreet Boys reunion tour" or the "panini."

https://twitter.com/_alialkhatib/status/1472251336661995521

The moral panic around social media – as well as the growth of toxic communities – has made the platforms risk-adverse, and they've explicitly chosen to silence positive and important speech in order to avoid the possibility of a scandal. Suicide prevention content has to use "becoming unalive" as a euphemism to avoid being disappeared by Tiktok's algorithm.

As awful as all this is, the workarounds themselves are often delightful and clever, testaments to the wit and grace of marginalized communities. For example, sex-workers call themselves "accountants." Homophobia is called "cornucopia" and "LGBTQ" becomes "Leg Booty."

This creativity isn't limited to people I admire or agree with: anti-vaxers have a whole lexicon of word-substitutions, like "dance party" and "dinner party" (vaccinated people are called "swimmers").

Algospeak also goes beyond casual discussion and distorts public health messaging, where "nipples" become "nip-nops."

As Lorenz notes, Algospeak is the latest iteration in a long battle between language filters and internet users, stretching all the way back to AOL chat rooms where users adopted spellings like "phuc" to get around profanity filters. Of course, "Phuc" is also a common Vietnamese name, and that wasn't the only dolphin AOL caught in its tuna-nets.

Today, Algospeak is fighting the same battles. If you are talking about making a snack, you'd best use "saltine" and not "cracker" – because the latter term is downranked by filters looking for racial animus.

Of course, these substitutions are harder to juggle when you're actually discussing race. Lorenz cites the work of UCLA law lecturer Angel Diaz, who studies the difficulties in crafting videos that talk about "white people" and "racism."

As @__femb0t has observed, trying to avoid the algorithm by changing up your language has parallels to the Fremen of Dune, who alter their gait to avoid the attention of sandworms:

https://twitter.com/__femb0t/status/1465179789648662530

The creative linguistic backflips that ensue feel like the they'll provide endless fodder for future doctoral dissertations in etymology. Take "led-dollar-bean," a euphemism for lesbian derived from the way that text-to-speech engines pronounce "le$bian."

Though Lorenz devotes most of her investigation to Tiktok, she also explores the linguistic travails of Instagram, arguably the second-most algorithmically distorted social platform in the Global North. She points to "Zuck Got Me For," a graveyard for content that was nonsensically downranked by Instagram's filters:

https://zuckgotmefor.wixsite.com/zuck

Given how many people rely on platforms to make their livings, the rise of Algospeak is also a labor issue: the workers who produce the content that drives the platforms' revenues can only earn a living if they color within the algoorithm's lines. But since the platforms practice security through obscurity, they refuse to disclose where those lines are – creating a workplace filled with invisible triplines that can cost you your rent money. That's why the Online Creators Association's demands include "moderation transparency."

https://www.officialtoca.com/goals

This is where the labor issues of new media dovetail with those of warehouse workers and delivery drivers. Amazon's planned worker chat app, "Shout Outs," bans a long list of worker-friendly words, including "union," "harassment," "grievance," and "injustice."

https://pluralistic.net/2022/04/05/doubleplusrelentless/#quackspeak

(Image: Cryteria, CC BY 3.0, modified)



#20yrsago Why CD sales are REALLY in decline https://web.archive.org/web/20020505034821/https://scriban.com/movabletype/2002_04_11.html

#15yrsago Bikes Against Bush arrest was part of counter-RNC protestor “intelligence” op https://www.wired.com/2007/04/nypd-intelligence-op-targets-dot-matrix-graffiti-bike/

#15yrsago Battle of Seattle WTO protestors win $1 million settlementhttps://web.archive.org/web/20070527105733/http://www.publicjustice.net/pr/wto040207.htm

#15yrsago French government creates DRM czar https://web.archive.org/web/20070622100002/http://french-law.net/index.php?option=com_content&task=view&id=37&Itemid=1

#15yrsago Belarusian bloggers free political prisoner https://web.archive.org/web/20070416165213/blogs.tol.org/belarus/2007/04/11/online-activists-help-to-free-political-prisoner-in-belarus/

#10yrsago 15th century Flemish portraits recreated in airplane lavs using toilet tissue, seat-covers and paper towels http://www.ninakatchadourian.com/photography/sa-flemish.php

#10yrsago Tony Blair channels Ronald Reagan, “doesn’t remember” sending dissidents to Libya for torture https://www.theguardian.com/politics/2012/apr/11/tony-blair-libyan-dissident-rendition

#10yrsago Microsoft buys Netscape (sort of) https://www.slashgear.com/microsoft-quietly-buys-netscape-browser-technology-09222093

#10yrsago Jargon-watch: "Forever-day bugs" https://arstechnica.com/information-technology/2012/04/rise-of-ics-forever-day-vulnerabiliities-threaten-critical-infrastructure/

#5yrsago Dallas’s 156 tornado sirens hacked and repeatedly set off in the middle of Saturday night https://arstechnica.com/information-technology/2017/04/hackers-set-off-dallas-156-emergency-sirens-over-a-dozen-times/

#5yrsago Portuguese proposal to legalize breaking DRM passes Parliament https://torrentfreak.com/portugal-passes-bill-to-restrict-use-of-drm-grant-circumvention-right-170410/

#5yrsago The Financial Times: Uber is doomed https://www.ft.com/content/478ed09c-5506-3f53-aaff-58ba2f9705fe

#5yrsago More on the desperate farmers jailbreaking their tractors’ DRM to bring in the harvesthttps://www.npr.org/sections/alltechconsidered/2017/04/09/523024776/farmers-look-for-ways-to-circumvent-tractor-software-locks

#5yrsago Even by the standards of tax-havens, Gibraltar is pretty sketchy https://www.theguardian.com/commentisfree/2017/apr/08/defend-gibraltar-condemn-it-as-dodgy-tax-haven

#5yrsago Wells Fargo board to force fraud-implicated former execs to repay $75m in bonuses https://money.cnn.com/2017/04/10/investing/wells-fargo-board-investigation-fake-accounts/index.html

#5yrsago 70,000 march in Budapest to protest legislative attack on Central European University https://www.reuters.com/article/us-hungary-soros-protest-idUSKBN17B0RM

#5yrsago MEP to Commission: World Wide Web Consortium’s DRM is a danger to Europeans https://felixreda.eu/2017/04/open-letter-to-the-european-commission-on-encrypted-media-extensions

#5yrsago Betsy DeVos ends ban on crooked loan-collectors in the student debt biz https://www.consumerreports.org/consumerist/education-secretary-devos-withdraws-protections-for-student-loan-borrowers/

#5yrsago Facebook use is a predictor of depression https://hbr.org/2017/04/a-new-more-rigorous-study-confirms-the-more-you-use-facebook-the-worse-you-feel

#5yrsago Cyber-arms dealers offer to sell surveillance weapons to undercover Al Jazeera reporters posing as reps of South Sudan and Iran https://www.aljazeera.com/news/2017/4/10/exclusive-spyware-firms-in-breach-of-global-sanctions

#5yrsago Neo-fascist presidential candidate Marine Le Pen says France was not complicit in rounding up Jews https://www.nytimes.com/2017/04/10/world/europe/france-marine-le-pen-jews-national-front.html

#5yrsago Kentucky coal museum installs solar panels because conventional energy is too expensive https://arstechnica.com/information-technology/2017/04/kentucky-coal-museum-is-installing-solar-panels-on-its-roof/

#1yrago Google's short-lived data-advantage https://pluralistic.net/2021/04/11/halflife/#minatory-legend

#1yrago Youtube blocks advertisers from targeting "Black Lives Matter" https://pluralistic.net/2021/04/10/brand-safety-rupture/#brand-safety


Currently writing:

Currently reading: Analogia by George Dyson.

Latest podcast: When Automation Becomes Enforcement

Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "Big Tech Isn’t Stealing News Publishers’ Content: It’s Stealing Their Money https://pluralistic.net/2022/04/10/big-tech-isnt-stealing-news-publishers-content/)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla