Daily links from Cory Doctorow (original) (raw)


A painting depicting the Roman sacking of Jerusalem. The Roman leader's head has been replaced with Mark Zuckerberg's head. The wall has Apple's 'Think Different' wordmark and an Ios 'low battery' icon.

When George Hayward was working as a Facebook data-scientist, his bosses ordered him to run a "negative test," updating Facebook Messenger to deliberately drain users' batteries, in order to determine how power-hungry various parts of the apps were. Hayward refused, and Facebook fired him, and he sued:

https://nypost.com/2023/01/28/facebook-fires-worker-who-refused-to-do-negative-testing-awsuit/

Hayward balked because he knew that among the 1.3 billion people who use Messenger, some would be placed in harm's way if Facebook deliberately drained their batteries – physically stranded, unable to communicate with loved ones experiencing emergencies, or locked out of their identification, payment method, and all the other functions filled by mobile phones.

As Hayward told Kathianne Boniello at the New York Post, "Any data scientist worth his or her salt will know, 'Don’t hurt people…' I refused to do this test. It turns out if you tell your boss, 'No, that’s illegal,' it doesn’t go over very well."

Negative testing is standard practice at Facebook, and Hayward was given a document called "How to run thoughtful negative tests" regarding which he said, "I have never seen a more horrible document in my career."

We don't know much else, because Hayward's employment contract included a non-negotiable binding arbitration waiver, which means that he surrendered his right to seek legal redress from his former employer. Instead, his claim will be heard by an arbitrator – that is, a fake corporate judge who is paid by Facebook to decide if Facebook was wrong. Even if he finds in Hayward's favor – something that arbitrators do far less frequently than real judges do – the judgment, and all the information that led up to it, will be confidential, meaning we won't get to find out more:

https://pluralistic.net/2022/06/12/hot-coffee/#mcgeico

One significant element of this story is that the malicious code was inserted into Facebook's app. Apps, we're told, are more secure than real software. Under the "curated computing" model, you forfeit your right to decide what programs run on your devices, and the manufacturer keeps you safe. But in practice, apps are just software, only worse:

https://pluralistic.net/2022/06/23/peek-a-boo/#attack-helicopter-parenting

Apps are part what Bruce Schneier calls "feudal security." In this model, we defend ourselves against the bandits who roam the internet by moving into a warlord's fortress. So long as we do what the warlord tells us to do, his hired mercenaries will keep us safe from the bandits:

https://locusmag.com/2021/01/cory-doctorow-neofeudalism-and-the-digital-manor/

But in practice, the mercenaries aren't all that good at their jobs. They let all kinds of badware into the fortress, like the "pig butchering" apps that snuck into the two major mobile app stores:

https://arstechnica.com/information-technology/2023/02/pig-butchering-scam-apps-sneak-into-apples-app-store-and-google-play/

It's not merely that the app stores' masters make mistakes – it's that when they screw up, we have no recourse. You can't switch to an app store that pays closer attention, or that lets you install low-level software that monitors and overrides the apps you download.

Indeed, Apple's Developer Agreement bans apps that violate other services' terms of service, and they've blocked apps like OG App that block Facebook's surveillance and other enshittification measures, siding with Facebook against Apple device owners who assert the right to control how they interact with the company:

https://pluralistic.net/2022/12/10/e2e/#the-censors-pen

When a company insists that you must be rendered helpless as a condition of protecting you, it sets itself up for ghastly failures. Apple's decision to prevent every one of its Chinese users from overriding its decisions led inevitably and foreseeably to the Chinese government ordering Apple to spy on those users:

https://pluralistic.net/2022/11/11/foreseeable-consequences/#airdropped

Apple isn't shy about thwarting Facebook's business plans, but Apple uses that power selectively – they blocked Facebook from spying on Iphone users (yay!) and Apple covertly spied on its customers in exactly the same way as Facebook, for exactly the same purpose, and lied about it:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

The ultimately, irresolvable problem of Feudal Security is that the warlord's mercenaries will protect you against anyone – except the warlord who pays them. When Apple or Google or Facebook decides to attack its users, the company's security experts will bend their efforts to preventing those users from defending themselves, turning the fortress into a prison:

https://pluralistic.net/2022/10/20/benevolent-dictators/#felony-contempt-of-business-model

Feudal security leaves us at the mercy of giant corporations – fallible and just as vulnerable to temptation as any of us. Both binding arbitration and feudal security assume that the benevolent dictator will always be benevolent, and never make a mistake. Time and again, these assumptions are proven to be nonsense.

(Image Anthony Quintano, CC BY 2.0, modified)



A Wayback Machine banner.

#20yrsago PacBell and Scientology knock Kevin Burton offline https://web.archive.org/web/20030219085335/http://www.peerfear.org/rss/permalink/2003/02/04/1044497702-DMCA_Takedown_Notice_Scientology_and_PacBell.shtml<?a>

#20yrsago Brewster Kahle’s librarian rant https://web.archive.org/web/20030409204107/http://www.loc.gov/rr/program/lectures/kahle.html

#10yrsago Bogosity generators: the secret heart of science fiction https://www.rudyrucker.com/blog/2013/02/05/the-bogosity-generator-tool-in-science-fiction/

#10yrsago NYT, 1924: Hitler’s tamed by prison, “no longer to be feared” https://web.archive.org/web/20130206224612/http://www.retronaut.com/2013/02/hitler-tamed-by-prison/

#5yrsago Trump’s Consumer Finance Protection Board chief gives up on punishing Equifax for doxing the entire United States of America https://www.reuters.com/article/us-usa-equifax-cfpb/exclusive-u-s-consumer-protection-official-puts-equifax-probe-on-ice-sources-idUSKBN1FP0IZ

#5yrsago The GOP candidate who would represent a suburban Chicago district is an open Holocaust denier, white supremacist and anti-Semite https://chicago.suntimes.com/politics/2019/12/2/20992050/holocaust-denier-arthur-jones-candidate-republican-primary-3rd-congressional-district

#5yrsago 139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild https://www.securityweek.com/malware-exploiting-spectre-meltdown-flaws-emerges/

#1yrago How to design an anti-monopoly interop system https://pluralistic.net/2022/02/05/time-for-some-game-theory/#massholes


Today's top sources: Slashdot (https://slashdot.org).

Currently writing:

Currently reading: Analogia by George Dyson.

Latest podcast: Social Quitting https://craphound.com/news/2023/01/22/social-quitting/

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "Small Government: The ref has to be more powerful than the players" https://pluralistic.net/2023/02/05/small-government/)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla