ITHACA and NYC! I'm heading your way for a zillion events from Sept 11-17. Here's a list of open-to-all CORNELL activities including two major keynotes; a movie night with dinner and discussion; and a public event at CORNELL TECH in NYC. I'll also be at the BROOKLYN BOOK FESTIVAL on Sept 21.
If you have a sufficiently horrible boss, you might have heard them use the phrase, "One throat to choke," by which they mean, "We must arrange this project so there's one person I can blame and punish if it goes awry.
The problem with "one throat to choke" is that this is another word for chokepoint. If the person who has ultimate authority over the system somehow manages to evade your discipline, there's no one else you can approach to resolve any arguments about how the system should work. "One throat to choke" is a single point of failure. That can be a nice arrangement if you're in charge of that chokepoint, but if not, it means you're SOL.
The digital world is in the process of bifurcating. The dying, legacy systems are the zuckermuskian, centralized ones, where there's always one throat to choke. If you don't like the moderation, recommendation, or other policies on Google, Twitter, Facebook or Amazon, you know exactly who to blame. If you're a lawmaker or a regulator, you know exactly who to drag into court.
Then there's the new, exiting, free and open digital technology that's crawling out of the half-dead carcass of Big Tech: federated and decentralized systems like Mastodon (and the Fediverse) and Bluesky (and the Atmosphere). While both of these networks have official maintainers who oversee their open source software projects, and while both groups of maintainers also run the servers that dominate their networks, you can absolutely join and participate without the consent of the organizations that created and maintain them, and they can't stop you or kick you off.
That's what decentralization means – if you don't like a user or their behavior, there's no manager to speak to in order to have them removed. Sure, a user can be kicked off of some servers, even all the servers, but the user can still stand up their own server. So long as there are other users, somewhere on the internet, who want to interact with that person, they can continue to connect with one another.
Now, you'd think that the Maga movement would love this – and they do…to a point. Trump's Truth Social is just a Mastodon server, albeit one that very few other Mastodon servers have any connections to. But the Maga movement is incapable of imagining a world in which the power it arrogates to itself will ever fall into the hands of its enemies. They want the power to send troops into cities they don't like, to federally dictate election procedures, to fire any federal official without cause, to override Congress's budgetary edicts, to be insulated from all liability irrespective of criminality.
Maga desires these powers within the borders of the United States because it intends to abolish free and fair elections and install a dictatorship, which means they they won't have to worry about Democrats ever controlling the presidency and turning those weapons around.
But even if they manage this trick in the USA, they won't be able to pull it off on the internet. There are simply too many territories in which federated, decentralized services can domicile themselves, places that are not only outside America's jurisdiction, but where the local authorities are hostile to the idea of extraterritorial intrusions by the US state on their domestic affairs.
The American culture warriors, obsessed with the idea that tech platforms have shadow banned, downranked, deplatformed and demonetized them, want to bring Big Tech to heel. And since each Big Tech company has just one throat to choke, they think they can do it.
Take "age verification," the latest social contagion sweeping through authoritarian governments around the world. In the name of keeping kids from seeing stuff that's not kid-friendly online (a perfectly reasonable goal), governments are demanding that tech companies somehow deduce the ages of their users and block them from seeing adult materials. Some age verification proponents claim that it's possible to verify a user's age without creating as massive privacy catastrophe that reveals the browsing habits of every internet user, of every age. These people are wrong:
The only way to verify that a user is a child is to verify the user, which means performing extraordinarily invasive checks on every internet user, and storing the results of those checks, and, inevitable, leaking the result of those checks.
The Big Tech companies are delighted by this. Google and Meta have both offered to do a kind of digital phrenology on their users to determine their ages. After all, they spy on us so much that they can probably make a good guess about our ages. And if they guess wrong, well, no biggie, they'll just block all the edge cases and force users to provide them with even more sensitive data.
But the future-proof, federated, decentralized services can't do age verification. Oh, sure, some of the servers in these federations can verify their users' age, and they might have to, because you can always find that single throat to choke for the people running the main Mastodon and Bluesky servers. But you can use Mastodon and Bluesky without using those servers – and they can't stop you.
This is something that the Turkish dictator Recep Tayyip Erdoğan discovered last spring, whe he ordered Bluesky to block information about his political rivals. All Bluesky can do in these cases is flag some messages as "banned in Turkiye" and then turn on the "block banned in Turkiye posts" filter for Turkish accounts. Those users can just turn that filter off, or avail themselves of a third-party client that doesn't auto-subscribe them to "block banned content" filters:
That's what it means for a service to be a protocol, not a platform. It means you can't demand to speak to the manager of the protocol if you don't like how someone is using it. It means there isn't a single throat to choke:
Today, the new, future-proof federated services are trying to figure out how to comply with age verification orders. Bluesky has announced that it will age verify UK users:
But you don't have to interact with the Bluesky servers to use Bluesky. While Bluesky was (very) slow off the mark to enable the tooling that would allow anyone to talk to anyone else using Atproto (the underlying protocol) without Bluesky's permission, that day has arrived now. There are now Bluesky (the service) implementations that are entirely separated from the authority of Bluesky (the company), most notably Blacksky, created by and for Black social media users who lived through Musk's enshittification of Black Twitter and won't get fooled again:
The Mastodon server operated by the Mastodon organization has a policy barring under-16s from getting an account there. But there are many, many Mastodon servers (including, you'll recall, Truth Social) and they are all technically capable of talking with one another. Even if Mastodon (the organization) implemented some kind of invasive age verification on its server, other organizations – so distant from Mississippi as to be beyond legal retribution – could sign up users of any age, at its discretion.
One wrinkle here is whether there is an "enforcement nexus" between one of these independent Mastodon or Bluesky servers and a government seeking to impose age verification or other censorship policies. If you're running one of these servers, you wanna be sure your throat is out of choking range of these governments:
The easiest way to do this is to not have any personnel or assets in territories controlled by governments seeking to impose censorship requirements. Large corporations whose investors made a bet on global domination find this tradeoff difficult to make. They want to open sales offices in every country.
But co-ops, individual tinkerers and small businesses typically don't have assets or personnel in a lot of countries or states, and avoiding the censorious ones doesn't pose much of a challenge.
The other enforcement nexus to worry about isn't enforcement against a server's operators, but rather, enforcement against its data. Territories with national firewalls (or heavily concentrated ISPs who represent a tractable number of chokeable throats) can block noncompliant servers from their users (who might or might not avail themselves of VPNs to evade thse blocks).
There aren't many national firewalls, and enumerating all the noncompliant servers in the Fediverse is a big chore for their operators (less so for all the noncompliant Atmostphere servers, because there's just not that many of those – yet). On the other hand, the mobile device duopoly of Google and Apple represent a pair of trivially chokeable throats that can be used to extinguish any app that displease a country's censors (all the more reason to make everything web-first and treat apps as unreliable adjuncts to core web functionality).
But there's one more potential chokepoint: to the extent that the Bluesky (the service) or Mastodon (the service) maintain some nexus of control over users, even users on independent servers, they could come under pressure to terminate users that displease governments. Now, Mastodon has no such control over users, and if it tried to exert that control (for example, by pressuring an independent server to terminate their users' access), they could be sued for tortious interference with contract.
Unfortunately, Bluesky has chosen to insulate itself from that hedge against being the chokeable throat that is used as a means to exerting pressure on independent servers in the Atmosphere. Bluesky's Terms of Service trap all of its users in a "binding arbitration" waiver that forces them to surrender their right to sue. That means that if Bluesky were to threaten Blacksky in a bid to force it to do age verification or engage in some other form of censorship, anyone involved with Blacksky who ever created a Bluesky account would be unable to use to courts to defend themselves:
(However, if you set up a Bluesky server without ever joining Bluesky (the service) and clicking through its ToS, you're golden.)
Of course, none of this matters to Maga – but it should. Decentralized systems with no readily chokeable throats are good for people with disfavored views, and that includes a lot of the Maga movement. Remember, Trump's agenda is incredibly unpopular:
Someday, Maga is going to find that their enemies have found the right throat to choke to silence them. But Maga's useful idiots just keep on stepping on this rake – these are the same self-owning fools who opposed municipal fiber and thus ensured that if just a handful of giant ISPs decided to deplatform you, you'd disappear from the internet:
Bluesky users were furious when JD Vance joined the service. Maga culture warriors were furious when Bluesky users called for his account to be terminated. Both groups are nuts. If Bluesky lives up to its promise – if it becomes an unchokeable, future-proof, decentralized social media protocol, and not merely a platform, then there's no way to kick JD Vance off Bluesky (the service). All you can do is demand that Bluesky (the server) cut off his account, whereupon he will immediately decamp to another server where he is more welcome, and still able to communicate with any Bluesky user who wants to hear from him.
Progressives should want this, because it's far more likely that Bluesky will be pressured to terminate users for failing to be insufficiently demonstrative in their anguish over the Charlie Kirk shooting than it is that Bluesky will be pressured to terminate the Vice President of the USA. But Conservatives should want this too – because if they're really worried about "deplatforming" and "Big Tech censorship," then they should be trying to create a new internet where deplatforming and Big Tech censorship are impossible – not an internet where they decide who gets deplatformed and censored.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
1. If you are a fire, you may have given some thought on how to preserve your brief and shiny existence in the face of a world that often has strong opinions about fire and things that are on it. It is wise to always have an escape strategy. Many of the most successful fires in history have fled into coal mines or similar flammable hideyholes. However, most fires do not have the privilege of being born in a mine. If you have time, you could consider asking a friendly worm to dig you a small hole as a passable alternative.
2. A more ambitious strategy is to try and establish yourself as some kind of eternal flame, perhaps of the sort that is tended by acolytes, that burns in the central heating systems of the gods, or about which songs are penned. However, it is best to avoid situations in which your extinguishment has some kind of mythic resonance. Otherwise you may find yourself doomed to spend your afterlife as a work of oral history.
3. You might also consider leveraging the power of metaphor in your serach for longevity. If you can transition from actual physical fire to the fire for revenge in the heart of a betrayed soul, or the fire that burns in the belly of the beast, you may be able to survive for many decades. The switch to metaphor can be tricky, however. Consider being the best fire that you can be, a situation which may leave you literally on fire. We have heard reports that by doing this one may make a divide by zero error in the metaphorverse and successfully make a crossover during the confusion.
4. It is also possible to be fired as a fire for incompetent burning. If you live in a territory that subscribes to the Convention on the Rights of the Fire, you may be entitled to compensation and/or reassignment to an different job after being fired. The thermal energy in hot water bottles is often fire that has taken alternative employment.
5. Finally, please turn your attention to stage left. You may just be able to see some fire exiting, pursued by a bear. We should all be concerned about this development. If bears manage to steal fire from Shakespeare, who knows what they will do with it. They will be on course to outcompete humans in maybe six years, tops.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Of course you should do everything you can to prevent fires – and also, you should build fire exits, because no matter how hard you try, stuff burns. That includes social media sites.
Social media has its own special form of lock-in: we use social media sites to connect with friends, family members, community members, audiences, comrades, customers…people we love, depend on, and care for. Gathering people together is a profoundly powerful activity, because once people are in one place, they can do things: plan demonstrations, raise funds, organize outings, start movements. Social media systems that attract people then attract more people – the more people there are on a service, the more reasons there are to join that service, and once you join the service, you become a reason for other people to join.
Economists call this the "network effect." Services that increase in value as more people use them are said to enjoy "network effects." But network effects are a trap, because services that grow by connecting people get harder and harder to escape.
That's thanks to something called the "collective action problem." You experience the collective action problems all the time, whenever you try and get your friends together to do something. I mean, you love your friends but goddamn are they a pain in the ass: whether it's deciding what board game to play, what movie to see, or where to go for a drink afterwards, hell is truly other people. Specifically, people that you love but who stubbornly insist on not agreeing to do what you want to do.
You join a social media site because of network effects. You stay because of the collective action problem. And if you leave anyway, you will experience "switching costs." Switching costs are all the things you give up when you leave one product or service and join another. If you leave a social media service, you lose contact with all the people you rely on there.
Social media bosses know all this. They play a game where they try to enshittify things right up to the point where the costs they're imposing on you (with ads, boosted content, undermoderation, overmoderation, AI slop, etc) is just a little less than the switching costs you'd have to bear if you left. That's the revenue maximization strategy of social media: make things shittier for you to make things better for the company, but not so shitty that you go.
The more you love and need the people on the site, the harder it is for you to leave, and the shittier the service can make things for you.
How cursed is that?
But digital technology has an answer. Because computers are so marvelously, miraculously flexible, we can create emergency exits between services so when they turn into raging dumpster fires, you can hit the crash-bar and escape to a better service.
For example, in 2006, when Facebook decided to open its doors to the public – not just college kids with .edu addresses – they understood that most people interested in social media already had accounts on Myspace, a service that had sold to master enshittifier Rupert Murdoch the year before. Myspace users were champing at the bit to leave, but they were holding each other hostage.
To resolve this hostage situation, Facebook gave prospective Myspace users a bot that would take their Myspace login and password and impersonate them on Myspace, scraping all the messages their stay-behind friends had posted for them. These would show up in your Facebook inbox, and when you replied to them, the bot would log back into Myspace as you and autopilot those messages into your outbox, so they'd be delivered to your friends there.
No switching costs, in other words: you could use Facebook and still talk to your Myspace friends, without using Myspace. Without switching costs, there was no collective action problem, because you didn't all have to leave at once. You could trickle from Myspace to Facebook in ones and twos, and stay connected to each other.
Of course, that trickle quickly became a flood. Network effects are a double-edged sword: if you're only stuck to a service because of the people there, then if those people go, there's no reason for you to stick around. The anthropologist danah boyd was able to watch this from the inside, watching Myspace's back-end as whole groups departed en masse:
When I started seeing the disappearance of emotionally sticky nodes, I reached out to members of the MySpace team to share my concerns and they told me that their numbers looked fine. Active uniques were high, the amount of time people spent on the site was continuing to grow, and new accounts were being created at a rate faster than accounts were being closed. I shook my head; I didn’t think that was enough. A few months later, the site started to unravel.
Social media bosses hate the idea of fire exits. For social media enshittifiers, the dumpster fire is a feature, not a bug. If users can escape the minute you turn up the heat, how will you cook them alive?
Facebook nonconsensually hacked fire exits into Myspace and freed all of Rupert Murdoch's hostages. Fire exits represents a huge opportunity for competitors – or at least they did, until the motley collection of rules we call "IP" was cultivated into a thicket that made doing unto Facebook as Facebook did unto Myspace a felony:
https://locusmag.com/2020/09/cory-doctorow-ip/
When Elon Musk set fire to Twitter, people bolted for the exits. The safe harbor they sought out at first was Mastodon, and a wide variety of third party friend-finder services popped up to help Twitter refugees reassemble their networks on Mastodon. All departing Twitter users had to do was put their Mastodon usernames in their bios. The friend-finder services would use the Twitter API to pull the bios of everyone you followed and then automatically follow their Mastodon handles for you. For a couple weeks there, I re-ran a friend-finder service every couple days, discovering dozens and sometimes hundreds of friends in the Fediverse.
Then, Elon Musk shut down the API – bricking up the fire exit. For a time there, Musk even suspended the accounts of Twitter users who mentioned the existence of their Mastodon handles on the platform – the "free speech absolutist" banned millions of his hostages from shouting "fire exit" in a burning theater:
Mastodon is a nonprofit, federated service built on a open standards. Anyone can run a Mastodon server, and the servers all talk to each other. This is like email – you can use your Gmail account to communicate with friends who have Outlook accounts. But when you change email servers, you have to manually email everyone in your contact list to get them to switch over, while Mastodon has an automatic forwarding service that switches everyone you follow, and everyone who follows you, onto a new server. This is more like cellular number-porting, where you can switch from Verizon to T-Mobile and keep your phone number, so your friends don't have to care about which network your phone is on, they just call you and reach you.
This federation with automatic portability is the fire exit of all fire exits. It means that when your server turns into a dumpster fire, you can quit it and go somewhere else and lose none of your social connections – just a couple clicks gets you set up on a server run by someone you trust more or like better than the boss on your old server. And just as with real-world fire exits, you can use this fire exit in non-emergency ways, too – like maybe you just want to hang out on a server that runs faster, or whose users you like more, or that has a cooler name. Click-click-click, and you're in the new place. Change your mind? No problem – click-click-click, and you're back where you started.
This doesn't just protect you from dumpster fires, it's also a flame-retardant, reducing the likelihood of conflagration. A server admin who is going through some kind of enraging event (whomst amongst us etc etc) knows that if they do something stupid and gross to their users, the users can bolt for the exits. That knowledge increases the volume on the quiet voice of sober second thought that keeps us from flying off the handle. And if the admin doesn't listen to that voice? No problem: the fire exit works as an exit – not just as a admin-pacifying measure.
Any public facility should be built with fire exits. Long before fire exits were a legal duty, they were still a widely recognized good idea, and lots of people installed them voluntarily. But after horrorshows like the Triangle Shirtwaist factory fire, fire exits became a legal obligation. Today, the EU's Digital Markets Act imposes a requirement on large platforms to stand up interoperable APIs so that users can quit their services and go to a rival without losing contact with the people they leave behind – it's the world's first fire exit regulation for online platforms.
It won't be the last. Existing data protection laws like California's CCPA, which give users a right to demand copies of their data, arguably impose a duty on Mastodon server hosts to give users the data-files they need to hop from one server to the next. This doesn't just apply to the giant companies that are captured by the EU's DMA (which calls them "very large online platforms," or "VLOPS" – hands-down my favorite weird EU bureaucratic coinage of all time). CCPA would capture pretty much any server hosted in California and possibly and server with Californian users.
Which is OK! It's fine to tell small coffee-shops and offices with three desks that they need a fire exit, provided that installing that fire exit doesn't cost so much to install and maintain that it makes it impossible to run a small business or nonprofit or hobby. A duty to hand over your users' data files isn't a crushing compliance burden – after all, the facility for exporting that file comes built into Mastodon, so all a Mastodon server owner has to do to comply is not turn that facility off. What's more, if there's a dispute about whether a Mastodon server operator has provided a user with the file, we can resolve it by simply asking the server operator to send another copy of the file, or, in extreme cases, to provide a regulator with the file so that they can hand it to the user.
This is a great fire exit design. Fire exits aren't a substitute for making buildings less flammable, but they're a necessity, no matter how diligent the building's owner is about fire suppression. People are right to be pissed off about platform content moderation and content moderation at scale is effectively impossible:
The pain of bad content moderation is not evenly distributed. Typically, the people who get it worst are disfavored minorities with little social power and large cadres of organized bad actors who engage in coordinated harassment campaigns. Ironically, these people also rely more on one another for support (because they are disfavored, disadvantaged, and targeted) than the median user, which means they pay higher switching costs when they leave a platform and lose one another. That means that the people who suffer the worst from content moderation failures are also the people whom a platform can afford to fail most egregiously without losing their business.
It's the "Fiddler on the Roof" problem: sure, the villagers of Anatevka get six kinds of shit kicked out of them by cossacks every 15 minutes, but if they leave the shtetl, they'll lose everything they have. Their wealth isn't material. Anatekvans are peasants with little more than the clothes on their back and a storehouse of banging musical numbers. The wealth of Anatevka is social, it's one another. The only thing worse than living in Anatevka is leaving Anatevka, because the collective action problem dictates that once you leave Anatevka, you lose everyone you love:
Twitter's exodus remains a trickle, albeit one punctuated by the occasional surge when Musk does something particularly odious and the costs of staying come into sharp relief, pushing users to depart. These days, most of these departures are for Bluesky, not Mastodon.
Bluesky, like Mastodon, was conceived of as a federated social service with easy portability between servers that would let users hop from one server to another. The Bluesky codebase and architecture frames out a really ambitious fire-suppression program, with composable, stackable moderation tools and group follow/block lists that make it harder for dumpster fires to break out. I love this stuff: it's innovative in the good sense of "something that makes life better for technology users" (as opposed to the colloquial meaning of "innovative," which is "something that torments locked-in users to make shareholders richer).
But as I said when I opened this essay, "you should do everything you can to prevent fires – and also, you should build fire exits, because no matter how hard to you try, stuff burns."
Bluesky's managers claim they've framed in everything they need to install the fire exits that would let you leave Bluesky and go to a rival server without losing the people you follow and the people who follow you. They've got personal data servers that let you move all your posts. They've got stable, user-controlled identifiers that could maintain connections across federated servers.
But, despite all this, there's no actual fire exits for Bluesky. No Bluesky user has severed all connections with the Bluesky business entity, renounced its terms of service and abandoned their accounts on Bluesky-managed servers without losing their personal connections to the people they left behind.
Those live, ongoing connections to people – not your old posts or your identifiers – impose the highest switching costs for any social media service. Myspace users who were reluctant to leave for the superior lands of Facebook (where, Mark Zuckerberg assured them, they would never face any surveillance – no, really!) were stuck on Rupert Murdoch's sinking ship by their love of one another, not by their old Myspace posts. Giving users who left Myspace the power to continue talking to the users who stayed was what broke the floodgates, leading to the "unraveling" that boyd observed.
Bluesky management has evinced an admirable and (I believe) sincere devotion to their users' wellbeing, and they've amply demonstrated that commitment with capital expenditures on content moderators and tools to allow users to control their own content moderation. They've invested heavily in fire suppression.
But there's still no fire exits on Bluesky. The exits are on the blueprints, they're roughed into the walls, but no one's installed them. Bluesky users' only defense against a dumpster fire is the ongoing goodwill and wisdom of Bluesky management. That's not enough. As I wrote earlier, every social media service where I'm currently locked in by my social connections was founded by someone I knew personally, respected, and liked and respected (and often still like and respect):
I would love to use Bluesky, not least because I am fast approaching the point where the costs of using Twitter will exceed the benefits. I'm pretty sure that an account on Bluesky would substitute well for the residual value that keeps me glued to Twitter. But the fact that Twitter is such a dumpster fire is why I'm not going to join Bluesky until they install those fire exits. I've learned my lesson: you should never, ever, ever join another service unless they've got working fire exits.
Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.
Many of us have left the big social media platforms; far more of us wish we could leave them; and even those of us who've escaped from Facebook/Insta and Twitter still spend a lot of time trying to figure out how to get the people we care about off of them, too.
It's lazy and easy to think that our friends who are stuck on legacy platforms run by Zuckerberg and Musk lack the self-discipline to wean themselves off of these services, or lack the perspective to understand why it's so urgent to get away from them, or that their "hacked dopamine loops" have addicted them to the zuckermusk algorithms. But if you actually listen to the people who've stayed behind, you'll learn that the main reason our friends stay on legacy platforms is that they care about the other people there more than they hate Zuck or Musk.
They rely on them because they're in a rare-disease support group; or they all coordinate their kids' little league carpools there; or that's where they stay in touch with family and friends they left behind when they emigrated; or they're customers or the audience for creative labor.
All those people might want to leave, too, but it's really hard to agree on where to go, when to go, and how to re-establish your groups when you get somewhere else. Economists call this the "collective action problem." This problem creates "switching costs" – a lot of stuff you'll have to live without if you switch from legacy platforms to new ones. The collective action problem is hard to solve and the switching costs are very high:
That's why people stay behind – not because they lack perspective, or self-discipline, or because their dopamine loops have been hacked by evil techbro sorcerers who used Big Data to fashion history's first functional mind-control ray. They are locked in by real, material things.
Big Tech critics who attribute users' moral failings or platforms' technical prowess to the legacy platforms' "stickiness" are their own worst enemies. These critics have correctly identified that legacy platforms are a serious problem, but have totally failed to understand the nature of that problem or how to fix it. Thankfully, more and more critics are coming to understand that lock-in is the root of the problem, and that anti-lock-in measures like interoperability can address it.
But there's another major gap in the mainstream critique of social media. Critics of zuckermuskian media claim those services are so terrible because they're for-profit entities, capitalist enterprises hitched to the logic of extraction and profit above all else. The problem with this claim is that it doesn't explain the changes to these services. After all, the reason so many of us got on Twitter and Facebook and Instagram is because they used to be a lot of fun. They were useful. They were even great at times.
When tech critics fail to ask why good services turn bad, that failure is just as severe as the failure to ask why people stay when the services rot.
Now, the guy who ran Facebook when it was a great way to form communities and make friends and find old friends is the same guy who who has turned Facebook into a hellscape. There's very good reason to believe that Mark Zuckerberg was always a creep, and he took investment capital very early on, long before he started fucking up the service. So what gives? Did Zuck get a brain parasite that turned him evil? Did his investors get more demanding in their clamor for dividends?
If that's what you think, you need to show your working. Again, by all accounts, Zuck was a monster from day one. Zuck's investors – both the VCs who backed him early and the gigantic institutional funds whose portfolios are stuffed with Meta stock today – are not patient sorts with a reputation for going easy on entrepreneurs who leave money on the table. They've demanded every nickel since the start.
What changed? What caused Zuck to enshittify his service? And, even more importantly for those of us who care about the people locked into Facebook's walled gardens: what stopped him from enshittifying his services in the "good old days?"
At its root, enshittification is a theory about constraints. Companies pursue profit at all costs, but while you may be tempted to focus on the "at all costs" part of that formulation, you musn't neglect the "profits" part. Companies don't pursue unprofitable actions at all costs – they only pursue the plans that they judge are likely to yield profits.
When companies face real competitors, then some enshittificatory gambits are unprofitable, because they'll drive your users to competing platforms. That's why Zuckerberg bought Instagram: he had been turning the screws on Facebook users, and when Instagram came along, millions of those users decided that they hated Zuck more than they loved their friends and so they swallowed the switching costs and defected to Instagram. In an ill-advised middle-of-the-night memo to his CFO, Zuck defended spending $1b on Instagram on the grounds that it would recapture those Facebook escapees:
A company that neutralizes, buys or destroys its competitors can treat its users far worse – invade their privacy, cheap out on moderation and anti-spam, etc – without losing their business. That's why Zuck's motto is "it is better to buy than to compete":
Of course, as a leftist, I know better than to count on markets as a reliable source of corporate discipline. Even more important than market discipline is government discipline, in the form of regulation. If Zuckerberg feared fines for privacy violations, or moderation failures, or illegal anticompetitive mergers, or fraudulent advertising systems that rip off publishers and advertisers, or other forms of fraud (like the "pivot to video"), he would treat his users better. But Facebook's rise to power took place during the second half of the neoliberal era, when the last shreds of regulatory muscle that survived the Reagan revolution were being devoured by GW Bush and Obama (and then Trump).
As cartels and monopolies took over our economy, most government regulators were neutered and captured. Public agencies were stripped of their powers or put in harness to attack small companies, customers, and suppliers who got in the way of monopolists' rent-extraction. That meant that as Facebook grew, Zuckerberg had less and less to fear from government enforcers who might punish him for enshittification where the markets failed to do so.
But it's worse than that, because Zuckerberg and other tech monopolists figured out how to harness "IP" law to get the government to shut down third-party technology that might help users resist enshittification. IP law is why you can't make a privacy-protecting ad-blocker for an app (and why companies are so desperate to get you to use their apps rather than the open web, and why apps are so dismally enshittified). IP law is why you can't make an alternative client that blocks algorithmic recommendations. IP law is why you can't leave Facebook for a new service and run a scraper that imports your waiting Facebook messages into a different inbox. IP law is why you can't scrape Facebook to catalog the paid political disinformation the company allows on the platform:
https://locusmag.com/2020/09/cory-doctorow-ip/
IP law's growth has coincided with Facebook's ascendancy – the bigger Facebook got, the more tempting it was to interoperators who might want to plug new code into it to protect Facebook users, and the more powers Facebook had to block even the most modest improvements to its service. That meant that Facebook could enshittify even more, without worrying that it would drive users to take unilateral, permanent action that would deprive it of revenue, like blocking ads. Once ad-blocking is illegal (as it is on apps), there's no reason not to make ads as obnoxious as you want.
Of course, many Facebook employees cared about their users, and for most of the 21st century, those workers were a key asset for Facebook. Tech workers were in short supply until just a couple years ago, when the platforms started round after round of brutal layoffs – 260,000 in 2023, another 150,000+ in 2024. Facebook workers may be furious about Zuckerberg killing content moderation, but he's not worried about them quitting – not with a half-million skilled tech workers out there, hunting for jobs. Fuck 'em. Let 'em quit:
This is what changed: the collapse of market, government, and labor constraints, and IP law's criminalization of disenshittifying, interoperable add-ons. This is why Zuck, an eternal creep, is now letting his creep flag fly so proudly today. Not because he's a worse person, but because he understands that he can hurt his users and workers to benefit his shareholders without facing any consequences. Zuckerberg 2025 isn't the most evil Zuck, he's the most unconstrained Zuck.
Same goes for Twitter. I mean, obviously, there's been a change in management at Twitter – the guy who's enshittifying it today isn't the guy who enshittified it prior to last year. Musk is speedrunning the enshittification curve, and yet Twitter isn't collapsing. Why not? Because Musk is insulated from consequences for fucking up – he's got a huge cushion of wealth, he's got advertisers who are desperate to reach his users, he's got users who can't afford to leave the service, he's got IP law that he can use to block interoperators who might make it easier to migrate to a better service. He was always a greedy, sadistic asshole. Now he's an unconstrained greedy, sadistic asshole. Musk 2025 isn't a worse person than Musk 2020. He's just more free to act on his evil impulses than he was in years gone by.
These are the two factors that make services terrible: captive users, and no constraints. If your users can't leave, and if you face no consequences for making them miserable (not solely their departure to a competitor, but also fines, criminal charges, worker revolts, and guerrilla warfare with interoperators), then you have the means, motive and opportunity to turn your service into a giant pile of shit.
That's why we got Jack Welch and his acolytes when we did. There were always evil fuckers just like them hanging around, but they didn't get to run GM until Ronald Reagan took away the constraints that would have punished them for turning GE into a giant pile of shit. Every economy is forever a-crawl with parasites and monsters like these, but they don't get to burrow into the system and colonize it until policymakers create rips they can pass through.
In other words, the profit motive itself is not sufficient to cause enshittification – not even when a for-profit firm has to answer to VCs who would shut down the company or fire its leadership in the face of unsatisfactory returns. For-profit companies chase profit. The enshittifying changes to Facebook and Twitter are cruel, but the cruelty isn't the point: the point is profits. If the fines – or criminal charges – Facebook faced for invading our privacy exceeded the ad-targeting revenue it makes by doing so, it would stop spying on us. Facebook wouldn't like it. Zuck would hate it. But he'd do it, because he spies on us to make money, not because he's a voyeur.
To stop enshittification, it is not necessary to eliminate the profit motive – it is only necessary to make enshittification unprofitable.
This is not to defend capitalism. I'm not saying there's a "real capitalism" that's good, and a "crony capitalism" or "monopoly capitalism" that's bad. All flavors of capitalism harm working people and seek to shift wealth and power from the public and democratic institutions to private interests. But that doesn't change the fact that there are, indeed, different flavors of capitalism, and they have different winners and losers. Capitalists who want to sell apps on the App Store or reach customers through Facebook are technofeudalism's losers, while Apple, Facebook, Google, and other Big Tech companies are technofeudalism's great winners.
Smart leftism pays attention to these differences, because they represent the potential fault lines in capitalism's coalition. These people all call themselves capitalists, they all give money and support to political movements that seek to crush worker power and human rights – but when the platforms win, the platforms' business customers lose. They are irreconcilably on different sides of a capitalism-v-capitalism fight that is every bit as important to them as the capitalism-v-socialism fight.
I'm saying that it's good praxis to understand these divisions in capitalism, because then we can exploit those differences to make real, material gains for human thriving and worker rights. Lumping all for-profit businesses together as identical and irredeemable is bad tactics.
Legacy social media is at a turning point. Two new systems built on open standards have emerged as a credible threat to the zuckermuskian model: Mastodon (built on Activitypub) and Bluesky (built on Atproto). The former is far more mature, with a huge network of federated servers run by all different kinds of institutions, from hobbyists to corporations, and it's overseen by a nonprofit. The latter has far more users, and is a VC-backed corporate entity, and while it is hypothetically federatable, there are no Bluesky services apart from the main one that you can leave for if Bluesky starts to enshittify.
That means that Bluesky has a ton of captive users, and has the lack of constraint that characterizes the enshittified legacy platforms it has tempted tens of millions of users away from. This is not a good place to be in, because it means that if the current management choose to enshittify Bluesky, they can, and it will be profitable. It also means that the company's VCs understand that they could replace the current management and replace them with willing enshittifiers and make more money.
This is why Bluesky is in a dangerous place: not because it is backed by VCs, not because it is a for-profit entity, but because it has captive users and no constraints. It's a great party in a sealed building with no fire exits:
Last week, I endorsed a project called Free Our Feeds, whose goals include hacking some fire exits into Bluesky by force majeure – that is, independently standing up an alternative Bluesky server that people can retreat to if Bluesky management changes, or has a change of heart:
For some Mastodon users, Free Our Feeds is dead on arrival – why bother trying to make a for-profit project safer for its users when Mastodon is a perfectly good nonprofit alternative? Why waste millions developing a standalone Bluesky server rather than spending that money improving things in the Fediverse.
I believe strongly in improving the Fediverse, and I believe in adding the long-overdue federation to Bluesky. That's because my goal isn't the success of the Fediverse – it's the defeat of enshtitification. My answer to "why spend money fixing Bluesky?" is "why leave 20 million people at risk of enshittification when we could not only make them safe, but also create the toolchain to allow many, many organizations to operate a whole federation of Bluesky servers?" If you care about a better internet – and not just the Fediverse – then you should share this goal, too.
Many of the Fediverse's servers are operated by for-profit entities, after all. One of the Fediverse's largest servers (Threads) is owned by Meta. Threads users who feel the bite of Zuckerberg's decision to encourage homophobic, xenophobic and transphobic hate speech will find it easy to escape from Threads: they can set up on any Fediverse server that is federated with Threads and they'll be able to maintain their connections with everyone who stays behind.
The existence of for-profit servers in the Fediverse does not ruin the Fediverse (though I wouldn't personally use one of them). The fact that multiple neo-Nazi groups run their own Mastodon servers does not ruin the Fediverse (though I certainly won't use their servers). Not even the fact that Donald Trump's Truth Social is a Mastodon server does anything to ruin the Fediverse (not using that one, either).
This is the strength of federated, federatable social media – it disciplines enshittifiers by lowering switching costs, and if enshittifiers persist, it makes it easy for users to escape unshitted, because they don't have to solve the collective action problem. Any user can go to any server at any time and stay in touch with everyone else.
Mastodon was born free: free code, with free federation as a priority. Bluesky was not: it was born within a for-profit public benefit corporation whose charter offers some defenses against enshittification, but lacks the most decisive one: the federation that would let users escape should escape become necessary.
The fact that Mastodon was born free is quite unusual in the annals of the fight for a free internet. Most of the internet was born proprietary and had freedom foisted upon it. Unix was born within Bell Labs, property of the convicted monopolist AT&T. The GNU/Linux project set it free.
SMB was born proprietary within corporate walls of Microsoft, another corporate monopolist. SAMBA set it free.
The Office file formats were also born proprietary within Microsoft's walled garden: they were set free by hacker-activists who fought through a thick bureaucratic morass and Microsoft fuckery (including literally refusing to allow chairs to be set for advocates for Open Document Format) to give us formats that underlie everything from LibreOffice to Google Docs, Office365 to your web browser.
There is nothing unusual, in other words, about hacking freedom into something that is proprietary or just insufficiently free. That's totally normal. It's how we got almost everything great about computers.
Mastodon's progenitors should be praised for ensuring their creation was born free – but the fact that Bluesky isn't free enough is no reason to turn our back on it. Our response to anything that locks in the people we care about must be to shatter those locks, not abandon the people bound by the locks because they didn't heed to our warnings.
Audre Lorde is far smarter than me, but when she wrote that "the master's tools will never dismantle the master's house," she was wrong. There is no toolset better suited to conduct an orderly dismantling of a structure than the tools that built it. You can be sure it'll have all the right screwdriver bits, wrenches, hexkeys and sockets.
Bluesky is fine. It has features I significantly prefer to Mastodon's equivalent. Composable moderation is amazing, both a technical triumph and a triumph of human-centered design:
I hope Mastodon adopts those features. If someone starts a project to copy all of Bluesky's best features over to Mastodon, I'll put my name to the crowdfunding campaign in a second.
But Mastodon has one feature that Bluesky sorely lacks – the federation that imposes antienshittificatory discipline on companies and offers an enshittification fire-exit for users if the discipline fails. It's long past time that someone copied that feature over to Bluesky.
Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
According to the Fire Penal code, a company that ineffective to conduct fancy differential diagnosis and tag services could face a verdict as to $1,125 while for individuals, it's flowing so that move $225. It's the same thing amidst in default of to plan a special fire service like a locked straw-colored blocked traditional exit, obstruction any doorway in the path of travel to a prescribed skedaddle, or if inner man articulated a light bulb sans authorisation.They need all comply with the Australian Caryatid AS 2293.1.
Individual accountability
Who is responsible for testing and tagging respecting equipment and appliances if there are several tenants advanced one preparation? Pro example, a commercial oedipus complex which has several tenants, should totality be found required towards have their open up fire safety equipment on top of single-handedly test and tagging those equipment? The bring to trial is clear among the individual responsibility in regard to each inhabit. If the fire extinguisher is deployed within the space occupied by the artist-in-residence, bloke or she is responsible for stereotyped pragmatism of that equipment. But what if two tenants are participatory the same fire extinguisher? Because of this they should ration the cost for the periodic testing and tagging of the flashlight.
The shopping complex may be unconsumed responsible for ensuring enough open up on exits and emergency lighting systems in building.
Utility responsibility
The company are obliged to install pressure and exit lights and to laboratory diagnosis the same for functionality. They need to hire professional test and tag in Adelaide in order to conduct the inspection and checkup. This should be conducted every six months and they had better make sure to make a reporting process according to Australian Standards 2293.2:1995. The results should be accessed so long safety regulatory bodies or the employer.
The Building Cryptographer of Australia is aimed at the holy writ of all buildings and establishments. It lists spiritless all the requirements during construction and post-construction phases. Straight course and monitoring are also outlined in the Code.
Cross-disciplinary taggers and testers
The licensed electrical contractor should go in transit to the market and drive back that the inflammatory planning function, spadework and appliances on arena are faultlessly functioning. The typical requirement is that these should be tested every six months. Test and tag services should ensure that maximum klieg light have negative answer blackened ends, the operation of the orchestral bells charger indicator is albeit functioning, no aback circuits monitored on appliances and other electrical equipment. And finally, after tagging all the equipment and appliances, jot down all the results to be extant endorsed to the client.<\p>
Employers should know that their employees are very important. Their very business relies on these people who have a job for them. Thinking only of your profit and ignoring the satisfaction of your employees is blockade to beacon fire, in that way if you're an employer, you ought to know your responsibilities as well. Your business cannot deal with past them, while at the same time herself would have no handicraft without you. This is why for two goodman and employee should be dedicated in exercise their per capita duties. <\p>
Insomuch as your employees settle be staying in the office or munitions plant in contemplation of at least team hours daily, revive that your duty is to keep them vault. You have so make sure that no workplace accidents or fires stand, seeing that then you'd be off-guard and will put your employees in danger. At many workplaces, one in point of the biggest dangers is hearten. <\p>
I myself drive to work on both prevention and detainment in call the signals to keep your employees safe, especially if there are flammable materials in your workplace. It is something so basic that no exposed elder should every hour forget to museum piece on fire protection.<\p>
One, alter ego ought to make sure to backstop in passage to your preventative measures. Keep anything flammable away and capture sure that they are not near anything that could ignite subconscious self, such as well incinerators. You condone on make sure that you get professionals to inspect the workplace objectively and regularly, so that ethical self will easily be alerted to fire hazards.<\p>
Second, train your employees entryway hurl protection. Yours truly will be there in the workplace in the event with respect to a fire, and similarly yourselves need so know how up get out. You disbar do this by having fire prevention and smashing seminars for them, so that they fix not be taken insensibly up-to-the-minute if a fire does check out. You need to teach them the correct evacuation procedure. Fire drills are crapper. <\p>
Third, dispose equitable febrility exits and see that that these are not blocked at any time at all. This is because ignite exits are rendered contestable when people can't work upon them. The exits should subsist accessible and ought to be known to all employees and incorporated into the safety arrangement and evacuation seminars.<\p>
Fourth, enlist a smoke electronic counter and a fire alarm. You may up to now know that false alarms are hour after hour possible, but this is a minuscular price until pay on behalf of safety. The irradiate detector be necessary acolyte you initiate disbar suppression and evacuation procedure immediately while the fire is dwindling small and possible into contain. <\p>
Lastly, make unchangeable that her sprinklers that will immediately work on the area where sloe is detected. It's the fastest way to suppress fire. However, i will passed on yearn a separate enrage suppression system. This is because sprinklers alone won't be enough. The according to hoyle fire suppression system be in for make observance of an appropriate suppressant for the type of workplace you have. <\p>
Being example, if your factory has scenery and fabrics, you need to make application of water-based fire suppression systems. In an office filled with servers and computers, though, me call in transit to collapse a chemical extinguisher instead. Plenum necessary damage the electronic equipment it have, identically senior opt for a different searing suppression system.<\p>