The disenshittified internet starts with loyal "user agents"
I'm in TARTU, ESTONIA! Overcoming the Enshittocene (TOMORROW, May 8, 6PM, Prima Vista Literary Festival keynote, University of Tartu Library, Struwe 1). AI, copyright and creative workers' labor rights (May 10, 8AM: Science Fiction Research Association talk, Institute of Foreign Languages and Cultures building, Lossi 3, lobby). A talk for hackers on seizing the means of computation (May 10, 3PM, University of Tartu Delta Centre, Narva 18, room 1037).
There's one overwhelmingly common mistake that people make about enshittification: assuming that the contagion is the result of the Great Forces of History, or that it is the inevitable end-point of any kind of for-profit online world.
In other words, they class enshittification as an ideological phenomenon, rather than as a material phenomenon. Corporate leaders have always felt the impulse to enshittify their offerings, shifting value from end users, business customers and their own workers to their shareholders. The decades of largely enshittification-free online services were not the product of corporate leaders with better ideas or purer hearts. Those years were the result of constraints on the mediocre sociopaths who would trade our wellbeing and happiness for their own, constraints that forced them to act better than they do today, even if the were not any better:
Corporate leaders' moments of good leadership didn't come from morals, they came from fear. Fear that a competitor would take away a disgruntled customer or worker. Fear that a regulator would punish the company so severely that all gains from cheating would be wiped out. Fear that a rival technology – alternative clients, tracker blockers, third-party mods and plugins – would emerge that permanently severed the company's relationship with their customers. Fears that key workers in their impossible-to-replace workforce would leave for a job somewhere else rather than participate in the enshittification of the services they worked so hard to build:
When those constraints melted away – thanks to decades of official tolerance for monopolies, which led to regulatory capture and victory over the tech workforce – the same mediocre sociopaths found themselves able to pursue their most enshittificatory impulses without fear.
The effects of this are all around us. In This Is Your Phone On Feminism, the great Maria Farrell describes how audiences at her lectures profess both love for their smartphones and mistrust for them. Farrell says, "We love our phones, but we do not trust them. And love without trust is the definition of an abusive relationship":
I (re)discovered this Farrell quote in a paper by Robin Berjon, who recently co-authored a magnificent paper with Farrell entitled "We Need to Rewild the Internet":
The new Berjon paper is narrower in scope, but still packed with material examples of the way the internet goes wrong and how it can be put right. It's called "The Fiduciary Duties of User Agents":
In "Fiduciary Duties," Berjon focuses on the technical term "user agent," which is how web browsers are described in formal standards documents. This notion of a "user agent" is a holdover from a more civilized age, when technologists tried to figure out how to build a new digital space where technology served users.
A web browser that's a "user agent" is a comforting thought. An agent's job is to serve you and your interests. When you tell it to fetch a web-page, your agent should figure out how to get that page, make sense of the code that's embedded in, and render the page in a way that represents its best guess of how you'd like the page seen.
For example, the user agent might judge that you'd like it to block ads. More than half of all web users have installed ad-blockers, constituting the largest consumer boycott in human history:
Your user agent might judge that the colors on the page are outside your visual range. Maybe you're colorblind, in which case, the user agent could shift the gamut of the colors away from the colors chosen by the page's creator and into a set that suits you better:
https://dankaminsky.com/dankam/
Or maybe you (like me) have a low-vision disability that makes low-contrast type difficult to impossible to read, and maybe the page's creator is a thoughtless dolt who's chosen light grey-on-white type, or maybe they've fallen prey to the absurd urban legend that not-quite-black type is somehow more legible than actual black type:
The user agent is loyal to you. Even when you want something the page's creator didn't consider – even when you want something the page's creator violently objects to – your user agent acts on your behalf and delivers your desires, as best as it can.
Now – as Berjon points out – you might not know exactly what you want. Like, you know that you want the privacy guarantees of TLS (the difference between "http" and "https") but not really understand the internal cryptographic mysteries involved. Your user agent might detect evidence of shenanigans indicating that your session isn't secure, and choose not to show you the web-page you requested.
This is only superficially paradoxical. Yes, you asked your browser for a web-page. Yes, the browser defied your request and declined to show you that page. But you also asked your browser to protect you from security defects, and your browser made a judgment call and decided that security trumped delivery of the page. No paradox needed.
But of course, the person who designed your user agent/browser can't anticipate all the ways this contradiction might arise. Like, maybe you're trying to access your own website, and you know that the security problem the browser has detected is the result of your own forgetful failure to renew your site's cryptographic certificate. At that point, you can tell your browser, "Thanks for having my back, pal, but actually this time it's fine. Stand down and show me that webpage."
That's your user agent serving you, too.
User agents can be well-designed or they can be poorly made. The fact that a user agent is designed to act in accord with your desires doesn't mean that it always will. A software agent, like a human agent, is not infallible.
However – and this is the key – if a user agent thwarts your desire due to a fault, that is fundamentally different from a user agent that thwarts your desires because it is designed to serve the interests of someone else, even when that is detrimental to your own interests.
A "faithless" user agent is utterly different from a "clumsy" user agent, and faithless user agents have become the norm. Indeed, as crude early internet clients progressed in sophistication, they grew increasingly treacherous. Most non-browser tools are designed for treachery.
A smart speaker or voice assistant routes all your requests through its manufacturer's servers and uses this to build a nonconsensual surveillance dossier on you. Smart speakers and voice assistants even secretly record your speech and route it to the manufacturer's subcontractors, whether or not you're explicitly interacting with them:
By design, apps and in-app browsers seek to thwart your preferences regarding surveillance and tracking. An app will even try to figure out if you're using a VPN to obscure your location from its maker, and snitch you out with its guess about your true location.
Mobile phones assign persistent tracking IDs to their owners and transmit them without permission (to its credit, Apple recently switch to an opt-in system for transmitting these IDs) (but to its detriment, Apple offers no opt-out from its own tracking, and actively lies about the very existence of this tracking):
An Android device running Chrome and sitting inert, with no user interaction, transmits location data to Google every five minutes. This is the "resting heartbeat" of surveillance for an Android device. Ask that device to do any work for you and its pulse quickens, until it is emitting a nearly continuous stream of information about your activities to Google:
These faithless user agents both reflect and enable enshittification. The locked-down nature of the hardware and operating systems for Android and Ios devices means that manufacturers – and their business partners – have an arsenal of legal weapons they can use to block anyone who gives you a tool to modify the device's behavior. These weapons are generically referred to as "IP rights" which are, broadly speaking, the right to control the conduct of a company's critics, customers and competitors:
https://locusmag.com/2020/09/cory-doctorow-ip/
A canny tech company can design their products so that any modification that puts the user's interests above its shareholders is illegal, a violation of its copyright, patent, trademark, trade secrets, contracts, terms of service, nondisclosure, noncompete, most favored nation, or anticircumvention rights. Wrap your product in the right mix of IP, and its faithless betrayals acquire the force of law.
This is – in Jay Freeman's memorable phrase – "felony contempt of business model." While more than half of all web users have installed an ad-blocker, thus overriding the manufacturer's defaults to make their browser a more loyal agent, no app users have modified their apps with ad-blockers.
The first step of making such a blocker, reverse-engineering the app, creates criminal liability under Section 1201 of the Digital Millennium Copyright Act, with a maximum penalty of five years in prison and a $500,000 fine. An app is just a web-page skinned in sufficient IP to make it a felony to add an ad-blocker to it (no wonder every company wants to coerce you into using its app, rather than its website).
If you know that increasing the invasiveness of the ads on your web-page could trigger mass installations of ad-blockers by your users, it becomes irrational and self-defeating to ramp up your ads' invasiveness. The possibility of interoperability acts as a constraint on tech bosses' impulse to enshittify their products.
The shift to platforms dominated by treacherous user agents – apps, mobile ecosystems, walled gardens – weakens or removes that constraint. As your ability to discipline your agent so that it serves you wanes, the temptation to turn your user agent against you grows, and enshittification follows.
This has been tacitly understood by technologists since the web's earliest days and has been reaffirmed even as enshittification increased. Berjon quotes extensively from "The Internet Is For End-Users," AKA Internet Architecture Board RFC 8890:
Defining the user agent role in standards also creates a virtuous cycle; it allows multiple implementations, allowing end users to switch between them with relatively low costs (…). This creates an incentive for implementers to consider the users' needs carefully, which are often reflected into the defining standards. The resulting ecosystem has many remaining problems, but a distinguished user agent role provides an opportunity to improve it.
And the W3C's Technical Architecture Group echoes these sentiments in "Web Platform Design Principles," which articulates a "Priority of Constituencies" that is supposed to be central to the W3C's mission:
User needs come before the needs of web page authors, which come before the needs of user agent implementors, which come before the needs of specification writers, which come before theoretical purity.
https://w3ctag.github.io/design-principles/
But the W3C's commitment to faithful agents is contingent on its own members' commitment to these principles. In 2017, the W3C finalized "EME," a standard for blocking mods that interact with streaming videos. Nominally aimed at preventing copyright infringement, EME also prevents users from choosing to add accessibility add-ons that beyond the ones the streaming service permits. These services may support closed captioning and additional narration of visual elements, but they block tools that adapt video for color-blind users or prevent strobe effects that trigger seizures in users with photosensitive epilepsy.
The fight over EME was the most contentious struggle in the W3C's history, in which the organization's leadership had to decide whether to honor the "priority of constituencies" and make a standard that allowed users to override manufacturers, or whether to facilitate the creation of faithless agents specifically designed to thwart users' desires on behalf of manufacturers:
This fight was settled in favor of a handful of extremely large and powerful companies, over the objections of a broad collection of smaller firms, nonprofits representing users, academics and other parties agitating for a web built on faithful agents. This coincided with the W3C's operating budget becoming entirely dependent on the very large sums its largest corporate members paid.
W3C membership is on a sliding scale, based on a member's size. Nominally, the W3C is a one-member, one-vote organization, but when a highly concentrated collection of very high-value members flex their muscles, W3C leadership seemingly perceived an existential risk to the organization, and opted to sacrifice the faithfulness of user agents in service to the anti-user priorities of its largest members.
For W3C's largest corporate members, the fight was absolutely worth it. The W3C's EME standard transformed the web, making it impossible to ship a fully featured web-browser without securing permission – and a paid license – from one of the cartel of companies that dominate the internet. In effect, Big Tech used the W3C to secure the right to decide who would compete with them in future, and how:
Enshittification arises when the everyday mediocre sociopaths who run tech companies are freed from the constraints that act against them. When the web – and its browsers – were a big, contented, diverse, competitive space, it was harder for tech companies to collude to capture standards bodies like the W3C to secure even more dominance. As the web turned into Tom Eastman's "five giant websites filled with screenshots of text from the other four," that kind of collusion became much easier:
In arguing for faithful agents, Berjon associates himself with the group of scholars, regulators and activists who call for user agents to serve as "information fiduciaries." Mostly, information fiduciaries come up in the context of user privacy, with the idea that entities that hold a user's data would have the obligation to put the user's interests ahead of their own. Think of a lawyer's fiduciary duty in respect of their clients, to give advice that reflects the client's best interests, even when that conflicts with the lawyer's own self-interest. For example, a lawyer who believes that settling a case is the best course of action for a client is required to tell them so, even if keeping the case going would generate more billings for the lawyer and their firm.
For a user agent to be faithful, it must be your fiduciary. It must put your interests ahead of the interests of the entity that made it or operates it. Browsers, email clients, and other internet software that served as a fiduciary would do things like automatically blocking tracking (which most email clients don't do, especially webmail clients made by companies like Google, who also sell advertising and tracking).
Berjon contemplates a legally mandated fiduciary duty, citing Lindsey Barrett's "Confiding in Con Men":
He describes a fiduciary duty as a remedy for the enforcement failures of EU's GDPR, a solidly written, and dismally enforced, privacy law. A legally backstopped duty for agents to be fiduciaries would also help us distinguish good and bad forms of "innovation" – innovation in ways of thwarting a user's will are always bad.
Now, the tech giants insist that they are already fiduciaries, and that when they thwart a user's request, that's more like blocking access to a page where the encryption has been compromised than like HAL9000's "I can't let you do that, Dave." For example, when Louis Barclay created "Unfollow Everything," he (and his enthusiastic users) found that automating the process of unfollowing every account on Facebook made their use of the service significantly better:
When Facebook shut the service down with blood-curdling legal threats, they insisted that they were simply protecting users from themselves. Sure, this browser automation tool – which just automatically clicked links on Facebook's own settings pages – seemed to do what the users wanted. But what if the user interface changed? What if so many users added this feature to Facebook without Facebook's permission that they overwhelmed Facebook's (presumably tiny and fragile) servers and crashed the system?
These arguments have lately resurfaced with Ethan Zuckerman and Knight First Amendment Institute's lawsuit to clarify that "Unfollow Everything 2.0" is legal and doesn't violate any of those "felony contempt of business model" laws:
https://pluralistic.net/2024/05/02/kaiju-v-kaiju/
Sure, Zuckerman seems like a good guy, but what if he makes a mistake and his automation tool does something you don't want? You, the Facebook user, are also a nice guy, but let's face it, you're also a naive dolt and you can't be trusted to make decisions for yourself. Those decisions can only be made by Facebook, whom we can rely upon to exercise its authority wisely.
Other versions of this argument surfaced in the debate over the EU's decision to mandate interoperability for end-to-end encrypted (E2EE) messaging through the Digital Markets Act (DMA), which would let you switch from, say, Whatsapp to Signal and still send messages to your Whatsapp contacts.
There are some good arguments that this could go horribly awry. If it is rushed, or internally sabotaged by the EU's state security services who loathe the privacy that comes from encrypted messaging, it could expose billions of people to serious risks.
But that's not the only argument that DMA opponents made: they also argued that even if interoperable messaging worked perfectly and had no security breaches, it would still be bad for users, because this would make it impossible for tech giants like Meta, Google and Apple to spy on message traffic (if not its content) and identify likely coordinated harassment campaigns. This is literally the identical argument the NSA made in support of its "metadata" mass-surveillance program: "Reading your messages might violate your privacy, but watching your messages doesn't."
This is obvious nonsense, so its proponents need an equally obviously intellectually dishonest way to defend it. When called on the absurdity of "protecting" users by spying on them against their will, they simply shake their heads and say, "You just can't understand the burdens of running a service with hundreds of millions or billions of users, and if I even tried to explain these issues to you, I would divulge secrets that I'm legally and ethically bound to keep. And even if I could tell you, you wouldn't understand, because anyone who doesn't work for a Big Tech company is a naive dolt who can't be trusted to understand how the world works (much like our users)."
Not coincidentally, this is also literally the same argument the NSA makes in support of mass surveillance, and there's a very useful name for it: scalesplaining.
Now, it's totally true that every one of us is capable of lapses in judgment that put us, and the people connected to us, at risk (my own parents gave their genome to the pseudoscience genetic surveillance company 23andme, which means they have my genome, too). A true information fiduciary shouldn't automatically deliver everything the user asks for. When the agent perceives that the user is about to put themselves in harm's way, it should throw up a roadblock and explain the risks to the user.
But the system should also let the user override it.
This is a contentious statement in information security circles. Users can be "socially engineered" (tricked), and even the most sophisticated users are vulnerable to this:
The only way to be certain a user won't be tricked into taking a course of action is to forbid that course of action under any circumstances. If there is any means by which a user can flip the "are you very sure?" circuit-breaker back on, then the user can be tricked into using that means.
This is absolutely true. As you read these words, all over the world, vulnerable people are being tricked into speaking the very specific set of directives that cause a suspicious bank-teller to authorize a transfer or cash withdrawal that will result in their life's savings being stolen by a scammer:
We keep making it harder for bank customers to make large transfers, but so long as it is possible to make such a transfer, the scammers have the means, motive and opportunity to discover how the process works, and they will go on to trick their victims into invoking that process.
Beyond a certain point, making it harder for bank depositors to harm themselves creates a world in which people who aren't being scammed find it nearly impossible to draw out a lot of cash for an emergency and where scam artists know exactly how to manage the trick. After all, non-scammers only rarely experience emergencies and thus have no opportunity to become practiced in navigating all the anti-fraud checks, while the fraudster gets to run through them several times per day, until they know them even better than the bank staff do.
This is broadly true of any system intended to control users at scale – beyond a certain point, additional security measures are trivially surmounted hurdles for dedicated bad actors and as nearly insurmountable hurdles for their victims:
At this point, we've had a couple of decades' worth of experience with technological "walled gardens" in which corporate executives get to override their users' decisions about how the system should work, even when that means reaching into the users' own computer and compelling it to thwart the user's desire. The record is inarguable: while companies often use those walls to lock bad guys out of the system, they also use the walls to lock their users in, so that they'll be easy pickings for the tech company that owns the system:
This is neatly predicted by enshittification's theory of constraints: when a company can override your choices, it will be irresistibly tempted to do so for its own benefit, and to your detriment.
What's more, the mere possibility that you can override the way the system works acts as a disciplining force on corporate executives, forcing them to reckon with your priorities even when these are counter to their shareholders' interests. If Facebook is genuinely worried that an "Unfollow Everything" script will break its servers, it can solve that by giving users an unfollow everything button of its own design. But so long as Facebook can sue anyone who makes an "Unfollow Everything" tool, they have no reason to give their users such a button, because it would give them more control over their Facebook experience, including the controls needed to use Facebook less.
It's been more than 20 years since Seth Schoen and I got a demo of Microsoft's first "trusted computing" system, with its "remote attestations," which would let remote servers demand and receive accurate information about what kind of computer you were using and what software was running on it.
This could be beneficial to the user – you could send a "remote attestation" to a third party you trusted and ask, "Hey, do you think my computer is infected with malicious software?" Since the trusted computing system produced its report on your computer using a sealed, separate processor that the user couldn't directly interact with, any malicious code you were infected with would not be able to forge this attestation.
But this remote attestation feature could also be used to allow Microsoft to block you from opening a Word document with Libreoffice, Apple Pages, or Google Docs, or it could be used to allow a website to refuse to send you pages if you were running an ad-blocker. In other words, it could transform your information fiduciary into a faithless agent.
Seth proposed an answer to this: "owner override," a hardware switch that would allow you to force your computer to lie on your behalf, when that was beneficial to you, for example, by insisting that you were using Microsoft Word to open a document when you were really using Apple Pages:
Seth wasn't naive. He knew that such a system could be exploited by scammers and used to harm users. But Seth calculated – correctly! – that the risks of having a key to let yourself out of the walled garden were less than being stuck in a walled garden where some corporate executive got to decide whether and when you could leave.
Tech executives never stopped questing after a way to turn your user agent from a fiduciary into a traitor. Last year, Google toyed with the idea of adding remote attestation to web browsers, which would let services refuse to interact with you if they thought you were using an ad blocker:
The reasoning for this was incredible: by adding remote attestation to browsers, they'd be creating "feature parity" with apps – that is, they'd be making it as practical for your browser to betray you as it is for your apps to do so (note that this is the same justification that the W3C gave for creating EME, the treacherous user agent in your browser – "streaming services won't allow you to access movies with your browser unless your browser is as enshittifiable and authoritarian as an app").
Technologists who work for giant tech companies can come up with endless scalesplaining explanations for why their bosses, and not you, should decide how your computer works. They're wrong. Your computer should do what you tell it to do:
These people can kid themselves that they're only taking away your power and handing it to their boss because they have your best interests at heart. As Upton Sinclair told us, it's impossible to get someone to understand something when their paycheck depends on them not understanding it.
The only way to get a tech boss to consistently treat you well is to ensure that if they stop, you can quit. Anything less is a one-way ticket to enshittification.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I, quite frankly, am tired. I find myself yet again in a conversation dominated by beneficiaries of a dirty system while the conscience, critique and force of collective action for alternatives are provided by women, and women of colour, predominantly.
Maria Farrell at Crooked Timber. Silicon Valley’s worldview is not just an ideology; it’s a personality disorder.
The true post-cyberpunk hero is a noir forensic accountant
I'm touring my new, nationally bestselling novel The Bezzle! Catch me in TOMORROW (Apr 17) in CHICAGO, then Torino (Apr 21) Marin County (Apr 27), Winnipeg (May 2), Calgary (May 3), Vancouver (May 4), and beyond!
I was reared on cyberpunk fiction, I ended up spending 25 years at my EFF day-job working at the weird edge of tech and human rights, even as I wrote sf that tried to fuse my love of cyberpunk with my urgent, lifelong struggle over who computers do things for and who they do them to.
That makes me an official "post-cyberpunk" writer (TM). Don't take my word for it: I'm in the canon:
One of the editors of that "post-cyberpunk" anthology was John Kessel, who is, not coincidentally, the first writer to expose me to the power of literary criticism to change the way I felt about a novel, both as a writer and a reader:
It was Kessel's 2004 Foundation essay, "Creating the Innocent Killer: Ender's Game, Intention, and Morality," that helped me understand litcrit. Kessel expertly surfaces the subtext of Card's Ender's Game and connects it to Card's politics. In so doing, he completely reframed how I felt about a book I'd read several times and had considered a favorite:
This is a head-spinning experience for a reader, but it's even wilder to experience it as a writer. Thankfully, the majority of literary criticism about my work has been positive, but even then, discovering something that's clearly present in one of my novels, but which I didn't consciously include, is a (very pleasant!) mind-fuck.
A recent example: Blair Fix's review of my 2023 novel Red Team Blues which he calls "an anti-finance finance thriller":
Fix – a radical economist – perfectly captures the correspondence between my hero, the forensic accountant Martin Hench, and the heroes of noir detective novels. Namely, that a noir detective is a kind of unlicensed policeman, going to the places the cops can't go, asking the questions the cops can't ask, and thus solving the crimes the cops can't solve. What makes this noir is what happens next: the private dick realizes that these were places the cops didn't want to go, questions the cops didn't want to ask and crimes the cops didn't want to solve ("It's Chinatown, Jake").
Marty Hench – a forensic accountant who finds the money that has been disappeared through the cells in cleverly constructed spreadsheets – is an unlicensed tax inspector. He's finding the money the IRS can't find – only to be reminded, time and again, that this is money the IRS chooses not to find.
This is how the tax authorities work, after all. Anyone who followed the coverage of the big finance leaks knows that the most shocking revelation they contain is how stupid the ruses of the ultra-wealthy are. The IRS could prevent that tax-fraud, they just choose not to. Not for nothing, I call the Martin Hench books "Panama Papers fanfic."
I've read plenty of noir fiction and I'm a long-term finance-leaks obsessive, but until I read Fix's article, it never occurred to me that a forensic accountant was actually squarely within the noir tradition. Hench's perfect noir fit is either a happy accident or the result of a subconscious intuition that I didn't know I had until Fix put his finger on it.
The second Hench novel is The Bezzle. It's been out since February, and I'm still touring with it (Chicago tonight! Then Turin, Marin County, Winnipeg, Calgary, Vancouver, etc). It's paying off – the book's a national bestseller.
Writing in his newsletter, Henry Farrell connects Fix's observation to one of his own, about the nature of "hackers" and their role in cyberpunk (and post-cyberpunk) fiction:
Schneier, a security expert, broadens the category of "hacker" to include anyone who studies systems with an eye to finding and exploiting their defects. Under this definition, the more fearsome hackers are "working for a hedge fund, finding a loophole in financial regulations that lets her siphon extra profits out of the system." Hackers work in corporate offices, or as government lobbyists.
As Henry says, hacking isn't intrinsically countercultural ("Most of the hacking you might care about is done by boring seeming people in boring seeming clothes"). Hacking reinforces – rather than undermining power asymmetries ("The rich have far more resources to figure out how to gimmick the rules"). We are mostly not the hackers – we are the hacked.
For Henry, Marty Hench is a hacker (the rare hacker that works for the good guys), even though "he doesn’t wear mirrorshades or get wasted chatting to bartenders with Soviet military-surplus mechanical arms." He's a gun for hire, that most traditional of cyberpunk heroes, and while he doesn't stand against the system, he's not for it, either.
Henry's pinning down something I've been circling around for nearly 30 years: the idea that though "the street finds its own use for things," Wall Street and Madison Avenue are among the streets that might find those uses:
https://craphound.com/nonfic/street.html
Henry also connects Martin Hench to Marcus Yallow, the hero of my YA Little Brother series. I have tried to make this connection myself, opining that while Marcus is a character who is fighting to save an internet that he loves, Marty is living in the ashes of the internet he lost:
But Henry's Marty-as-hacker notion surfaces a far more interesting connection between the two characters. Marcus is a vehicle for conveying the excitement and power of hacking to young readers, while Marty is a vessel for older readers who know the stark terror of being hacked, by the sadistic wolves who're coming for all of us:
https://www.youtube.com/watch?v=I44L1pzi4gk
Both Marcus and Marty are explainers, as am I. Some people say that exposition makes for bad narrative. Those people are wrong:
"Explaining" makes for great fiction. As Maria Farrell writes in her Crooked Timber review of The Bezzle, the secret sauce of some of the best novels is "information about how things work. Things like locks, rifles, security systems":
https://crookedtimber.org/2024/03/06/the-bezzle/
Where these things are integrated into the story's "reason and urgency," they become "specialist knowledge [that] cuts new paths to move through the world." Hacking, in other words.
This is a theme Paul Di Filippo picked up on in his review of The Bezzle for Locus:
Heinlein was always known—and always came across in his writings—as The Man Who Knew How the World Worked. Doctorow delivers the same sense of putting yourself in the hands of a fellow who has peered behind Oz’s curtain. When he fills you in lucidly about some arcane bit of economics or computer tech or social media scam, you feel, first, that you understand it completely and, second, that you can trust Doctorow’s analysis and insights.
Knowledge is power, and so expository fiction that delivers news you can use is novel that makes you more powerful – powerful enough to resist the hackers who want to hack you.
Henry and I were both friends of Aaron Swartz, and the Little Brother books are closely connected to Aaron, who helped me with Homeland, the second volume, and wrote a great afterword for it (Schneier wrote an afterword for the first book). That book – and Aaron's afterword – has radicalized a gratifying number of principled technologists. I know, because I meet them when I tour, and because they send me emails. I like to think that these hackers are part of Aaron's legacy.
Henry argues that the Hench books are "purpose-designed to inspire a thousand Max Schrems – people who are probably past their teenage years, have some grounding in the relevant professions, and really want to see things change."
(Schrems is the Austrian privacy activist who, as a law student, set in motion the events that led to the passage of the EU's General Data Privacy Regulation:)
Henry points out that William Gibson's Neuromancer doesn't mention the word "internet" – rather, Gibson coined the term cyberspace, which, as Henry says, is "more ‘capitalism’ than ‘computerized information'… If you really want to penetrate the system, you need to really grasp what money is and what it does."
Maria also wrote one of my all-time favorite reviews of Red Team Blues, also for Crooked Timber:
In it, she compares Hench to Dickens' Bleak House, but for the modern tech world:
You put the book down feeling it’s not just a fascinating, enjoyable novel, but a document of how Silicon Valley’s very own 1% live and a teeming, energy-emitting snapshot of a critical moment on Earth.
All my life, I've written to find out what's going on in my own head. It's a remarkably effective technique. But it's only recently that I've come to appreciate that reading what other people write about my writing can reveal things that I can't see.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Silicon Valley ideology is using private equity to buy a new marketplace, flood it with capital to flush out competitors, and use economic dominance to eviscerate working conditions and the cost of labour before jacking up the prices again, this time with the surplus all going to investors
-Maria Farrell
The early, motivating animus of the Tories’ Online Safety Act was envious rage at Nick Clegg’s escape to become a tanned and wealthy Facebook lobbyist.
-Maria Farrell
Next Saturday (May 20), I’ll be at the GAITHERSBURG Book Festival with my novel Red Team Blues; then on May 22, I’m keynoting Public Knowledge’s Emerging Tech conference in DC.
On May 23, I’ll be in TORONTO for a book launch that’s part of WEPFest, a benefit for the West End Phoenix, onstage with Dave Bidini (The Rheostatics), Ron Diebert (Citizen Lab) and the whistleblower Dr Nancy Olivieri.
If you’ve followed my work for a long time, you’ve watched me transition from a “linkblogger” who posts 5–15 short hits every day to an “essay-blogger” who posts 5–7 long articles/week. I’m loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
[Image ID XKCD #2775: Siphon. Man: ‘Wow, it’s true — the water doesn’t flow up the tube anymore.’ Woman: ‘Honestly, it’s weird that it ever did. Why did we ever think it was normal?’ Caption: ‘Physics news: the 2023 update to the universe finally fixed the ‘siphon’ bug.’]
My last foray into linkblogging was so great — and my backlog of links is already so large — that I’m doing another one.
Link the first: “Siphon,” XKCD’s delightful, whimsical “physics-how-the-fuck-does-it-work” one-shot (visit the link, the tooltip is great):
https://xkcd.com/2775/
[Image ID: A Dutch safety poster by Herman Heyenbrock, warning about the hazards of careless table-saw use, featuring a hand with two amputated fingers.]
Next is “Hoogspanning,” 50 Watts’s collection of vintage Dutch workplace safety posters, which exhibit that admirable Dutch frankness to a degree that one could mistake for parody, but they’re 100% real, and amazing:
They’re ganked from Geheugenvannederland (“Memory of the Netherlands”):
https://geheugenvannederland.nl/
While some come from the 1970s, others date back to the 1920s and are likely public domain. I’ve salted several away in my stock art folder for use in future collages.
All right, now that the fun stuff is out of the way, let’s get down to some crunch tech-policy. To ease us in, I’ve got a game for you to play: “Moderator Mayhem,” the latest edu-game from Techdirt:
Moderator Mayhem started life as a card-game that Mike Masnick used to teach policy wonks about the real-world issues with content moderation. You play a mod who has to evaluate content moderation flags from users while a timer ticks down. As you race to evaluate users’ posts for policy compliance, you’re continuously interrupted. Sometimes, it’s “helpful” suggestions from the company’s AI that wants you to look at the posts it flagged. Sometimes, it’s your boss who wants you to do a trendy “visioning” exercise or warning you about a “sensitivity.” Often, it’s angry ref-working from users who want you to re-consider your calls.
The card-game version is legendary but required a lot of organization to play, and the web version (which is better in a mobile browser, thanks to a swipe-left/right mechanic) is something you can pick up in seconds. This isn’t merely highly recommended; I think that one could legitimately refuse to discuss content moderation policies and critiques with anyone who hasn’t played it;
https://moderatormayhem.engine.is/
Or maybe that’s too harsh. After all, tech policy is a game that everyone can play — and more importantly, it’s a game everyone should play. The contours of tech regulation and implementation touch rub up against nearly every aspect of our lives, and part of the reason it’s such a mess is that the field has been gatekept to shit, turned into a three-way fight between technologists, policy wonks and economists.
Without other voices in the debate, we’re doomed to end up with solutions that satisfy the rarified needs and views of those three groups, a situation that is likely to dissatisfy everyone else.
However. However. The problem is that our technology is nowhere near advanced enough to be indistinguishable from magic (RIP, Sir Arthur). There’s plenty of things everyone wishes tech could do, but it can’t, and wanting it badly isnlt enough. Merely shouting “nerd harder!” at technologists won’t actually get you what you want. And while I’m rattling off cliches: a little knowledge is a dangerous thing.
Which brings me to Ashton Kutcher. Yes, that Ashton Kutcher. No, really. Kutcher has taken up the admirable, essential cause of fighting Child Sex Abuse Material (CSAM, which is better known as child pornography) online. This is a very, very important and noble cause, and it deserves all our support.
But there’s a problem, which is that Kutcher’s technical foundations are poor, and he has not improved them. Instead, he cites technologies that he has a demonstrably poor grasp upon to call for policies that turn out to be both ineffective at fighting exploitation and to inflict catastrophic collateral damage on vulnerable internet users.
Take sex trafficking. Kutcher and his organization, Thorn, were key to securing the passage of SESTA/FOSTA, a law that was supposed to fight online trafficking by making platforms jointly liable when they were used to facilitate trafficking:
At the time, Kutcher argued that deputizing platforms to understand and remove which user posts were part of a sex crime in progress would not inflict collateral damage. Somehow, if the platforms just nerded hard enough, they’d be able to remove sex trafficking posts without kicking off all consensual sex-workers.
Five years later, the verdict is in, and Kutcher was wrong. Sex workers have been deplatformed nearly everywhere, including from the places where workers traded “bad date” lists of abusive customers, which kept them safe from sexual violence, up to and including the risk of death. Street prostitution is way up, making the lives of sex workers far more dangerous, which has led to a resurgence of the odious institution of pimping, a “trade” that was on its way to vanishing altogether thanks to the power of the internet to let sex workers organize among themselves for protection:
On top of all that, SESTA/FOSTA has made it much harder for cops to hunt down and bust actual sex-traffickers, by forcing an activity that could once be found with a search-engine into underground forums that can’t be easily monitored:
Wanting it badly isn’t enough. Technology is not indistinguishable from magic.
A little knowledge is a dangerous thing.
Kutcher, it seems, has learned nothing from SESTA/FOSTA. Now he’s campaigning to ban working cryptography, in the name of ending the spread of CSAM. In March, Kutcher addressed the EU over the “Chat Control” proposal, which, broadly speaking, is a ban on end-to-end encrypter messaging (E2EE):
Now, banning E2EE would be a catastrophe. Not only is E2EE necessary to protect people from griefers, stalkers, corporate snoops, mafiosi, etc, but E2EE is the only thing standing between the world’s dictators and total surveillance of every digital communication. Even tiny flaws in E2EE can have grave human rights concerns. For example, a subtle bug in Whatsapp was used by NSO Group to create a cyberweapon called Pegasus that the Saudi royals used to lure Jamal Khashoggi to his grisly murder:
Because the collateral damage from an E2EE ban would be so far-ranging (beyond harms to sex workers, whose safety is routinely disregarded by policy-makers), people like Kutcher can’t propose an outright ban on E2EE. Instead, they have to offer some explanation for how the privacy, safety and human rights benefits of E2EE can be respected even as encryption is broken to hunt for CSAM.
Kutcher’s answer is something called “fully homomorphic encryption” (FHE) which is a theoretical — and enormously cool — way to allow for computing work to be done on encrypted data without decrypting it. When and if FHE are ready for primetime, it will be a revolution in our ability to securely collaborate with one another.
But FHE is nowhere near the state where it could do what Kutcher claims. It just isn’t, and once again, wanting it badly is not enough. Writing on his blog, the eminent cryptographer Matt Green delivers a master-class in what FHE is, what it could do, and what it can’t do (yet):
As it happens, Green also gave testimony to the EU, but he doesn’t confine his public advocacy work to august parliamentarians. Green wants all of us to understand cryptography (“I think cryptography is amazing and I want everyone talking about it all the time”). Rather than barking “stay in your lane” at the likes of Kutcher, Green has produced an outstanding, easily grasped explanation of FHE and the closely related concept of multi-party communication (MPC).
This is important work, and it exemplifies the difference between simplifying and being simplistic. Good science communicators do the former. Bad science communicators do the latter.
While Kutcher is presumably being simplistic because he lacks the technical depth to understand what he doesn’t understand, technically skilled people are perfectly capable of being simplistic, when it suits their economic, political or ideological goals.
One such person is Geoffrey Hinton, the so-called “father of AI,” who resigned from Google last week, citing the existential risks of “runaway AI” becoming superintelligent and turning on its human inventors. Hinton joins a group of powerful, wealthy people who have made a lot of noise about the existential risk of AI, while saying little or nothing about the ongoing risks of AI to people with disabilities, poor people, prisoners, workers, and other groups who are already being abused by automated decision-making and oversight systems.
Hinton’s nonsense is superbly stripped bare by Meredith Whittaker, the former Google worker organizer turned president of Signal, in a Fast Company interview with Wilfred Chan:
The whole thing is incredible, but there’s a few sections I want to call to your attention here, quoting Whittaker verbatim, because she expresses herself so beautifully (sci-comms done right is a joy to behold):
I think it’s stunning that someone would say that the harms [from AI] that are happening now — which are felt most acutely by people who have been historically minoritized: Black people, women, disabled people, precarious workers, et cetera — that those harms aren’t existential.
What I hear in that is, “Those aren’t existential to me. I have millions of dollars, I am invested in many, many AI startups, and none of this affects my existence. But what could affect my existence is if a sci-fi fantasy came to life and AI were actually super intelligent, and suddenly men like me would not be the most powerful entities in the world, and that would affect my business.”
I think we need to dig into what is happening here, which is that, when faced with a system that presents itself as a listening, eager interlocutor that’s hearing us and responding to us, that we seem to fall into a kind of trance in relation to these systems, and almost counterfactually engage in some kind of wish fulfillment: thinking that they’re human, and there’s someone there listening to us. It’s like when you’re a kid, and you’re telling ghost stories, something with a lot of emotional weight, and suddenly everybody is terrified and reacting to it. And it becomes hard to disbelieve.
Whittaker sets such a high bar for tech criticism. I had her clarity in mind in 2021, when I collaborated with EFF’s Bennett Cyphers on “Privacy Without Monopoly,” our white-paper addressing the claim that we need giant tech platforms to protect us from the privacy invasions of smaller “rogue” operators:
This is a claim that is most often raised in relation to Apple and its App Store model, which is claimed to be a bulwark against commercial surveillance. That claim has some validity: after all, when Apple added a one-click surveillance opt-out to Ios, its mobile OS. 96% of users clicked the “don’t spy on me” button. Those clicks cost Facebook $10b in just the following year. You love to see it.
But Apple is a gamekeeper-turned-poacher. Even as it was blocking Facebook’s surveillance, it was conducting its own, nearly identical, horrifyingly intrusive surveillance of every Ios user, for the same purpose as Facebook (ad targeting) and lying about it:
Bennett and I couldn’t have asked for a better example of the point we make in “Privacy Without Monopoly”: the thing that stops companies from spying on you isn’t their moral character, it’s the threat of competition and/or regulation. If you can modify your device in ways that cost its manufacturer money (say, by installing an alternative app store), then the manufacturer has to earn your business every day.
That might actually make them better — and if it doesn’t, you can switch. The right way to make sure the stuff you install on your devices respects your privacy is by passing privacy laws — not by hoping that Tim Apple decides you deserve a private life.
Bennett and I followed up “Privacy Without Monopoly” with an appendix that focused on a territory where there is a privacy law: the EU, whose (patchily enforced) General Data Protection Regulation (GDPR) is the kind of privacy law that we call for in the original paper. In that appendix, we addressed the issues of GDPR enforcement:
More importantly, we addressed the claim that the GDPR crushed competition, by making it harder for smaller (and even sleazier) ad-tech platforms to compete with Google and Facebook. It’s true, but that’s OK: we want competition to see who can respect technology users’ rights — not competition to see who can violate those rights most efficiently:
Around the time Bennett and I published the EU appendix to our paper, I was contacted by the Indian Journal of Law and Technology to see whether I could write something on similar lines, focused on the situation in India. Well, it took two years, but we’ve finally published it: “Securing Privacy Without Monopoly In India: Juxtaposing Interoperability With Indian Data Protection”:
The Indian case for interop incorporates the US and EU case, but with some fascinating wrinkles. First, there are the broad benefits of allowing technology adaptation by people who are often left out of the frame when tools and systems are designed. As the saying goes, “nothing about us without us” — the users of technology know more about their needs than any designer can hope to understand. That’s doubly true when designers are wealthy geeks in Silicon Valley and the users are poor people in the global south.
India, of course, has its own highly advanced domestic tech sector, who could be a source of extensive expertise in adapting technologies from US and other offshore tech giants for local needs. India also has a complex and highly contested privacy regime, which is in extreme flux between high court decisions, regulatory interventions, and legislation, both passed and pending.
Finally, there’s India’s long tradition of ingenious technological adaptations, locally called jugaad, roughly equivalent to the English “mend and make do.” While every culture has its own way of celebrating clever hacks, this kind of ingenuity is elevated to an art form in the global south: think of jua kali (Swahili), gambiarra (Brazilian Portuguese) and bricolage (France and its former colonies).
It took a long time to get this out, but I’m really happy with it, and I’m extremely grateful to my brilliant and hardworking research assistants from National Law School of India University: Dhruv Jain, Kshitij Goyal and Sarthak Wadhwa.
I don’t claim that any of the incarnations of the “Privacy Without Monopoly” paper rise to the clarity of the works of Green or Whittaker, but that’s okay, because I have another arrow in my quiver: fiction. For more than 20 years, I’ve written science fiction that tries to make legible and urgent the often dry and abstract concepts I address in my nonfiction.
One issue I’ve been grappling with for literally decades is the implications of “trusted computing,” a security model that uses a second, secure computer, embedded in your device, to observe and report on what your main computer is doing. There are lots of implications for this, both horrifying and amazing.
For example, having a second computer inside your device that watches it is a theoretically unbeatable way of catching malicious software, resolving the conundrum of malware: if you think your computer is infected and can’t be trusted, then how can you trust the antivirus software running on that computer.
Back in 2016, Andrew “bunnie” Huang and Edward Snowden released the “Introspection Engine,” a separate computer that you could install in an Iphone, which would tell you whether it was infected with spyware:
But while there are some really interesting positive applications for this kind of software, the negative ones — unbeatable DRM and tamper-proof bossware — are genuinely horrifying. My novella “Unauthorized Bread” digs into this, putting blood and sinew into an otherwise dry abstract and skeletal argument:
Then there are applications that are somewhere in between, like “remote attestation” (when the secure computer signs a computer-readable description of what your computer is doing so that you can prove things about your computer and its operation to people who don’t trust you, but do trust that secure computer).
Remote attestation is the McGuffin of Red Team Blues, my latest novel, a crime-thriller about a cryptocurrency heist. The novel opens with the keys to a secure enclave — the gadget that signs the attestations in remote attestation — going missing.
When Matt Green reviewed Red Team Blues (his first book review!), he singled this out as a technically rigorous and significant plot point, because secure enclaves are designed so that they can’t be updated (if you can update an enclave, then you can update it with malicious software):
This means that bugs in secure enclaves can last forever. Worse, if the keys for a secure enclave ever leak, then there’s no way to update all the secure enclaves out there in the world — millions or billions of them — to fix it.
Well, it’s happened.
The keys for the secure enclaves in Micro-Star International (AKA MSI) computers, a massive manufacturer of work and gaming PCs — have leaked and shown up on the “extortion portal” of a notorious crime gang:
As a security expert quoted by Ars Technica explains, this is a “doomsday scenario.” That’s more or less how it plays in my novel. The big difference between the MSI leak and the hack in my book is that the MSI keys were just sitting on a server, connected to the internet, which wasn’t well-secured.
In Red Team Blues, I went to enormous lengths to imagine a fiendishly complex, incredibly secure scheme for hosting these keys, and then dreamt up a way that the bad guys could defeat it. I toyed with the idea of having the keys leak due to rank incompetence, but I decided that would be an “idiot plot” (“a plot that only works if the characters are idiots”). Turns out, idiot plots may make for bad fiction, but they’re happening around us all the time.
In my real life, I cross a lot of disciplinary boundaries — law, politics, economics, human rights, security, technology. I’m not the world’s leading expert in any of these domains, but I am well-enough informed about each that I’m able to find interesting ways that they fit together in a manner that is relatively rare, and is also (I think) useful.
I admit to sometimes feeling insecure about this — being “one inch deep and ten miles wide” has its virtues, but there’s no avoiding that, say, I know less about the law than a real lawyer, and less about computer science than a real computer scientist.
That insecurity is partly why I’m so honored when I get to talk to experts across multiple disciplines. 2023 was a very good year for this, thanks to University College London. Back in Feb, I was invited to speak as part of UCL Institute of Brand and Innovation Law’s annual series on technology law:
Getting to speak to both the law school and the computer science school within a space of months is hugely gratifying, a real vindication of my theory that the virtues of my breadth make up for the shortcomings in my depth.
I’m getting a similar thrill from the domain experts who’ve been reviewing Red Team Blues. This week, Maria Farrell posted her Crooked Timber review, “When crypto meant cryptography”:
So her review means a lot to me in general, but I was overwhelmed to read her describe how Red Team Blues taught her to “read again for joy” after long covid “completely scrambled [her] brain.”
That meant a lot personally, but her review is even more gratifying when it gets into craft questions, like when she praises the descriptions as “so interesting and sociologically textured.” I love her description of the book as “Dickensian”: “it shoots up and down the snakes and ladders of San Francisco’s gamified dystopia of income inequality, one moment whizzing up the ear-poppingly fast elevator to a billionaire’s hardened fortress, the next sleeping under a bridge in a homeless encampment.”
And then, this kicker: “it’s a gorgeous rejection of the idea that long-form fiction is about individual subjectivity and the interior life. It’s about people as pinballs. They don’t just reveal things about the other objects they hit; their constant action and reaction reveals the walls that hold them all in.”
Likewise, I was thrilled with Peter Watts’s review on his “No Moods, Ads or Cutesy Fucking Icons” blog::
Peter is a brilliant sf writer and worldbuilder, an accomplished scientist, and one of the world’s most accomplished ranters. He’s had more amazing ideas than I’ve had hot breakfasts:
His review says some very nice and flattering things about me and my previous work, which is always great to read, especially for anyone with a chronic case of impostor syndrome. But what really mattered was the way he framed how I write villains: “The villains of Cory’s books aren’t really people; they’re systems. They wear punchable Human faces but those tend to be avatars, mere sock-puppets operated by the institutions that comprise the real baddies.”
One could read that as a critique, but coming from Peter, it’s praise — and it’s praise that gets to the heart of my worldview, which is that our biggest problems are systemic, not individual. The problem of corporate greed isn’t just that CEOs are monsters who don’t care who they hurt — it’s that our system is designed to let them get away with it. Worse, system design is such that the CEOs who aren’t monsters are generally clobbered by the ones who are.
So much of our outlook is grounded in the moral failings or virtues of individuals. Tim Apple will keep our data safe, so we should each individually decide to reward him by buying his phones. If Tim Apple betrays us, we should “vote with our wallets” by buying something else. If you care about the climate, you should just stop driving. If there’s no public transit, well, then maybe you should, uh, dig a subway?
[Image ID: Matt Bors’s classic Mr Gotcha panel, in which a medieval peasant says ‘We should improve society somewhat,’ and Mr Gotcha replies, ‘Yet you participate in society. Curious! I am very smart.’]
This is the mindset Matt Bors skewers so expertly with his iconic Mr Gotcha character: “Yet you participate in society. Curious! I am very smart”:
https://thenib.com/mister-gotcha/
(Which reminds me, I am halfway through Bors’s unbelievably, fantastically, screamingly awesome graphic novel “Justice Warriors,” which turns the neoliberal caveat-emptor/personal-responsibility brain-worm into the basis for possibly the greatest superhero comic of all time:)
https://www.mattbors.com/books
Watts finishes his review with:
I’ve never fully come to terms with the general decency of Cory’s characters. Doctorow the activist lives in the trenches, fighting those who make their billions trading the details of our private lives, telling us that they own what we’ve bought, surveilling us for the greater good and even greater profits. He’s spent more time facing off against the world’s powerful assholes than I ever will. He knows how ruthless they are. He knows, first-hand, how much of the world is clenched in their fists. By rights, his stories should make mine look like Broadway musicals.
And yet, Doctorow the Author is — hopeful. The little guys win against overwhelming odds. Dystopias are held at bay. Even the bad guys, in defeat, are less likely to scorch the earth than simply resign with a show of grudging respect for a worthy opponent.
I often get asked by readers — especially readers of Pluralistic, which is heavy on awful scandals and corruption — how I keep going. Watts has the answer:
Maybe it’s a fundamental difference in outlook. I’ve always regarded humans as self-glorified mammals, fighting endless and ineffective rearguard against their own brain stems; Cory seems to see us as more influenced by the angels of our better natures. Or maybe — maybe it’s not just his plots that are meant to be instructional. Maybe he’s deliberately showing us how we could behave as a species, in the same way he shows us how to fuck with DRM or foil face-recognition tech. Maybe it’s not that he subscribes to some Pollyanna vision of what we are; maybe he’s showing us what we could be.
Got it in one, Peter.
And…
It’s also about what happens if we don’t get better.
Writing on his “Economics From the Top Down” blog, Blair Fix — a heterodox economist and sharp critic of oligarchy — publishes a Red Team Blues review that nails the “or else” in my books, and does it with graphs:
Fix surfaces the latent point in my work that inequality is destabilizing — that spectacular violence is downstream of making a society that has nothing to offer for the majority of us. As Marty Hench, the 67 year old forensic accountant protagonist of Red Team Blues says,
Finance crime is a necessary component of violent crime. Even the most devoted sadist needs a business model, or he will have to get a real job.
[Image ID: A chart labeled, ‘With more plutocracy comes more murder. As countries become more unequal (horizontal axis), their murder rates go up (vertical axis).’]
Fix agrees, and shows us that murders go up with inequality.
Which is why, while the average private eye is a kind of “cop who gets to bend the rules of policing”; Hench is “a kind of uber IRS agent who gets to work in ‘sneaky ways that aren’t available to the taxman.’”
[Image ID: A chart labeled, ‘Was the US prison state the inspiration for cyberpunk? The term ‘cyberpunk’ (which describes a genre of dystopian science fiction) became popular in tandem with mass incarceration in the US. It’s probably not a coincidence.’]
This observation segues into a fascinating, data-informed look at the way that science fiction reflects our fears and aspirations about wider social phenomenon — for example, the popularity of the word “cyberpunk” closely tracks rising incarceration rates.
I hope you’ll come along! I’ve been meeting a lot of people on this tour who confess that while they’ve read my blogs and essays for years, they’ve never picked up one of my books. If you’re one of those readers, let me assure you, it is not too late!
As you’ve read above, my fiction is very much a continuation of my nonfiction by other means — but it’s also the place where I bring my hope as well as my dismay and anger. I’m told it makes for a very good combination.
If you’re still wavering, maybe this will sway you: the blogging and essays are either free or very low-paid, and they’re heavily subsidized by my fiction. If you enjoy my nonfiction, buying my novels is the best way to say thank you and to ensure a continuing supply of both.
But novels are by no means a dreary duty — fiction is a delight, and after a couple decades at it, I’ve come to grudgingly concede — impostor syndrome notwithstanding — that I’m pretty good at it.
I hope you’ll agree.
Image:
Robert Miller (modified)
https://www.flickr.com/photos/12463666@N03/52721565937
CC BY 2.0
https://creativecommons.org/licenses/by/2.0/
Catch me on tour with Red Team Blues in Toronto, DC, Gaithersburg, Oxford, Hay, Manchester, Nottingham, London, and Berlin!
This week on my podcast, I read “Twiddler,” a recent Medium column in which I delve more deeply into enshittification, and how it is a pathology of digital platforms, distinct from the rent-seeking of the analog world that preceded it:
https://doctorow.medium.com/twiddler-1b5c9690cce6
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Enshittification, you’ll recall, is the lifecycle of the online platform: first, the platform allocates surpluses to end-users; then, once users are locked in, those surpluses are taken away and given to business-customers. Once the advertisers, publishers, sellers, creators and performers are locked in, the surplus is clawed away from them and taken by the platforms.
Facebook is the poster-child for enshittification. When FB welcomed the general public in 2006, it sold itself as the privacy-respecting alternative to Myspace, promising users it would never harvest their data. The FB feed consisted of the posts that the people you’d followed — the people you cared about — published.
FB experienced explosive growth, thanks to two factors: “network effects” (every new user was a draw for other users who wanted to converse with them), and “switching costs” (it was practically impossible to convince all the people you wanted to hear from to leave FB, much less agree on what platform to go to next). In other words, every new user who joined FB both attracted more users, and made it harder for those users to leave.
FB attained end-user lockin and was now able to transfer users’ surpluses to business customers. First, it started aggressively spying on users and offered precision targeting at rock-bottom prices to advertisers. Second, it offered media companies “algorithmic” boosting into the feeds of users who hadn’t asked to see their posts.
Media companies that posted brief excerpts to FB, along with links to their sites on the real internet were rewarded with floods of traffic, as their posts were jammed into the eyeballs of millions of FB users who never asked to see them. Media companies and advertisers went all-in for FB, integrating FB surveillance beacons in their presence on the real internet, hiring social media specialists who’d do Platform Kremlinology in order to advise them on the best way to please The Algorithm.
Once those business customers — creators, media companies, advertisers — were locked into FB, the company harvested their surplus, too. On the ad side, FB raised rates and decreased expensive anti-fraud measures, meaning that advertisers had to pay more, even as an increasing proportion of their ads were either never served, or never seen.
With media companies and creators, FB not only stopped jamming their content in front of people who never asked to see it, they actively suppressed the spread of business users’ posts even to their own subscribers. FB required media companies to transition from excerpts to fulltext feeds, and downranked or simply blocked posts that linked back to a business user’s own site, be it a newspaper’s web presence or a creator’s crowdfunding service. Business users who wanted to reach the people who had explicitly directed FB to incorporate their media in users’ feeds had to pay to “boost” their materials.
This is the (nearly) complete enshittification cycle: having harvested the surplus from users and business customers, FB is now (badly) attempting to surf the line where nearly all the value in the service lands in its shareholders’ pockets, with just enough surplus left behind to keep end-users and business-users locked in (see also: Twitter).
There have been lots of other abusive “platform” businesses in the past — famously, 19th century railroads and their robber-baron owners were so obnoxiously abusive that they spawned the trustbusting movement, the Sherman Act, and modern competition law. Did the rail barons do enshittification, too?
Well, yes — and no. I have no doubt that robber barons would have engaged in zuckerbergian shenanigans if they could have — but here we run up against the stubborn inertness of atoms and the slippery liveliness of bits. Changing a railroad schedule to make direct connections with cities where you want to destroy a rival ferry business (or hell, laying track to those cities) is a slow proposition. Changing the content recommendation system at Facebook is something you do with a few mouse-clicks.
Which brings me to the thesis of “Twiddler”: enshittification doesn’t arise from the special genius or the unique wickedness of tech barons — rather, it’s the product of the ability to twiddle. Our discourse has focused (rightly) on the extent to which platforms are “instrumented” — that is, the degree to which they spy on and analyze their users’ conduct.
But the discussion of what the platforms do with that data — the ways they “react” to it — has echoed the platforms’ own boasts of transcendental “behavior modification” prowess (c.f. “Surveillance Capitalism”) while giving short shrift to the extremely mundane, straightforward ways that the ability to change the business-logic of a platform lets it allocate and withdraw surpluses from different kinds of users to get them on the hook, reel them in, and then skin and devour them.
The Twiddler thesis, in other words, is a counter to the narrative of Maria Farrell’s Prodigal Tech Bros, who claim that they were once evil sorcerers, but, having seen the error of their ways, vow to be good sorcerers from now on, forswearing “hacking our dopamine loops” like vampires swearing off blood:
People who repeat the claims of Prodigal Tech Bros are engaging in criti-hype, Lee Vinsel’s term for criticism that repeats tech’s own mystical narratives of their own superhuman prowess, rather than grappling with the mundanity of doing old conjurer’s tricks very quickly, with computers:
That’s what twiddling is — doing the same things that grocery store monopolists and rail monopolists and music label monopolists have always done, but very quickly, with computers. Whether it’s Amazon rooking sellers and authors, or Apple and Google’s App Stores rooking app creators, or Tiktok and Youtube rooking performers, or Uber rooking drivers, the underlying pattern of surplus-harvesting is the same, and so is the method. They do the same thing as their predecessors, but very quickly, with computers.
A grocer who wants to price-gouge on eggs needs to dispatch an army of low-waged employees with pricing guns. AmazonFresh does the same thing in an eyeblink, by typing a new number into a field on a web-form and clicking submit. As is so often the case when a magic trick is laid bare, the actual mechanic is very, very boring: the way to make a nickel appear to vanish is to spend hundreds of hours practicing before a mirror while you shift so it is clenched between your fingers, and protrudes from behind your hand (sorry, spoiler alert).
The trick can be baffling and marvellous when you see it, but once you know how it’s done, it’s pretty obvious — the difference is that most sleight-of-hand artists don’t think they’re sorcerers, while plenty of tech bros believe their own press.
There’s a profound irony in twiddling’s role in enshittification: early internet scholarship rightly hailed the power of twiddling for internet users. Theorists like Aram Sinnreich described this as configurability — the ability of end-users (aided by tinkerers, small businesses, and co-ops) to modify the services they used to suit their own needs:
https://www.jstor.org/stable/j.ctt5vk8c2
Arguably the most successful configurability story is ad-blocking, which Doc Searls calls “the biggest boycott in human history.” Billions of end-users of the web have twiddled their browsers so that they aren’t tracked by ad-tech and don’t see ads:
Configurability was at the heart of early hopes for mass disintermediation, because audiences and performers (or sellers and producers) could go direct to one another, assembling a customized, un-capturable conduit composed of an a-la-carte selection of payment processors, webstores, mail and web hosts, etc. Whenever one of these utilities tried to capture that relationship and harvest an unfair share of the surplus, both ends of the transaction could foil them by blocking, reverse-engineering, modding, or mashing them up, wriggling off the hook before it could set its barbs.
But — as we can all see — a funny thing happened on the way to the 21st century. The platforms seized the internet, turning it into “five giant websites, each filled with screenshots of the other four”:
1. They were able to buy or merge with every major competitor, and where that failed them, they were able to use predatory pricing to drive competitors out of the market:
2. They were able to twiddle their services, setting them a-bristle with surveillance beacons and digital actuators that could rearrange the virtual furniture every time some knob-jockey touched their dial:
https://doctorow.medium.com/twiddler-1b5c9690cce6
3. They were able to hoard the twiddling, using laws like the DMCA, CFAA, noncompetes, trade secrecy, and other “IP” laws to control the conduct of their competitors, critics and customers:
https://locusmag.com/2020/09/cory-doctorow-ip/
That last point is very important: it’s not just that big corporations twiddle us to death — it’s that they have made it illegal for us to twiddle back. Adblocking is possible on the open web, but to ad-block your Iphone, you must first jailbreak it, which is a crime. Yes, Apple will block Facebook from spying on you — but even if you opt out of tracking, Apple still spies on you in exactly the same way Facebook did, to power their own ad-targeting business:
This is what Jay Freeman calls “felony contempt of business-model” — the literal criminalization of configuration. When Netflix wants to decide who is and isn’t a member of your family, they just twiddle their back-end to block the child that moves back and forth between your home and your ex’s, thanks to your joint custody arrangement:
But woe betide the parent who twiddles back to restore their child’s service, by jailbreaking an app or the W3C’s official, in-browser DRM, EME — trafficking in a tool to bypass EME and reconfigure your browser to suit your needs, rather than Netflix’s, is a felony punishable by a five-year prison sentence and a $500k fine, under Section 1201 of the DMCA:
This is the supreme irony of twiddling: Big Tech companies love to twiddle you, but if you touch your own knob, they call it a crime. Just as Big Tech firms turned “free software” into “open source” and then took all the software freedom for themselves, configurability is now the exclusive purview of corporations — those transhuman, immortal colony paperclip maximizers that treat humans as inconvenient gut-flora:
2. Anti-twiddling laws for businesses: A federal privacy law with a private right of action, labor protections, and other rules that take knobs away from tech platforms:
Monopolists and their handmaidens — witting and unwitting — want you to believe that their dominance is inevitable (shades of Thatcher’s “there is no alternative”), because the great forces of history, the technical characteristics of digital technology, and the sorcerous mind-control of dopamine-hackers.
But the reality is much more mundane. Digital freedom was never a mirage. Indeed, it is a prize of enormous value — that’s why the platforms are so intent on hoarding it all for themselves.
Here’s this week’s podcast episode:
https://craphound.com/news/2023/02/27/twiddler/
And here’s a direct link to download the MP3 (hosting courtesy of the Internet Archive ; they’ll host your media for free, forever):
TK
Here’s the direct feed to subscribe to my podcast:
http://feeds.feedburner.com/doctorow_podcast
And here’s the original “Twiddler” article on Medium:
https://doctorow.medium.com/twiddler-1b5c9690cce6
Image:
Stephen Drake (modified)
https://commons.wikimedia.org/wiki/File:Analog_Test_Array_modular_synth_by_sduck409.jpg
CC BY 2.0
https://creativecommons.org/licenses/by/2.0/deed.en
This Thu (Mar 2) I’ll be in Brussels for Antitrust, Regulation and the Political Economy, along with a who’s-who of European and US trustbusters. It’s livestreamed, and both in-person and virtual attendance are free. On Fri (Mar 3), I’ll be in Graz for the Elevate Festival.
[Image ID: A mandala made from a knob and button-covered control panel.]
Maria Farrell on Technology, Ethics, Stories and the Prodigal Techbro
Maria Farrell on Technology, Ethics, Stories and the Prodigal Techbro
Maria Farrell is the author of some of my most favorite op-ed pieces of 2020. She is very smart, gutsy, genuine, feisty, generous, and Irish. Her writing is sharper, it penetrates deeper and she’s not afraid to go further than most others. I have already learned a lot from her and have become a total fan. So it was a blast to have her on my podcast and I hope you enjoy our conversation as much as…