When Facebook came for your battery, feudal security failed
When George Hayward was working as a Facebook data-scientist, his bosses ordered him to run a “negative test,” updating Facebook Messenger to deliberately drain users’ batteries, in order to determine how power-hungry various parts of the apps were. Hayward refused, and Facebook fired him, and he sued:
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Hayward balked because he knew that among the 1.3 billion people who use Messenger, some would be placed in harm’s way if Facebook deliberately drained their batteries — physically stranded, unable to communicate with loved ones experiencing emergencies, or locked out of their identification, payment method, and all the other functions filled by mobile phones.
As Hayward told Kathianne Boniello at the New York Post, “Any data scientist worth his or her salt will know, ‘Don’t hurt people…’ I refused to do this test. It turns out if you tell your boss, ‘No, that’s illegal,’ it doesn’t go over very well.”
Negative testing is standard practice at Facebook, and Hayward was given a document called “How to run thoughtful negative tests” regarding which he said, “I have never seen a more horrible document in my career.”
We don’t know much else, because Hayward’s employment contract included a non-negotiable binding arbitration waiver, which means that he surrendered his right to seek legal redress from his former employer. Instead, his claim will be heard by an arbitrator — that is, a fake corporate judge who is paid by Facebook to decide if Facebook was wrong. Even if he finds in Hayward’s favor — something that arbitrators do far less frequently than real judges do — the judgment, and all the information that led up to it, will be confidential, meaning we won’t get to find out more:
One significant element of this story is that the malicious code was inserted into Facebook’s app. Apps, we’re told, are more secure than real software. Under the “curated computing” model, you forfeit your right to decide what programs run on your devices, and the manufacturer keeps you safe. But in practice, apps are just software, only worse:
Apps are part what Bruce Schneier calls “feudal security.” In this model, we defend ourselves against the bandits who roam the internet by moving into a warlord’s fortress. So long as we do what the warlord tells us to do, his hired mercenaries will keep us safe from the bandits:
But in practice, the mercenaries aren’t all that good at their jobs. They let all kinds of badware into the fortress, like the “pig butchering” apps that snuck into the two major mobile app stores:
It’s not merely that the app stores’ masters make mistakes — it’s that when they screw up, we have no recourse. You can’t switch to an app store that pays closer attention, or that lets you install low-level software that monitors and overrides the apps you download.
Indeed, Apple’s Developer Agreement bans apps that violate other services’ terms of service, and they’ve blocked apps like OG App that block Facebook’s surveillance and other enshittification measures, siding with Facebook against Apple device owners who assert the right to control how they interact with the company:
When a company insists that you must be rendered helpless as a condition of protecting you, it sets itself up for ghastly failures. Apple’s decision to prevent every one of its Chinese users from overriding its decisions led inevitably and foreseeably to the Chinese government ordering Apple to spy on those users:
Apple isn’t shy about thwarting Facebook’s business plans, but Apple uses that power selectively — they blocked Facebook from spying on Iphone users (yay!) and Apple covertly spied on its customers in exactly the same way as Facebook, for exactly the same purpose, and lied about it:
The ultimately, irresolvable problem of Feudal Security is that the warlord’s mercenaries will protect you against anyone — except the warlord who pays them. When Apple or Google or Facebook decides to attack its users, the company’s security experts will bend their efforts to preventing those users from defending themselves, turning the fortress into a prison:
Feudal security leaves us at the mercy of giant corporations — fallible and just as vulnerable to temptation as any of us. Both binding arbitration and feudal security assume that the benevolent dictator will always be benevolent, and never make a mistake. Time and again, these assumptions are proven to be nonsense.
Image:
Anthony Quintano (modified)
https://commons.wikimedia.org/wiki/File:Mark_Zuckerberg_F8_2018_Keynote_%2841118890174%29.jpg
CC BY 2.0:
https://creativecommons.org/licenses/by/2.0/deed.en
[Image ID: A painting depicting the Roman sacking of Jerusalem. The Roman leader's head has been replaced with Mark Zuckerberg's head. The wall has Apple's 'Think Different' wordmark and an Ios 'low battery' icon.]
Next week (Feb 8-17), I'll be in Australia, touring my book *Chokepoint Capitalism* with my co-author, Rebecca Giblin. We'll be in Brisbane on Feb 8, and then we're doing a remote event for NZ on Feb 9. Next is Melbourne, Sydney and Canberra. I hope to see you!
Someday, we’ll all take comfort in the internet’s “dark corners”
I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me on SUNDAY (Mar 24) with LAURA POITRAS in NYC, then Anaheim, and beyond!
Platforms decay. Tech bosses, unconstrained by competition; regulation; ad blockers and other adversarial interoperability; and their own workers, will inevitably hollow out their platforms, using ultraflexible digital technology to siphon value away from end users and business customers, leaving behind the bare minimum of value to keep all those users locked in:
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Enshittification is the inevitable result of high switching costs. Tech bosses are keenly attuned to opportunities to lock in their customers and users, because the harder is to leave a platform, the worse the platform can treat you – the more value it can rob you of – without risking your departure.
But platform users are a heterogeneous, lumpy mass. Different groups of users have different switching costs. An adult Facebook user of long tenure has more reasons to stay than a younger user: they have more complex social lives, with nonoverlapping social circles from high school, college, various jobs, affinity groups, and family. They are more likely to have a chronic illness, or to be caring for someone with chronic illness, and to be a member of a social media support group they value highly. They are more likely to be connected to practical communities, like little league carpool rotas.
That's the terrible irony of platform decay: the more value you get from a platform, the more cost that platform can extract, a cost denominated in your wellbeing, enjoyment and dignity.
(At this point, someone will pipe up and say, "If you're not paying for the product, you're the product." It's nonsense. Dignity, respect and fairness aren't frequent flier program perks that tech companies dribble out to their best customers. Companies will happily treat their paying customers as "products" if they think those customers can't avoid other forms of rent-extraction, such as "attention rents")
Now, consider the converse proposition: for younger users, platforms deliver less value. Younger users have less complex social lives on average relative to their parents and grandparents, which means that platforms have fewer ways to sink their hooks into those young users. Further: young users tend to want things that the platforms don't want them to have, right from the first day they sign up. In particular, young users often want to conduct their socializing out of eyesight and earshot of adults, especially parents, teachers, and other authority figures. This means that a typical younger user has both more reasons to leave a platform as well as fewer reasons to stay there.
Younger people have an additional reason to bail on platforms early and often: if your online and offline social circles strongly overlap – if you see the same people at school as you do in your feed, it's much easier to reassemble your (smaller, less complex) social circle on a new platform.
And so: on average, young people like platforms less, hate them more, and have both less to lose and more to gain by leaving one platform for another. Sure, some young people are also burning with youth's neophilia. But even without that neophilia, young people are among the first to go when tech bosses start to ratchet up the enshittification.
Beyond young people, there are others who tend to jump ship early, like sex-workers:
Sex-workers' technology changes are only incidentally the result of some novelty-seeking impulse. The real reason to change platforms if you're a sex-worker is that the platforms are either absolutely hostile to sex-workers, or profoundly indifferent to the suffering their policy changes rain down upon them.
The same is broadly true of other disfavored groups, including those with out-of-mainstream political ideologies. Some of these groups hold progressive views, others are out-and-out Nazis, but all of them chafe at the platforms' policies at the best of times, and are far more ready to jump ship when the platforms tighten the noose on all their users.
This is where "dark corners" come in. The worst people on the internet have relocated to its so-called dark corners – privately hosted servers, groupchats, message-boards, etc. Some of these are notorious: Kiwi Farms, 4chan, 8kun, sprawling Telegram groupchats. Others only breach when they are implicated in waves of unthinkably cruel and grotesque crimes:
The answer to crimes committed in the internet's dark corners is the same as for crimes committed anywhere: catch the criminals, prosecute the crimes. But a distressing number of well-meaning people observe the nexus between dark corners and the crimes that fester there, and conclude that the problem is with the dark corners, themselves.
These people observe that social media platforms like Facebook, and intermediaries like Cloudflare, DNS providers, and domain registrars constitute a "nexus of control" – chokepoints that trap the online lives of billions of people – and conclude that these gigantic corporations can and should be made "responsible" for their users:
From there, it's a short leap to conclude that anyone who isn't in a position to be controlled by these too big to jail, too big to fail, relentlessly enshittifying corporations must be pushed into their demesne.
This is a deal with the devil. In the name of preventing small groups of terrible people from gathering in private, beyond the control of the world's insufferable and cruel tech barons, we risk dooming everyone else to being permanently within those unworthy billionaires' thumbs.
This is why people like Mark Zuckerberg are so eager to see an increase in "intermediary liability" rules like Section 230. Zuckerberg's greatest fear isn't having to spend more on moderators or algorithms that suppress controversial subjects:
The thing he fears the most is losing control over his users. That's why he bought Instagram: to recapture the young users who were fleeing his mismanaged, enshittified platform in droves:
A legal mandate for Zuckerberg to police his users is a legal requirement that he surveil and control those users. It's fundamentally incompatible with the new drive in competition circles to force Zuckerberg and his fellow tech barons to offer gateways that make it easier to escape their grasp, by allowing users to depart Facebook and continue to socialize with the users who stay behind:
https://www.eff.org/interoperablefacebook
Remember: the more locked-in a platform user is, the harder that platform will squeeze that user, safe in the knowledge that the cost of leaving is higher than the cost of staying and tolerating the platform's abuse.
This is the problem with "feudal security" – the warlord who lures you into his castle fortress with the promise of protection from external threats is, in reality, operating a prison where no one can protect you from him:
Rather than fighting to abolish dark corners because only the worst people on the internet use them today, we should be normalizing dark corners, making it easier for every kind of user to find a cozy nook that is shaded from the baleful glare of Zuck and his fellow, eminently guillotineable tech warlords:
Enshittification is relentless. The collapse of the restraints that penalized tech companies who abused their users – competition, regulation, interoperability and their own workers' consciences – has inculcated every tech boss with an incurable enshittification imperative.
Efforts to make the platforms safer for their users can only take us so far. Fundamentally, these vast, centralized systems that vest authority with flawed and mediocre and frail human dictators (who fancy themselves noble, brilliant and infallible) will never be safe for human habitation. Rather than focusing on improving the platforms, we should be evacuating them:
Online communities that control their own moderation policies won't always get it right. But there is a whole host of difficult moderation calls that can never be adequately handled by outsiders overseeing vast, sprawling platforms. Distinguishing friendly banter from harassment requires the context that only an insider can hope to possess.
We all deserve dark corners where we stand a chance of finding well-managed communities that can deliver the value that keeps us stuck to our decaying giant platforms. Eventually, the enshittification will chase every user off these platforms – not just kids or sex-workers or political radicals. When that happens, it sure would be nice if everyone could set up in a dark corner of their own.
Name your price for 18 of my DRM-free ebooks and support the Electronic Frontier Foundation with the Humble Cory Doctorow Bundle.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me TONIGHT (Mar 22) in TORONTO, then SUNDAY (Mar 24) with LAURA POITRAS in NYC, then Anaheim, and beyond!
The foundational tenet of "the Cult of Mac" is that buying products from a $3t company makes you a member of an oppressed ethnic minority and therefore every criticism of that corporation is an ethnic slur:
Call it "Apple exceptionalism" – the idea that Apple, alone among the Big Tech firms, is virtuous, and therefore its conduct should be interpreted through that lens of virtue. The wellspring of this virtue is conveniently nebulous, which allows for endless goal-post shifting by members of the Cult of Mac when Apple's sins are made manifest.
Take the claim that Apple is "privacy respecting," which is attributed to Apple's business model of financing its services though cash transactions, rather than by selling it customers to advertisers. This is the (widely misunderstood) crux of the "surveillance capitalism" hypothesis: that capitalism is just fine, but once surveillance is in the mix, capitalism fails.
Apple, then, is said to be a virtuous company because its behavior is disciplined by market forces, unlike its spying rivals, whose ability to "hack our dopamine loops" immobilizes the market's invisible hand with "behavior-shaping" shackles:
Apple makes a big deal out of its privacy-respecting ethos, and not without some justification. After all, Apple went to the mattresses to fight the FBI when they tried to force Apple to introduced defects into its encryption systems:
And Apple gave Ios users the power to opt out of Facebook spying with a single click; 96% of its customers took them up on this offer, costing Facebook $10b (one fifth of the pricetag of the metaverse boondoggle!) in a single year (you love to see it):
Bruce Schneier has a name for this practice: "feudal security." That's when you cede control over your device to a Big Tech warlord whose "walled garden" becomes a fortress that defends you against external threats:
The keyword here is external threats. When Apple itself threatens your privacy, the fortress becomes a prison. The fact that you can't install unapproved apps on your Ios device means that when Apple decides to harm you, you have nowhere to turn. The first Apple customers to discover this were in China. When the Chinese government ordered Apple to remove all working privacy tools from its App Store, the company obliged, rather than risk losing access to its ultra-cheap manufacturing base (Tim Cook's signal accomplishment, the one that vaulted him into the CEO's seat, was figuring out how to offshore Apple manufacturing to China) and hundreds of millions of middle-class consumers:
Killing VPNs and other privacy tools was just for openers. After Apple caved to Beijing, the demands kept coming. Next, Apple willingly backdoored all its Chinese cloud services, so that the Chinese state could plunder its customers' data at will:
This was the completely foreseeable consequence of Apple's "curated computing" model: once the company arrogated to itself the power to decide which software you could run on your own computer, it was inevitable that powerful actors – like the Chinese Communist Party – would lean on Apple to exercise that power in service to its goals.
Unsurprisingly, the Chinese state's appetite for deputizing Apple to help with its spying and oppression was not sated by backdooring iCloud and kicking VPNs out of the App Store. As recently as 2022, Apple continued to neuter its tools at the behest of the Chinese state, breaking Airdrop to make it useless for organizing protests in China:
But the threat of Apple turning on its customers isn't limited to China. While the company has been unwilling to spy on its users on behalf of the US government, it's proven more than willing to compromise its worldwide users' privacy to pad its own profits. Remember when Apple let its users opt out of Facebook surveillance with one click? At the very same time, Apple was spinning up its own commercial surveillance program, spying on Ios customers, gathering the very same data as Facebook, and for the very same purpose: to target ads. When it came to its own surveillance, Apple completely ignored its customers' explicit refusal to consent to spying, spied on them anyway, and lied about it:
Here's the thing: even if you believe that Apple has a "corporate personality" that makes it want to do the right thing, that desire to be virtuous is dependent on the constraints Apple faces. The fact that Apple has complete legal and technical control over the hardware it sells – the power to decide who can make software that runs on that hardware, the power to decide who can fix that hardware, the power to decide who can sell parts for that hardware – represents an irresistible temptation to enshittify Apple products.
"Constraints" are the crux of the enshittification hypothesis. The contagion that spread enshittification to every corner of our technological world isn't a newfound sadism or indifference among tech bosses. Those bosses are the same people they've always been – the difference is that today, they are unconstrained.
Having bought, merged or formed a cartel with all their rivals, they don't fear competition (Apple buys 90+ companies per year, and Google pays it an annual $26.3b bribe for default search on its operating systems and programs).
Having captured their regulators, they don't fear fines or other penalties for cheating their customers, workers or suppliers (Apple led the coalition that defeated dozens of Right to Repair bills, year after year, in the late 2010s).
Having wrapped themselves in IP law, they don't fear rivals who make alternative clients, mods, privacy tools or other "adversarial interoperability" tools that disenshittify their products (Apple uses the DMCA, trademark, and other exotic rules to block third-party software, repair, and clients).
True virtue rests not merely in resisting temptation to be wicked, but in recognizing your own weakness and avoiding temptation. As I wrote when Apple embarked on its "curated computing" path, the company would eventually – inevitably – use its power to veto its customers' choices to harm those customers:
Which is where we're at today. Apple – uniquely among electronics companies – shreds every device that is traded in by its customers, to block third parties from harvesting working components and using them for independent repair:
Apple engraves microscopic Apple logos on those parts and uses these as the basis for trademark complaints to US customs, to block the re-importation of parts that escape its shredders:
Apple entered into an illegal price-fixing conspiracy with Amazon to prevent used and refurbished devices from being sold in the "world's biggest marketplace":
Why is Apple so opposed to independent repair? Well, they say it's to keep users safe from unscrupulous or incompetent repair technicians (feudal security). But when Tim Cook speaks to his investors, he tells a different story, warning them that the company's profits are threatened by customers who choose to repair (rather than replace) their slippery, fragile glass $1,000 pocket computers (the fortress becomes a prison):
All this adds up to a growing mountain of immortal e-waste, festooned with miniature Apple logos, that our descendants will be dealing with for the next 1,000 years. In the face of this unspeakable crime, Apple engaged in a string of dishonest maneuvers, claiming that it would support independent repair. In 2022, Apple announced a home repair program that turned out to be a laughably absurd con:
Let's pause here a moment and remember that Apple once stood for independent repair, and celebrated the independent repair technicians that kept its customers' beloved Macs running:
Whatever virtue lurks in Apple's corporate personhood, it is no match for the temptation that comes from running a locked-down platform designed to capture IP rights so that it can prevent normal competitive activities, like fixing phones, processing payments, or offering apps.
When Apple rolled out the App Store, Steve Jobs promised that it would save journalism and other forms of "content creation" by finally giving users a way to pay rightsholders. A decade later, that promise has been shattered by the app tax – a 30% rake on every in-app transaction that can't be avoided because Apple will kick your app out of the App Store if you even mention that your customers can pay you via the web in order to avoid giving a third of their content dollars to a hardware manufacturer that contributed nothing to the production of that material:
Among the apps that Apple also refuses to allow on Ios is third-party browsers. Every Iphone browser is just a reskinned version of Apple's Safari, running on the same antiquated, insecure Webkit browser engine. The fact that Webkit is incomplete and outdated is a feature, not a bug, because it lets Apple block web apps – apps delivered via browsers, rather than app stores:
Last month, the EU took aim at Apple's veto over its users' and software vendors' ability to transact with one another. The newly in-effect Digital Markets Act requires Apple to open up both third-party payment processing and third-party app stores. Apple's response to this is the very definition of malicious compliance, a snake's nest of junk-fees, onerous terms of service, and petty punitive measures that all add up to a great, big "Go fuck yourself":
But Apple's bullying, privacy invasion, price-gouging and environmental crimes are global, and the EU isn't the only government seeking to end them. They're in the firing line in Japan:
And now, famously, the US Department of Justice is coming for Apple, with a bold antitrust complaint that strikes at the heart of Apple exceptionalism, the idea that monopoly is safer for users than technological self-determination:
There's passages in the complaint that read like I wrote them:
Apple wraps itself in a cloak of privacy, security, and consumer preferences to justify its anticompetitive conduct. Indeed, it spends billions on marketing and branding to promote the self-serving premise that only Apple can safeguard consumers’ privacy and security interests. Apple selectively compromises privacy and security interests when doing so is in Apple’s own financial interest—such as degrading the security of text messages, offering governments and certain companies the chance to access more private and secure versions of app stores, or accepting billions of dollars each year for choosing Google as its default search engine when more private options are available. In the end, Apple deploys privacy and security justifications as an elastic shield that can stretch or contract to serve Apple’s financial and business interests.
After all, Apple punishes its customers for communicating with Android users by forcing them to do so without any encryption. When Beeper Mini rolled out an Imessage-compatible Android app that fixed this, giving Iphone owners the privacy Apple says they deserve but denies to them, Apple destroyed Beeper Mini:
https://blog.beeper.com/p/beeper-moving-forward
Tim Cook is on record about this: if you want to securely communicate with an Android user, you must "buy them an Iphone":
If your friend, family member or customer declines to change mobile operating systems, Tim Cook insists that you must communicate without any privacy or security.
Even where Apple tries for security, it sometimes fails ("security is a process, not a product" -B. Schneier). To be secure in a benevolent dictatorship, it must also be an infallible dictatorship. Apple's far from infallible: Eight generations of Iphones have unpatchable hardware defects:
https://checkm8.info/
And Apple's latest custom chips have secret-leaking, unpatchable vulnerabilities:
Apple's far from infallible – but they're also far from benevolent. Despite Apple's claims, its hardware, operating system and apps are riddled with deliberate privacy defects, introduce to protect Apple's shareholders at the expense of its customers:
https://proton.me/blog/iphone-privacy
Now, antitrust suits are notoriously hard to make, especially after 40 years of bad-precedent-setting, monopoly-friendly antitrust malpractice. Much of the time, these suits fail because they can't prove that tech bosses intentionally built their monopolies. However, tech is a written culture, one that leaves abundant, indelible records of corporate deliberations. What's more, tech bosses are notoriously prone to bragging about their nefarious intentions, committing them to writing:
Apple is no exception – there's an abundance of written records that establish that Apple deliberately, illegally set out to create and maintain a monopoly:
Apple claims that its monopoly is beneficent, used to protect its users, making its products more "elegant" and safe. But when Apple's interests conflict with its customers' safety and privacy – and pocketbooks – Apple always puts itself first, just like every other corporation. In other words: Apple is unexceptional.
The Cult of Mac denies this. They say that no one wants to use a third-party app store, no one wants third-party payments, no one wants third-party repair. This is obviously wrong and trivially disproved: if no Apple customer wanted these things, Apple wouldn't have to go to enormous lengths to prevent them. The only phones that an independent Iphone repair shop fixes are Iphones: which means Iphone owners want independent repair.
The rejoinder from the Cult of Mac is that those Iphone owners shouldn't own Iphones: if they wanted to exercise property rights over their phones, they shouldn't have bought a phone from Apple. This is the "No True Scotsman" fallacy for distraction-rectangles, and moreover, it's impossible to square with Tim Cook's insistence that if you want private communications, you must buy an Iphone.
Apple is unexceptional. It's just another Big Tech monopolist. Rounded corners don't preserve virtue any better than square ones. Any company that is freed from constraints – of competition, regulation and interoperability – will always enshittify. Apple – being unexceptional – is no exception.
Name your price for 18 of my DRM-free ebooks and support the Electronic Frontier Foundation with the Humble Cory Doctorow Bundle.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
feudal security where vendors are becoming our feudal lords
... belief that the internet takes the masses and makes them powerful and takes the governments and makes them powerless. Turns out that's not true.
What the internet and many technologies does, is magnify power.
...
Surveillance is the business model of the internet.
Refers to The Onion - Facebook is the CIA which is 2 years old!
Use control - in China, programs have to be certified by the gov't in order to be used, which sounds a lot like the Apple Store
...
Governments and corporations are using each others laws (constitution and regulatory) to get around its own restrictions. Example, if the gov't said you had to wear tracking devices 24/7 it would be unconstitutional. Yet we all carry cell phones
...
believes that there are going to be regulations on digital objects because of 3D printers
...
In the near term we need to keep circumvention of legal and net neutrality to give us some backstop towards the power from becoming more powerful. Long term, we have to recognize we can't have it both ways. If we want privacy, it has to be in our country and abroad
He called the new model "feudal security" in which Kindle Fire owners trust their security to Amazon, iPhone users trust their Apple, and so on. As a result, the devices no longer come with general-purpose capabilities. Open environments are increasingly being replaced with closed systems that are designed to give users less control.