Defense (of the internet) (from billionaires) in depth
Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.
The only way to truly billionaire-proof the internet is to a) abolish billionaires and b) abolish the system that allows people to become billionaires. Short of that, any levees we build will need constant tending, reinforcement, and re-evaluation.
That's normal. No security measure (including billionaire-proofing the internet) is a "set and forget" affair. Any time you want something and someone else wants the opposite, you are stuck in an endless game of attack and defense. The measures that block your adversary today will only work until your adversary changes tactics to circumvent your defenses.
For example, mining all the links on the internet to find non-spam sites worked brilliantly for Google, because until Pagerank, there were zero reasons for spammers to get links to point to their sites. Once Google became the dominant way of finding things on the internet, spammers invented the linkfarm. This principle can be summed up as "Show me a ten-foot wall and I'll show you an eleven-foot ladder."
Security designers address this with something called "defense in depth": that's a series of overlapping defenses that are meant to correct for one another's weaknesses. Your bank might use a password, a 2FA code, and – for extremely high-stakes transactions – a series of biographical questions posed by a human customer service over a telephone line.
I've written extensively about defending a new, good internet from billionaire enshittifiers. For example, in this post, I described how Bluesky could be made enshittification-resistant with the use of "Ulysses Pacts" – self-imposed, binding restrictions on enshittification:
A classic example of a Ulysses Pact is "throwing away the Oreos when you go on a diet." Now, it doesn't take a lot of work to devise a countermeasure your future, Oreo-craving self can take to defeat this measure: just drive to the grocery store and buy more Oreos. This even works at 2AM, provided you live within driving distance of an all-night grocer.
That doesn't mean you shouldn't throw away those Oreos. Depending on how strong your Oreo craving is, even a little friction can help you resist the temptation to ruin your diet. We often do bad things because of momentary impulses that fade quickly, and simply airgapping the connection between thought and deed works surprisingly well in many instances.
This is why places with fewer guns have fewer suicides of all kinds: there are plenty of ways to kill yourself, but none are quite so quick and reliable as a gun. People in the grips of a suicidal impulse who don't have guns have more chances to let the impulse pass (this is also why gun control leads to fewer all-cause homicides). So just because a measure is imperfect, that doesn't make it worthless.
If you're trying to give up drinking, you throw away all your booze, but you also go to meetings, and you get a sponsor who can help you out with a 2AM phone call. You might even put a breathalyzer on your car's ignition system. None of these are impossible to defeat (you can get an Uber to the liquor store, after all), but they all create friction between the thing you want, and the thing your adversary (your addiction) is trying to get. They strengthen the hand of you as defender of the sober status quo, against the attacker who wants you to relapse.
Critically, all these defensive measures also buy you space and time that you can use to organize and deploy more defenses. Maybe the long Uber ride to the liquor store gives you enough time to think about your actions so you call your sponsor from the parking lot. Defense is useful even when it only slows your adversary, rather than stopping your adversary in their tracks.
Scaling up from personal defense to societal-scale security considerations, it's useful to think of this as a battle with four fronts: code (what is technically im/possible?), law (what is il/legal?), norms (what is socially un/acceptable?) and markets (what is un/profitable?). This framework was first raised a quarter-century ago, in Larry Lessig's Code and Other Laws of Cyberspace:
Lessig laid out these four forces as four angles of attack that challengers to the status quo should plan their strategy around. If you want to liberalize copyright, you can try norms (the "Free Mickey" campaign), laws (the Eldred v. Ashcroft Supreme Court case), code (machine-readable Creative Commons licenses) and markets (open access/free software businesses). Each one of these helps the other – for example, if lots of people believe in copyright reform (norms), more of them will back a Humble Bundle for open access materials (markets), and more lawmakers will be interested in changing copyright statutes (law), and more hackers will see reason to do cool things with CC licenses, like search engines (code).
But the four forces aren't just for attackers seeking to disrupt the status quo – they're just as important for defenders looking to create and sustain a new status quo. Figuring out how to "lock a system open" is very different from figuring out how to "force a system open." But they're both campaigns waged with code, law, norms and markets.
We're living through a key moment in enshittification history. Millions of people have become dissatisfied with legacy social media companies run by despicable, fascism-friendly billionaires like Elon Musk and Mark Zuckerberg and are ready to leave, despite the costs (losing contact with friends who stay behind). While many of them are moving to group chats and private Discord servers,tens of millions have moved to new social media platforms that advertise (though they don't necessarily deliver) decentralization: Mastodon (and the fediverse) and Bluesky (and the atmosphere).
Decentralization is itself a defensive countermeasure (code). When a service has diffuse power, it's harder for any one person to take it over. Federation adds another defensive layer, because users who don't like the way one server is run can move to another server, with varying degrees of data- and identity-portability. That makes it harder for server owners to squeeze users to make money (markets), and gives them an out if server owners try it anyway.
Federation with decentralization is my favorite anti-enshittification defense. It's powerful as hell. It's the main reason I endorse Free Our Feeds, an effort to (among other things) build more Bluesky servers to decrease the centralization and give users dissatisfied with Bluesky management an alternative:
That said, decentralization and federation are not perfect, set-and-forget defenses. Take email – the oldest, most successful federated system of them all. Email is nominally decentralized, but most email traffic goes through a handful of extremely large servers run by a cartel of companies (Google, Apple, Microsoft, and a few ISPs). These companies collude (or, more charitably, coordinate) to block email from non-cartel companies, in the name of fighting spam. This makes running your own mail server so hard that it is nearly impossible (that is, if you care about people actually receiving the email you send them):
https://pluralistic.net/2021/10/10/dead-letters/
What's interesting about enshittified email is that it didn't start with corporate takeover: it started with volunteer-maintained blocklists of untrustworthy servers that most email operators subscribed to, defederating from any server that appeared on the list. These blocklists of bad servers were opaque (often, their maintainers would operate anonymously, citing the threat of retaliation from criminal scammers whose servers appeared on the list). They had little or no appeal process, and few or no objective criteria for inclusion (you could be blocklisted for how your email server was configured, even if no one was using it to send spam). All of this set up the conditions to favor large email servers, and also had the effect of immunizing these large servers from appearing on blocklists. I mean, once three quarters of the internet is on Gmail, no one is going to block email from Gmail, even if a ton of spam is sent using its servers.
The lesson of email doesn't mean email is bad, nor does it mean decentralization and federation are useless. It doesn't even mean that blocklists of bad servers are evil. It just means that federation and decentralization are imperfect and insufficient defenses against enshittification, and that blocklists are useful, but very dangerous. It means that we should strive to keep our systems federated and decentralized, and watch our blocklists very carefully, and not rely on any of this as the only defense against enshittification.
Likewise, both Mastodon and Bluesky are built on free/open code and standards. That means that anyone can fork them, fix them or mod them. What's more, the licenses involved are irrevocable, making them very effective Ulysses Pacts. No one – not a CEO, not a VC investor, not a court or a blackmailer – can order someone to make their GPL code proprietary. The license is perpetual and irrevocable, and that's that.
Free/open licenses are excellent Ulysses Pacts and great code-related defenses against enshittification, but they, too, are imperfect and insufficient. Google, Facebook, Amazon, Apple and Microsoft have all figured out how to enshittify services that are built on free/open code:
And then there are all the companies that use free/open code and defeat the freedom and openness by simply violating the license, on the grounds that a decentralized, federated development community can't figure out who has standing to sue, and also can't afford to pay for the lawyers to do so:
That's not to say that code-based antienshittification measures are pointless – only to say that they need other measures to backstop them, as defense in depth. Let's talk about law, then. Both Mastodon and Bluesky are governed by legal entities that are, nominally, organized by charters that oblige them to eschew enshittification and be responsive to their users (Bluesky is a B-corp, Mastodon's code is overseen by a US nonprofit).
These structures are very important. I've been a volunteer board member for several co-ops and nonprofits (I was even once a volunteer for a nonprofit co-op!) and I'm familiar with the role that good governance can play in defending a project from internal and external pressures to betray its mission. That means I'm also familiar with the limits of these governance measures.
Take nonprofits: nominally, nonprofits are legally bound to serve their charitable purpose, and technically, stakeholders have legal recourse if they stray from this. But you don't have to look far to find nonprofits that have violated their charter and gotten away with it. Take the Nature Conservancy, which has become a key player in the market for fake "carbon offsets" that are used to justify everything from fossil fuel extraction to SUV manufacture:
Or think of ISOC, who get tens of millions of dollars in free money every year from their stewardship of the .ORG registry, but who decided to hand over control of the nonprofits' TLD of choice to a shadowy cabal of hedge-fund billionaires:
But REI is a paragon of social virtue compared to its Canadian equivalent, Mountain Equipment Coop, whose board was taken over by corrupt assholes who then sold the whole thing to a US private equity fund and change the name to "MEC":
B-corps are far from perfect, too: while they are nominally required to serve a positive social purpose, in practice, they can violate that purpose with impunity, whether that through greenwashing:
None of this is to claim that B-corps, co-ops, and nonprofits are useless. Maybe we should just give up on organization altogether and have some kind of adhocracy? If you're thinking this will help, then you need to read Jo Freeman's "The Tyranny of Structurelessness" and learn how a "leaderless" group is actually led by its least scrupulous, most Machiavellian schemers:
https://www.jofreeman.com/joreen/tyranny.htm
At this point, you might be mentally designing a new corporate structure, one that's designed to correct for both the tyranny of structurelessness and the brittleness of co-ops, nonprofits and B-corps. Please don't do this. Rolling your own corporate structure is like rolling your own cryptography or your own free software license. It always ends in tears:
I like co-ops, nonprofits and B-corps. They're powerful – but insufficient – weapons against enshittification. They need to be backstopped by other measures, like norms. Normative measures are very powerful! Of course, mass revolts of angry users don't always keep companies from enshittifying:
And of course, these defensive measures reinforce one another. The public outcry against the .ORG selloff (norms) led to California's Attorney General stepping in (law), and after that, we more-or-less romped to victory:
Markets are the final antienshittificatory force. If a social network is designed to be surveillance-resistant, it will be (very) hard to implement behavioral surveillance advertising. If a network is designed to support a many clients, it will be easy to implement an ad-blocker. Both factors make advertising-based businesses very unattractive to individual server operators, spammers, and VCs who back companies that operate elements of a federated server.
Same goes for systems that allow users to control the recommendations and other algorithmic aspects of their feeds (including switching these off altogether). The fact that Tiktok's users overwhelmingly use an algorithmic feed that they have no way to control or even understand is an anti-Ulysses Pact, an irresistible temptation for Tiktok to enshittify itself:
By contrast, it's much harder to pull those shenanigans with services that technologically devolve control over recommendations (code), making it less profitable to even try to attempt this (markets). And of course, if users refuse to tolerate this kind of thing (norms) and can hop to other servers (code), then any system that pulls that nonsense will lose lots of users and go broke (markets).
This defense-in-depth approach to decentralized social media pushes us to analyze both Mastodon and Bluesky through a tactical lens – to identify the weak parts in the defenses of each and shore them up.
Take Free Our Feeds and its attempt to stand up more Bluesky servers. This addresses one of the serious technical deficiencies in Bluesky (the lack of federation), and if lots of Bluesky users try it out, it will normalize the idea that Bluesky is a constellation of independently managed servers (norms). It also creates Bluesky alternatives with radically different commercial imperatives (markets), because the main Bluesky server is backed by venture capitalists, who are notorious for their enshittifying impulses.
But security isn't static – a tactic that works today won't work tomorrow if your adversary can figure out a way around it. Bluesky is a B-corp with an excellent board with some names I have profound trust for, but B-corps can abandon their public benefit purpose, and boards can be fired (and also even people you trust can talk themselves into doing stupid and wicked things, see .ORG).
If millions of Bluesky users flock to a rival service, one run by a nonprofit (markets), Bluesky's investors might be tempted to sever the link between Bluesky and that new server (code). That's what Facebook and Apple did to XMPP, an interoperable, federated messaging system that used to connect Apple users, Facebook users, and users of many other servers. They did this for commercial reasons (markets), to trap and lock in their users (code), and they got away with it because not enough users were outraged by this (norms) that they could get away with it.
When Bluesky's VCs fire the CEO, kick people like Mike Masnick off its board, and then defederate from Free Our Feeds' server, how do we make that more like Sonos or Unity (where the corporation capitulated to its users), and not like Reddit (where the user revolt was crushed)?
With social media, it's a numbers game. Social media grows by network effects: the more users there are in a system, the more valuable it is. It's not merely imperative to create alternative Bluesky servers, it's imperative to make them populous enough that cutting them off from the first Bluesky server will inflict more pain on the company than it inflicts on those other users. That's not a guarantee that Bluesky's future, enshittification-bent management won't go ahead and do it anyway, but it does increase the chances that if they press on, their users will take the hit to defect to free/open servers.
Bluesky has other problems besides its centralization, of course. The reason Bluesky is so centralized is that it's really expensive to run an alternative Bluesky server that provides a home for users who have left the main server (a "relay" in Bluesky-ese). Partly this is down to tooling: because no one has done it, Free Our Feeds will have to invent a lot of stuff to get that server up and running, but people who come later will benefit from whatever Free Our Feeds develops along the way.
But mostly, this isn't a tooling problem – it's an architecture problem. The way that Bluesky is structured demands a lot more of relays than Mastodon demands of "instances" (a loose Fediverse analog to relays):
This is a code problem, and it's a hard one, but it's not insurmountable. The history of networked tools is the history of developers figuring out how to break apart large, monolithic, expensive services in cheaper, smaller, easier to develop. In other words, our defense in depth of Bluesky militates for more than one project – not just a "Free Our Feeds" but also a software development project to make it easier for anyone to free those feeds.
Which raises some important questions, the biggest being "Why bother?" After all, there's already a perfectly good Fediverse that could sure use the money and effort that Free Our Feeds is proposing to put into Bluesky. My main answer here is that the point of disenshittification is an enshittification-free internet, not a better Mastodon:
We want to set Bluesky users free because the problem with Bluesky isn't its users, it's the fact that there's no fire-exits those users can avail themselves of if Bluesky's VCs set it on fire:
But there's another good reason to do this, one that involves people who have no interest in using Bluesky: even if you don't want to use a better Bluesky, you likely have very good reasons to reach Bluesky users. Maybe you want them to help you organize against enshittification! Or maybe you just want to operate a real-world venue where people can gather and have a great time and support performers, and right now you're stuck advertising on Facebook and Instagram, and you don't want to end up being forced to use an enshittified, fire-exit-free Bluesky in the future:
Of course, there's plenty of reasons to want to make Mastodon better. Many of Mastodon's features are absurdly primitive – the lack of threading support and quote-boosting sucks, and the supposedly opt-in system-wide search doesn't work, even if you opt in. Masto could sure use some of the money that Free Our Feeds is asking for to spruce up Bluesky.
This is true, but also irrelevant. Mastodon is stuck at around a million active users, while Bluesky has twenty times that amount. Crowdfunding a couple dollars per user to pursue software development is a reasonable goal, but raising twenty times that much is a lot harder:
https://mastodon-analytics.com/
The money being raised for Free Our Feeds isn't money that had been earmarked for Mastodon development, nor will abandoning Free Our Feeds redirect those funds to Mastodon development.
Which isn't to say that we shouldn't chip in to fund Mastodon development. I donated to the Kickstarter for Pixelfed, a Fediverse Insta replacement that has Meta so scared that they'll suspend your account if you even mention it:
Adding Insta-like features to Mastodon is great. Fixing search, quoting, and threading would be great, too. We probably need some kind of governance efforts to keep volunteer-run, good faith defederation blocklists from exhibiting the same dynamics that email went through during the spam wars. There's some Bluesky features I'd love to see on Mastodon, like composable moderation and user-controlled, user-tunable recommendations. We also probably need some kind of adversarial press that closely monitors the governance structure for the Mastodon codebase and reports on process in standardization (I cannot overstate how much fuckery can take place within standards bodies, under cover of a nigh-impermeable shield of boringness).
Breaking Bluesky open is a priority. Keeping Mastodon open is a priority. But neither of these are goals unto themselves. The point is to set people free, not set technology free. Willie Sutton robbed banks because "that's where the money is." Right now, I'm interested in anti-enshittification measures for Bluesky because "that's where the people are."
Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
With regards to asking for ruqiyah and using cautery, The scholars mention that if these 2 are needed out of necessity, then no problem. But if its not then it is best to rely upon Allah SWT ‐--------------------------------------------------------------------------- ◇ Tag your friends and family so they may benefit. ‐--------------------------------------------------------------------------- ◇ Prophet Muhammad ﷺ said: " The one guides to something good has a reward similar to that one doing it" [Sahih Muslim] #islam#quran#allah#salaf#salafi#jannah#hadith#sunnah#revert#convert#tawheed#isoc#akhi#scholars#muslim#ramadan#sunnah#prophet#prophetspath#islamicquotes#makkah#medina https://www.instagram.com/p/CJSowVQFzGX/?igshid=1agbn6w1l5xc8
"Jana?" mother of this body called. "Could you wash the dishes?"
She called back in affirmative before fishing for a bookmark to mark the page. Jana rushed to the kitchen ruffling the hair of her two younger sisters before getting to work.
When she was young, in her previous life, she loved washing dishes by hand; a silly tradition really and one she hated doing in the winter because back in her previous life there was no hot water in the kitchen. Here there were no such setbacks.
That made her cry sometimes.
The Sable family lived in a small village named Plume; on a Summer Island called Hook Island, Grand Line, Paradise.
First time she learned of this Jana had been torn between laughter and sobbing, not that she could be blamed for that, knowing the dangers of the world she was born in.
Clinking of the plates calmed her, smell of detergent made her focus on her work; but her mind did drift into slight introspection as these were all practiced movements. There was plenty to wash, their family ran an Inn - or rather her grandmother ran an Inn and the rest of the family just happened to live here.
This was one of grandmother’s grumbling complaints, so Jana had little issue lending a hand.
When she realized where she was, at age of three, she threw herself into reading any book she could reach. She considered herself very lucky to be born as a nobody and far away from the plot as possible; but she knew it might not stay that simple.
What if one of the more horrid pirate crews anchored here? what if pirates attacked her village? what if Marines decided to kill her entire island off?
What if, what if.
There was a myriad of possibilities that could end their peaceful lives here.
Gol D. Roger was executed when she was three, which left her quite some time until plot happened, assuming she didn't die before then, due to whatever. After all the main plot is not all there is.
One thing that she was certain of was that no one could know of the knowledge she possessed. It would place her family in danger, an entire world in danger, should there exist a person whose Devil Fruit could read minds.
Jana wanted to take no chances.
Best way to confuse a mind reader, who probably wouldn't be looking for any information under 'reincarnation' was to hoard huge amounts of knowledge. That was Jana’s take on the issue.
Little bits and pieces that would become credible clues to things she knew from before. Just so that a possible mind reader - and it was quite possible such a Devil Fruit existed - would consider her an investigator rather than an outsider with knowledge of the future.
She unplugged the sink and watched the soapy water drain away. Jana knew her parents were worried that she had no aspirations outside of reading and training her dog.
She smiled as she dried the plates.
How happy they were that she finally had a friend of sorts. Even if it was an animal. Jana had never been able to connect to her older sisters, not in the way sister's might; as she treated all four, both the younger and the older set of twins, as children.
Which they were, but being a young girl in body made it seem weird to others even if Jana was mentally thirty, twenty three years older than her body.
As soon as she was done she called to her grandmother that she was going out and grabbed her book again. "Jana!" her mother called out before she could disappear. "Don't forget to clean your room if you want to go with your father tomorrow!"
"I won't!" a rare grin spread across her face. She loved going with her father to the bigger city. A city that reminded her of her past life with it's tall buildings and numerous roads. No cars unfortunately, but still nostalgic. Jana loved to explore while her father did his work for the building company.
As an architect in a city like that he had no shortage of work; more than in their village of course, as pirates were more prone to anchoring and destroying in bigger cities.
While she did get in trouble sometimes, Jana was usually fast and nimble enough to escape and drunkards and delinquents that wanted to harm her.
After one incident which granted her a cut on her upper arm she made sure to run every morning if only to build up stamina.
This payed off in the busy streets of Lissel City where she learned to weave in and out of crowds with impressive speed, and manage to get back to her father unharmed every time since.
There were some of her father's friends that taught her how to punch properly once she returned with a black eye, courtesy of a fisherman's son who wanted to rip her book (he looked worse).
Her parents might have been worried that she would become a delinquent or a criminal, but her sisters pitched in with evidence that most kids in their nearby school were just jealous of Jana's smarts. After the elder twin's pleading she was left alone about any scrapes she gained, and if her father encouraged her to learn some self-defense and her grandmother looked suspiciously proud that was another matter entirely.
It was after the incident with Marines that her father encouraged her to broaden her physical training.
Jana didn't trust Marines, not by a long shot.
Mostly due to the fact that she was privy to their dirty secrets than anything else. Logically she knew there were good and bad Marines, in relation to civilian populace, just as there were many types of Pirates no matter what World Government said.
It was due to this that she gave Marines she encountered a benefit of doubt.
That was her first mistake.
Honestly, though, she knew there were some brutes out there, but to physically attack a seven year old was over the top. She didn't even bump into them or anything and being addressed as 'Hey you' didn't really clue her in that they were talking to her.
Jana returned home with a broken arm and an angry expression. Her parents panicked in short order, but only looked resigned when she said that it was the Marines.
That was the day she learned that her grandfather had been a pirate.
She also learned that Marines looked for any excuse to bring their family down. Villagers around here didn't like the Marines either, especially since they knew the Sable family and had no issue over long dead pirate relative. It was a small town, a close knit community.
Even if they had issues with each other, they had more beef with the Government.
Marines excused this as prevention. Keeping an eye on them in case any of them decided to turn pirate. Her parents' worry over her injuries looked to gain more weight with every moment.
It was the city dwellers who helped her once they heard her scream out from the pain; they escorted her back home after filing a complaint against the Marines. Her parents thanked them, but didn't expect it to go though, these things never did they said.
It was the first time they inflicted a serious bodily injury to a member of the family and her father worried that it might escalate.
That was the reason he introduced a broader training routine into Jana's schedule. Her elder sisters used to have their own when they were her age, but they were also less prone to getting in trouble.
Jana thought that this was the issue of her mental and physical age difference because she tended to mis-estimate danger.
It happened many times, but it was this time that she didn't manage to escape. Not that Jana made any mention of those previous times, not wanting to worry anyone, but it was this time that such an error was brought to her attention violently.
Three months passed since then. During the first month Jana shied away from people more than ever and her family fretted that her trust in people was broken irreparably.
What they didn't realize that it was her trust in herself that had been broken.
Jana grew more and more uncertain of her own knowledge of people, interactions and emotions.
Because, why couldn't she read the situation that time-why couldn't she see?!
It was Luca, her dog, who saved her. It was him who really saved her. Her family saw him bring her out of her shell, but they didn't see the whole picture.
Jana learned quickly that Luca was a good judge of character, he could smell it, sense it, whatever it was that he could do; he could definitely tell people's intentions. Jana let him take the wheel.
Everywhere she went Luca followed and Jana took cues from him.
From his slanted ears, bristling fur, bared teeth or low growls. She attuned herself and her observations according to him and pulled through.
