#autoenshittification | Explore Tumblr Posts and Blogs

mostlysignssomeportents · 9 months

Text

Tesla's Dieselgate

Elon Musk lies a lot. He lies about being a “utopian socialist.” He lies about being a “free speech absolutist.” He lies about which companies he founded:

https://www.businessinsider.com/tesla-cofounder-martin-eberhard-interview-history-elon-musk-ev-market-2023-2 He lies about being the “chief engineer” of those companies:

https://www.quora.com/Was-Elon-Musk-the-actual-engineer-behind-SpaceX-and-Tesla

He lies about really stupid stuff, like claiming that comsats that share the same spectrum will deliver steady broadband speeds as they add more users who each get a narrower slice of that spectrum:

https://www.eff.org/wp/case-fiber-home-today-why-fiber-superior-medium-21st-century-broadband

The fundamental laws of physics don’t care about this bullshit, but people do. The comsat lie convinced a bunch of people that pulling fiber to all our homes is literally impossible — as though the electrical and phone lines that come to our homes now were installed by an ancient, lost civilization. Pulling new cabling isn’t a mysterious art, like embalming pharaohs. We do it all the time. One of the poorest places in America installed universal fiber with a mule named “Ole Bub”:

https://www.newyorker.com/tech/annals-of-technology/the-one-traffic-light-town-with-some-of-the-fastest-internet-in-the-us

Previous tech barons had “reality distortion fields,” but Musk just blithely contradicts himself and pretends he isn’t doing so, like a budget Steve Jobs. There’s an entire site devoted to cataloging Musk’s public lies:

https://elonmusk.today/

But while Musk lacks the charm of earlier Silicon Valley grifters, he’s much better than they ever were at running a long con. For years, he’s been promising “full self driving…next year.”

https://pluralistic.net/2022/10/09/herbies-revenge/#100-billion-here-100-billion-there-pretty-soon-youre-talking-real-money

He’s hasn’t delivered, but he keeps claiming he has, making Teslas some of the deadliest cars on the road:

https://www.washingtonpost.com/technology/2023/06/10/tesla-autopilot-crashes-elon-musk/

Tesla is a giant shell-game masquerading as a car company. The important thing about Tesla isn’t its cars, it’s Tesla’s business arrangement, the Tesla-Financial Complex:

https://pluralistic.net/2021/11/24/no-puedo-pagar-no-pagara/#Rat

Once you start unpacking Tesla’s balance sheets, you start to realize how much the company depends on government subsidies and tax-breaks, combined with selling carbon credits that make huge, planet-destroying SUVs possible, under the pretense that this is somehow good for the environment:

https://pluralistic.net/2021/04/14/for-sale-green-indulgences/#killer-analogy

But even with all those financial shenanigans, Tesla’s got an absurdly high valuation, soaring at times to 1600x its profitability:

https://pluralistic.net/2021/01/15/hoover-calling/#intangibles

That valuation represents a bet on Tesla’s ability to extract ever-higher rents from its customers. Take Tesla’s batteries: you pay for the battery when you buy your car, but you don’t own that battery. You have to rent the right to use its full capacity, with Tesla reserving the right to reduce how far you go on a charge based on your willingness to pay:

https://memex.craphound.com/2017/09/10/teslas-demon-haunted-cars-in-irmas-path-get-a-temporary-battery-life-boost/

That’s just one of the many rent-a-features that Tesla drivers have to shell out for. You don’t own your car at all: when you sell it as a used vehicle, Tesla strips out these features you paid for and makes the next driver pay again, reducing the value of your used car and transfering it to Tesla’s shareholders:

https://www.theverge.com/2020/2/6/21127243/tesla-model-s-autopilot-disabled-remotely-used-car-update

To maintain this rent-extraction racket, Tesla uses DRM that makes it a felony to alter your own car’s software without Tesla’s permission. This is the root of all autoenshittification:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

This is technofeudalism. Whereas capitalists seek profits (income from selling things), feudalists seek rents (income from owning the things other people use). If Telsa were a capitalist enterprise, then entrepreneurs could enter the market and sell mods that let you unlock the functionality in your own car:

https://pluralistic.net/2020/06/11/1-in-3/#boost-50

But because Tesla is a feudal enterprise, capitalists must first secure permission from the fief, Elon Musk, who decides which companies are allowed to compete with him, and how.

Once a company owns the right to decide which software you can run, there’s no limit to the ways it can extract rent from you. Blocking you from changing your device’s software lets a company run overt scams on you. For example, they can block you from getting your car independently repaired with third-party parts.

But they can also screw you in sneaky ways. Once a device has DRM on it, Section 1201 of the DMCA makes it a felony to bypass that DRM, even for legitimate purposes. That means that your DRM-locked device can spy on you, and because no one is allowed to explore how that surveillance works, the manufacturer can be incredibly sloppy with all the personal info they gather:

https://www.cnbc.com/2019/03/29/tesla-model-3-keeps-data-like-crash-videos-location-phone-contacts.html

All kinds of hidden anti-features can lurk in your DRM-locked car, protected from discovery, analysis and criticism by the illegality of bypassing the DRM. For example, Teslas have a hidden feature that lets them lock out their owners and summon a repo man to drive them away if you have a dispute about a late payment:

https://tiremeetsroad.com/2021/03/18/tesla-allegedly-remotely-unlocks-model-3-owners-car-uses-smart-summon-to-help-repo-agent/

DRM is a gun on the mantlepiece in Act I, and by Act III, it goes off, revealing some kind of ugly and often dangerous scam. Remember Dieselgate? Volkswagen created a line of demon-haunted cars: if they thought they were being scrutinized (by regulators measuring their emissions), they switched into a mode that traded performance for low emissions. But when they believed themselves to be unobserved, they reversed this, emitting deadly levels of NOX but delivering superior mileage.

The conversion of the VW diesel fleet into mobile gas-chambers wouldn’t have been possible without DRM. DRM adds a layer of serious criminal jeopardy to anyone attempting to reverse-engineer and study any device, from a phone to a car. DRM let Apple claim to be a champion of its users’ privacy even as it spied on them from asshole to appetite:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Now, Tesla is having its own Dieselgate scandal. A stunning investigation by Steve Stecklow and Norihiko Shirouzu for Reuters reveals how Tesla was able to create its own demon-haunted car, which systematically deceived drivers about its driving range, and the increasingly desperate measures the company turned to as customers discovered the ruse:

https://www.reuters.com/investigates/special-report/tesla-batteries-range/

The root of the deception is very simple: Tesla mis-sells its cars by falsely claiming ranges that those cars can’t attain. Every person who ever bought a Tesla was defrauded.

But this fraud would be easy to detect. If you bought a Tesla rated for 353 miles on a charge, but the dashboard range predictor told you that your fully charged car could only go 150 miles, you’d immediately figure something was up. So your Telsa tells another lie: the range predictor tells you that you can go 353 miles.

But again, if the car continued to tell you it has 203 miles of range when it was about to run out of charge, you’d figure something was up pretty quick — like, the first time your car ran out of battery while the dashboard cheerily informed you that you had 203 miles of range left.

So Teslas tell a third lie: when the battery charge reached about 50%, the fake range is replaced with the real one. That way, drivers aren’t getting mass-stranded by the roadside, and the scam can continue.

But there’s a new problem: drivers whose cars are rated for 353 miles but can’t go anything like that far on a full charge naturally assume that something is wrong with their cars, so they start calling Tesla service and asking to have the car checked over.

This creates a problem for Tesla: those service calls can cost the company $1,000, and of course, there’s nothing wrong with the car. It’s performing exactly as designed. So Tesla created its boldest fraud yet: a boiler-room full of anti-salespeople charged with convincing people that their cars weren’t broken.

This new unit — the “diversion team” — was headquartered in a Nevada satellite office, which was equipped with a metal xylophone that would be rung in triumph every time a Tesla owner was successfully conned into thinking that their car wasn’t defrauding them.

When a Tesla owner called this boiler room, the diverter would run remote diagnostics on their car, then pronounce it fine, and chide the driver for having energy-hungry driving habits (shades of Steve Jobs’s “You’re holding it wrong”):

https://www.wired.com/2010/06/iphone-4-holding-it-wrong/

The drivers who called the Diversion Team weren’t just lied to, they were also punished. The Tesla app was silently altered so that anyone who filed a complaint about their car’s range was no longer able to book a service appointment for any reason. If their car malfunctioned, they’d have to request a callback, which could take several days.

Meanwhile, the diverters on the diversion team were instructed not to inform drivers if the remote diagnostics they performed detected any other defects in the cars.

The diversion team had a 750 complaint/week quota: to juke this stat, diverters would close the case for any driver who failed to answer the phone when they were eventually called back. The center received 2,000+ calls every week. Diverters were ordered to keep calls to five minutes or less.

Eventually, diverters were ordered to cease performing any remote diagnostics on drivers’ cars: a source told Reuters that “Thousands of customers were told there is nothing wrong with their car” without any diagnostics being performed.

Predicting EV range is an inexact science as many factors can affect battery life, notably whether a journey is uphill or downhill. Every EV automaker has to come up with a figure that represents some kind of best guess under a mix of conditions. But while other manufacturers err on the side of caution, Tesla has the most inaccurate mileage estimates in the industry, double the industry average.

Other countries’ regulators have taken note. In Korea, Tesla was fined millions and Elon Musk was personally required to state that he had deceived Tesla buyers. The Korean regulator found that the true range of Teslas under normal winter conditions was less than half of the claimed range.

Now, many companies have been run by malignant narcissists who lied compulsively — think of Thomas Edison, archnemesis of Nikola Tesla himself. The difference here isn’t merely that Musk is a deeply unfit monster of a human being — but rather, that DRM allows him to defraud his customers behind a state-enforced opaque veil. The digital computers at the heart of a Tesla aren’t just demons haunting the car, changing its performance based on whether it believes it is being observed — they also allow Musk to invoke the power of the US government to felonize anyone who tries to peer into the black box where he commits his frauds.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/07/28/edison-not-tesla/#demon-haunted-world

This Sunday (July 30) at 1530h, I’m appearing on a panel at Midsummer Scream in Long Beach, CA, to discuss the wonderful, award-winning “Ghost Post” Haunted Mansion project I worked on for Disney Imagineering.

Image ID [A scene out of an 11th century tome on demon-summoning called 'Compendium rarissimum totius Artis Magicae sistematisatae per celeberrimos Artis hujus Magistros. Anno 1057. Noli me tangere.' It depicts a demon tormenting two unlucky would-be demon-summoners who have dug up a grave in a graveyard. One summoner is held aloft by his hair, screaming; the other screams from inside the grave he is digging up. The scene has been altered to remove the demon's prominent, urinating penis, to add in a Tesla supercharger, and a red Tesla Model S nosing into the scene.]

Image: Steve Jurvetson (modified) https://commons.wikimedia.org/wiki/File:Tesla_Model_S_Indoors.jpg

CC BY 2.0 https://creativecommons.org/licenses/by/2.0/deed.en

8K notes · View notes

azspot · 9 months

Quote

Forget F1: the only car race that matters now is the race to turn your car into a digital extraction machine, a high-speed inkjet printer on wheels, stealing your private data as it picks your pocket. Your car’s digital infrastructure is a costly, dangerous nightmare — but for automakers in pursuit of postcapitalist utopia, it’s a dream they can’t give up on.

Autoenshittification. How the computer killed capitalism.

5 notes · View notes

hackernewsrobot · 9 months

Text

Autoenshittification. How the computer killed capitalism. – by Cory Doctorow

https://doctorow.medium.com/autoenshittification-cb851c2574fb

0 notes

mostlysignssomeportents · 2 months

Text

Your car spies on you and rats you out to insurance companies

I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me TOMORROW (Mar 13) in SAN FRANCISCO with ROBIN SLOAN, then Toronto, NYC, Anaheim, and more!

Another characteristically brilliant Kashmir Hill story for The New York Times reveals another characteristically terrible fact about modern life: your car secretly records fine-grained telemetry about your driving and sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums:

https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

Almost every car manufacturer does this: Hyundai, Nissan, Ford, Chrysler, etc etc:

https://www.repairerdrivennews.com/2020/09/09/ford-state-farm-ford-metromile-honda-verisk-among-insurer-oem-telematics-connections/

This is true whether you own or lease the car, and it's separate from the "black box" your insurer might have offered to you in exchange for a discount on your premiums. In other words, even if you say no to the insurer's carrot – a surveillance-based discount – they've got a stick in reserve: buying your nonconsensually harvested data on the open market.

I've always hated that saying, "If you're not paying for the product, you're the product," the reason being that it posits decent treatment as a customer reward program, like the little ramekin warm nuts first class passengers get before takeoff. Companies don't treat you well when you pay them. Companies treat you well when they fear the consequences of treating you badly.

Take Apple. The company offers Ios users a one-tap opt-out from commercial surveillance, and more than 96% of users opted out. Presumably, the other 4% were either confused or on Facebook's payroll. Apple – and its army of cultists – insist that this proves that our world's woes can be traced to cheapskate "consumers" who expected to get something for nothing by using advertising-supported products.

But here's the kicker: right after Apple blocked all its rivals from spying on its customers, it began secretly spying on those customers! Apple has a rival surveillance ad network, and even if you opt out of commercial surveillance on your Iphone, Apple still secretly spies on you and uses the data to target you for ads:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Even if you're paying for the product, you're still the product – provided the company can get away with treating you as the product. Apple can absolutely get away with treating you as the product, because it lacks the historical constraints that prevented Apple – and other companies – from treating you as the product.

As I described in my McLuhan lecture on enshittification, tech firms can be constrained by four forces:

I. Competition

II. Regulation

III. Self-help

IV. Labor

https://pluralistic.net/2024/01/30/go-nuts-meine-kerle/#ich-bin-ein-bratapfel

When companies have real competitors – when a sector is composed of dozens or hundreds of roughly evenly matched firms – they have to worry that a maltreated customer might move to a rival. 40 years of antitrust neglect means that corporations were able to buy their way to dominance with predatory mergers and pricing, producing today's inbred, Habsburg capitalism. Apple and Google are a mobile duopoly, Google is a search monopoly, etc. It's not just tech! Every sector looks like this:

https://www.openmarketsinstitute.org/learn/monopoly-by-the-numbers

Eliminating competition doesn't just deprive customers of alternatives, it also empowers corporations. Liberated from "wasteful competition," companies in concentrated industries can extract massive profits. Think of how both Apple and Google have "competitively" arrived at the same 30% app tax on app sales and transactions, a rate that's more than 1,000% higher than the transaction fees extracted by the (bloated, price-gouging) credit-card sector:

https://pluralistic.net/2023/06/07/curatorial-vig/#app-tax

But cartels' power goes beyond the size of their warchest. The real source of a cartel's power is the ease with which a small number of companies can arrive at – and stick to – a common lobbying position. That's where "regulatory capture" comes in: the mobile duopoly has an easier time of capturing its regulators because two companies have an easy time agreeing on how to spend their app-tax billions:

https://pluralistic.net/2022/06/05/regulatory-capture/

Apple – and Google, and Facebook, and your car company – can violate your privacy because they aren't constrained regulation, just as Uber can violate its drivers' labor rights and Amazon can violate your consumer rights. The tech cartels have captured their regulators and convinced them that the law doesn't apply if it's being broken via an app:

https://pluralistic.net/2023/04/18/cursed-are-the-sausagemakers/#how-the-parties-get-to-yes

In other words, Apple can spy on you because it's allowed to spy on you. America's last consumer privacy law was passed in 1988, and it bans video-store clerks from leaking your VHS rental history. Congress has taken no action on consumer privacy since the Reagan years:

https://www.eff.org/tags/video-privacy-protection-act

But tech has some special enshittification-resistant characteristics. The most important of these is interoperability: the fact that computers are universal digital machines that can run any program. HP can design a printer that rejects third-party ink and charge $10,000/gallon for its own colored water, but someone else can write a program that lets you jailbreak your printer so that it accepts any ink cartridge:

https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer

Tech companies that contemplated enshittifying their products always had to watch over their shoulders for a rival that might offer a disenshittification tool and use that as a wedge between the company and its customers. If you make your website's ads 20% more obnoxious in anticipation of a 2% increase in gross margins, you have to consider the possibility that 40% of your users will google "how do I block ads?" Because the revenue from a user who blocks ads doesn't stay at 100% of the current levels – it drops to zero, forever (no user ever googles "how do I stop blocking ads?").

The majority of web users are running an ad-blocker:

https://doc.searls.com/2023/11/11/how-is-the-worlds-biggest-boycott-doing/

Web operators made them an offer ("free website in exchange for unlimited surveillance and unfettered intrusions") and they made a counteroffer ("how about 'nah'?"):

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

Here's the thing: reverse-engineering an app – or any other IP-encumbered technology – is a legal minefield. Just decompiling an app exposes you to felony prosecution: a five year sentence and a $500k fine for violating Section 1201 of the DMCA. But it's not just the DMCA – modern products are surrounded with high-tech tripwires that allow companies to invoke IP law to prevent competitors from augmenting, recongifuring or adapting their products. When a business says it has "IP," it means that it has arranged its legal affairs to allow it to invoke the power of the state to control its customers, critics and competitors:

https://locusmag.com/2020/09/cory-doctorow-ip/

An "app" is just a web-page skinned in enough IP to make it a crime to add an ad-blocker to it. This is what Jay Freeman calls "felony contempt of business model" and it's everywhere. When companies don't have to worry about users deploying self-help measures to disenshittify their products, they are freed from the constraint that prevents them indulging the impulse to shift value from their customers to themselves.

Apple owes its existence to interoperability – its ability to clone Microsoft Office's file formats for Pages, Numbers and Keynote, which saved the company in the early 2000s – and ever since, it has devoted its existence to making sure no one ever does to Apple what Apple did to Microsoft:

https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

Regulatory capture cuts both ways: it's not just about powerful corporations being free to flout the law, it's also about their ability to enlist the law to punish competitors that might constrain their plans for exploiting their workers, customers, suppliers or other stakeholders.

The final historical constraint on tech companies was their own workers. Tech has very low union-density, but that's in part because individual tech workers enjoyed so much bargaining power due to their scarcity. This is why their bosses pampered them with whimsical campuses filled with gourmet cafeterias, fancy gyms and free massages: it allowed tech companies to convince tech workers to work like government mules by flattering them that they were partners on a mission to bring the world to its digital future:

https://pluralistic.net/2023/09/10/the-proletarianization-of-tech-workers/

For tech bosses, this gambit worked well, but failed badly. On the one hand, they were able to get otherwise powerful workers to consent to being "extremely hardcore" by invoking Fobazi Ettarh's spirit of "vocational awe":

https://www.inthelibrarywiththeleadpipe.org/2018/vocational-awe/

On the other hand, when you motivate your workers by appealing to their sense of mission, the downside is that they feel a sense of mission. That means that when you demand that a tech worker enshittifies something they missed their mother's funeral to deliver, they will experience a profound sense of moral injury and refuse, and that worker's bargaining power means that they can make it stick.

Or at least, it did. In this era of mass tech layoffs, when Google can fire 12,000 workers after a $80b stock buyback that would have paid their wages for the next 27 years, tech workers are learning that the answer to "I won't do this and you can't make me" is "don't let the door hit you in the ass on the way out" (AKA "sharpen your blades boys"):

https://techcrunch.com/2022/09/29/elon-musk-texts-discovery-twitter/

With competition, regulation, self-help and labor cleared away, tech firms – and firms that have wrapped their products around the pluripotently malleable core of digital tech, including automotive makers – are no longer constrained from enshittifying their products.

And that's why your car manufacturer has chosen to spy on you and sell your private information to data-brokers and anyone else who wants it. Not because you didn't pay for the product, so you're the product. It's because they can get away with it.

Cars are enshittified. The dozens of chips that auto makers have shoveled into their car design are only incidentally related to delivering a better product. The primary use for those chips is autoenshittification – access to legal strictures ("IP") that allows them to block modifications and repairs that would interfere with the unfettered abuse of their own customers:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

The fact that it's a felony to reverse-engineer and modify a car's software opens the floodgates to all kinds of shitty scams. Remember when Bay Staters were voting on a ballot measure to impose right-to-repair obligations on automakers in Massachusetts? The only reason they needed to have the law intervene to make right-to-repair viable is that Big Car has figured out that if it encrypts its diagnostic messages, it can felonize third-party diagnosis of a car, because decrypting the messages violates the DMCA:

https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy

Big Car figured out that VIN locking – DRM for engine components and subassemblies – can felonize the production and the installation of third-party spare parts:

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

The fact that you can't legally modify your car means that automakers can go back to their pre-2008 ways, when they transformed themselves into unregulated banks that incidentally manufactured the cars they sold subprime loans for. Subprime auto loans – over $1t worth! – absolutely relies on the fact that borrowers' cars can be remotely controlled by lenders. Miss a payment and your car's stereo turns itself on and blares threatening messages at top volume, which you can't turn off. Break the lease agreement that says you won't drive your car over the county line and it will immobilize itself. Try to change any of this software and you'll commit a felony under Section 1201 of the DMCA:

https://pluralistic.net/2021/04/02/innovation-unlocks-markets/#digital-arm-breakers

Tesla, naturally, has the most advanced anti-features. Long before BMW tried to rent you your seat-heater and Mercedes tried to sell you a monthly subscription to your accelerator pedal, Teslas were demon-haunted nightmare cars. Miss a Tesla payment and the car will immobilize itself and lock you out until the repo man arrives, then it will blare its horn and back itself out of its parking spot. If you "buy" the right to fully charge your car's battery or use the features it came with, you don't own them – they're repossessed when your car changes hands, meaning you get less money on the used market because your car's next owner has to buy these features all over again:

https://pluralistic.net/2023/07/28/edison-not-tesla/#demon-haunted-world

And all this DRM allows your car maker to install spyware that you're not allowed to remove. They really tipped their hand on this when the R2R ballot measure was steaming towards an 80% victory, with wall-to-wall scare ads that revealed that your car collects so much information about you that allowing third parties to access it could lead to your murder (no, really!):

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

That's why your car spies on you. Because it can. Because the company that made it lacks constraint, be it market-based, legal, technological or its own workforce's ethics.

One common critique of my enshittification hypothesis is that this is "kind of sensible and normal" because "there’s something off in the consumer mindset that we’ve come to believe that the internet should provide us with amazing products, which bring us joy and happiness and we spend hours of the day on, and should ask nothing back in return":

https://freakonomics.com/podcast/how-to-have-great-conversations/

What this criticism misses is that this isn't the companies bargaining to shift some value from us to them. Enshittification happens when a company can seize all that value, without having to bargain, exploiting law and technology and market power over buyers and sellers to unilaterally alter the way the products and services we rely on work.

A company that doesn't have to fear competitors, regulators, jailbreaking or workers' refusal to enshittify its products doesn't have to bargain, it can take. It's the first lesson they teach you in the Darth Vader MBA: "I am altering the deal. Pray I don't alter it any further":

https://pluralistic.net/2023/10/26/hit-with-a-brick/#graceful-failure

Your car spying on you isn't down to your belief that your carmaker "should provide you with amazing products, which brings your joy and happiness you spend hours of the day on, and should ask nothing back in return." It's not because you didn't pay for the product, so now you're the product. It's because they can get away with it.

The consequences of this spying go much further than mere insurance premium hikes, too. Car telemetry sits at the top of the funnel that the unbelievably sleazy data broker industry uses to collect and sell our data. These are the same companies that sell the fact that you visited an abortion clinic to marketers, bounty hunters, advertisers, or vengeful family members pretending to be one of those:

https://pluralistic.net/2022/05/07/safegraph-spies-and-lies/#theres-no-i-in-uterus

Decades of pro-monopoly policy led to widespread regulatory capture. Corporate cartels use the monopoly profits they extract from us to pay for regulatory inaction, allowing them to extract more profits.

But when it comes to privacy, that period of unchecked corporate power might be coming to an end. The lack of privacy regulation is at the root of so many problems that a pro-privacy movement has an unstoppable constituency working in its favor.

At EFF, we call this "privacy first." Whether you're worried about grifters targeting vulnerable people with conspiracy theories, or teens being targeted with media that harms their mental health, or Americans being spied on by foreign governments, or cops using commercial surveillance data to round up protesters, or your car selling your data to insurance companies, passing that long-overdue privacy legislation would turn off the taps for the data powering all these harms:

https://www.eff.org/wp/privacy-first-better-way-address-online-harms

Traditional economics fails because it thinks about markets without thinking about power. Monopolies lead to more than market power: they produce regulatory capture, power over workers, and state capture, which felonizes competition through IP law. The story that our problems stem from the fact that we just don't spend enough money, or buy the wrong products, only makes sense if you willfully ignore the power that corporations exert over our lives. It's nice to think that you can shop your way out of a monopoly, because that's a lot easier than voting your way out of a monopoly, but no matter how many times you vote with your wallet, the cartels that control the market will always win:

https://pluralistic.net/2024/03/05/the-map-is-not-the-territory/#apor-locksmith

Name your price for 18 of my DRM-free ebooks and support the Electronic Frontier Foundation with the Humble Cory Doctorow Bundle.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/03/12/market-failure/#car-wars

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

2K notes · View notes

mostlysignssomeportents · 6 months

Text

The enshittification of garage-door openers reveals a vast and deadly rot

I'll be at the Studio City branch of the LA Public Library on Monday, November 13 at 1830hPT to launch my new novel, The Lost Cause. There'll be a reading, a talk, a surprise guest (!!) and a signing, with books on sale. Tell your friends! Come on down!

How could this happen? Owners of Chamberlain MyQ automatic garage door openers just woke up to discover that the company had confiscated valuable features overnight, and that there was nothing they could do about it.

Oh, we know what happened, technically speaking. Chamberlain shut off the API for its garage-door openers, which breaks their integration with home automation systems like Home Assistant. The company even announced that it was doing this, calling the integration an "unauthorized usage" of its products, though the "unauthorized" parties in this case are the people who own Chamberlain products:

https://chamberlaingroup.com/press/a-message-about-our-decision-to-prevent-unauthorized-usage-of-myq

We even know why Chamberlain did this. As Ars Technica's Ron Amadeo points out, shutting off the API is a way for Chamberlain to force its customers to use its ad-beshitted, worst-of-breed app, so that it can make a few pennies by nonconsensually monetizing its customers' eyeballs:

https://arstechnica.com/gadgets/2023/11/chamberlain-blocks-smart-garage-door-opener-from-working-with-smart-homes/

But how did this happen? How did a giant company like Chamberlain come to this enshittening juncture, in which it felt empowered to sabotage the products it had already sold to its customers? How can this be legal? How can it be good for business? How can the people who made this decision even look themselves in the mirror?

To answer these questions, we must first consider the forces that discipline companies, acting against the impulse to enshittify their products and services. There are four constraints on corporate conduct:

I. Competition. The fear of losing your business to a rival can stay even the most sociopathic corporate executive's hand.

II. Regulation. The fear of being fined, criminally sanctioned, or banned from doing business can check the greediest of leaders.

III. Capability. Corporate executives can dream up all kinds of awful ways to shift value from your side of the ledger to their own, but they can only do the things that are technically feasible.

IV. Self-help. The possibility of customers modifying, reconfiguring or altering their products to restore lost functionality or neutralize antifeatures carries an implied threat to vendors. If a printer company's anti-generic-ink measures drives a customer to jailbreak their printers, the original manufacturer's connection to that customer is permanently severed, as the customer creates a durable digital connection to a rival.

When companies act in obnoxious, dishonest, shitty ways, they aren't merely yielding to temptation – they are evading these disciplining forces. Thus, the Great Enshittening we are living through doesn't reflect an increase in the wickedness of corporate leadership. Rather, it represents a moment in which each of these disciplining factors have been gutted by specific policies.

This is good news, actually. We used to put down rat poison and we didn't have a rat problem. Then we stopped putting down rat poison and rats are eating us alive. That's not a nice feeling, but at least we know at least one way of addressing it – we can start putting down poison again. That is, we can start enforcing the rules that we stopped enforcing, in living memory. Having a terrible problem is no fun, but the best kind of terrible problem to have is one that you know a solution to.

As it happens, Chamberlain is a neat microcosm for all the bad policy choices that created the Era of Enshittification. Let's go through them:

Competition: Chamberlain doesn't have to worry about competition, because it is owned by a private equity fund that "rolled up" all of Chamberlain's major competitors into a single, giant firm. Most garage-door opener brands are actually Chamberlain, including "LiftMaster, Chamberlain, Merlin, and Grifco":

https://www.lakewoodgaragedoor.biz/blog/the-history-of-garage-door-openers

This is a pretty typical PE rollup, and it exploits a bug in US competition law called "Antitrust's Twilight Zone":

https://pluralistic.net/2022/12/16/schumpeterian-terrorism/#deliberately-broken

When companies buy each other, they are subject to "merger scrutiny," a set of guidelines that the FTC and DoJ Antitrust Division use to determine whether the outcome is likely to be bad for competition. These rules have been pretty lax since the Reagan administration, but they've currently being revised to make them substantially more strict:

https://www.justice.gov/opa/pr/justice-department-and-ftc-seek-comment-draft-merger-guidelines

One of the blind spots in these merger guidelines is an exemption for mergers valued at less than $101m. Under the Hart-Scott-Rodino Act, these fly under the radar, evading merger scrutiny. That means that canny PE companies can roll up dozens and dozens of standalone businesses, like funeral homes, hospital beds, magic mushrooms, youth addiction treatment centers, mobile home parks, nursing homes, physicians’ practices, local newspapers, or e-commerce sellers:

http://www.economicliberties.us/wp-content/uploads/2022/12/Serial-Acquisitions-Working-Paper-R4-2.pdf

By titrating the purchase prices, PE companies – like Blackstone, owners of Chamberlain and all the other garage-door makers – can acquire a monopoly without ever raising a regulatory red flag.

But antitrust enforcers aren't helpless. Under (the long dormant) Section 7 of the Clayton Act, competition regulators can block mergers that lead to "incipient monopolization." The incipiency standard prevented monopolies from forming from 1914, when the Clayton Act passed, until the Reagan administration. We used to put down rat poison, and we didn't have rats. We stopped, and rats are gnawing our faces off. We still know where the rat poison is – maybe we should start putting it down again.

On to regulation. How is it possible for Chamberlain to sell you a garage-door opener that has an API and works with your chosen home automation system, and then unilaterally confiscate that valuable feature? Shouldn't regulation protect you from this kind of ripoff?

It should, but it doesn't. Instead, we have a bunch of regulations that protect Chamberlain from you. Think of binding arbitration, which allows Chamberlain to force you to click through an "agreement" that takes away your right to sue them or join a class-action suit:

https://pluralistic.net/2022/10/20/benevolent-dictators/#felony-contempt-of-business-model

But regulation could protect you from Chamberlain. Section 5 of the Federal Trade Commission Act allows the FTC to ban any "unfair and deceptive" conduct. This law has been on the books since 1914, but Section 5 has been dormant, forgotten and unused, for decades. The FTC's new dynamo chair, Lina Khan, has revived it, and is use it like a can-opener to free Americans who've been trapped by abusive conduct:

https://pluralistic.net/2023/01/10/the-courage-to-govern/#whos-in-charge

Khan's used Section 5 powers to challenge privacy invasions, noncompete clauses, and other corporate abuses – the bait-and-switch tactics of Chamberlain are ripe for a Section 5 case. If you buy a gadget because it has five features and then the vendor takes two of them away, they are clearly engaged in "unfair and deceptive" conduct.

On to capability. Since time immemorial, corporate leaders have fetishized "flexibility" in their business arrangements – like the ability to do "dynamic pricing" that changes how much you pay for something based on their guess about how much you are willing to pay. But this impulse to play shell games runs up against the hard limits of physical reality: grocers just can't send an army of rollerskated teenagers around the store to reprice everything as soon as a wealthy or desperate-looking customer comes through the door. They're stuck with crude tactics like doubling the price of a flight that doesn't include a Saturday stay as a way of gouging business travelers on an expense account.

With any shell-game, the quickness of the hand deceives the eye. Corporate crooks armed with computers aren't smarter or more wicked than their analog forebears, but they are faster. Digital tools allow companies to alter the "business logic" of their services from instant to instant, in highly automated ways:

https://pluralistic.net/2023/02/19/twiddler/

The monopoly coalition has successfully argued that this endless "twiddling" should not be constrained by privacy, labor or consumer protection law. Without these constraints, corporate twiddlers can engage in all kinds of ripoffs, like wage theft and algorithmic wage discrimination:

https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men

Twiddling is key to the Darth Vader MBA ("I am altering the deal. Pray I don't alter it further"), in which features are confiscated from moment to moment, without warning or recourse:

https://pluralistic.net/2023/10/26/hit-with-a-brick/#graceful-failure

There's no reason to accept the premise that violating your privacy, labor rights or consumer rights with a computer is so different from analog ripoffs that existing laws don't apply. The unconstrained twiddling of digital ripoff artists is a plague on billions of peoples' lives, and any enforcer who sticks up for our rights will have an army of supporters behind them.

Finally, there's the fear of self-help measures. All the digital flexibility that tech companies use to take value away can be used to take it back, too. The whole modern history of digital computers is the history of "adversarial interoperability," in which the sleazy antifeatures of established companies are banished through reverse-engineering, scraping, bots and other forms of technological guerrilla warfare:

https://www.eff.org/deeplinks/2019/10/adversarial-interoperability

Adversarial interoperability represents a serious threat to established business. If you're a printer company gouging on toner, your customers might defect to a rival that jailbreaks your security measures. That's what happened to Lexmark, who lost a case against the toner-refilling company Static Controls, which went on to buy Lexmark:

https://www.eff.org/deeplinks/2019/06/felony-contempt-business-model-lexmarks-anti-competitive-legacy

Sure, your customers are busy and inattentive and you can degrade the quality of your product a lot before they start looking for ways out. But once they cross that threshold, you can lose them forever. That's what happened to Microsoft: the company made the tactical decision to produce a substandard version of Office for the Mac in a drive to get Mac users to switch to Windows. Instead, Apple made Iwork (Pages, Numbers and Keynote), which could read and write every Office file, and Mac users threw away Office, the only Microsoft product they owned, permanently severing their relationship to the company:

https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

Today, companies can operate without worrying about this kind of self-help measure. There' a whole slew of IP rights that Chamberlain can enforce against you if you try to fix your garage-door opener yourself, or look to a competitor to sell you a product that restores the feature they took away:

https://locusmag.com/2020/09/cory-doctorow-ip/

Jailbreaking your Chamberlain gadget in order to make it answer to a rival's app involves bypassing a digital lock. Trafficking in a tool to break a digital lock is a felony under Section 1201 of the Digital Millennium Copyright, carrying a five-year prison sentence and a $500,000 fine.

In other words, it's not just that tech isn't regulated, allowing for endless twiddling against your privacy, consumer rights and labor rights. It's that tech is badly regulated, to permit unlimited twiddling by tech companies to take away your rightsand to prohibit any twiddling by you to take them back. The US government thumbs the scales against you, creating a regime that Jay Freeman aptly dubbed "felony contempt of business model":

https://pluralistic.net/2022/10/23/how-to-fix-cars-by-breaking-felony-contempt-of-business-model/

All kinds of companies have availed themselves of this government-backed superpower. There's DRM – digital locks, covered by DMCA 1201 – in powered wheelchairs:

https://www.eff.org/deeplinks/2022/06/when-drm-comes-your-wheelchair

In dishwashers:

https://pluralistic.net/2021/05/03/cassette-rewinder/#disher-bob

In treadmills:

https://pluralistic.net/2021/06/22/vapescreen/#jane-get-me-off-this-crazy-thing

In tractors:

https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/

It should come as no surprise to learn that Chamberlain has used DMCA 1201 to block interoperable garage door opener components:

https://scholarship.law.marquette.edu/cgi/viewcontent.cgi?article=1233&context=iplr

That's how we arrived at this juncture, where a company like Chamberlain can break functionality its customers value highly, solely to eke out a minuscule new line of revenue by selling ads on their own app.

Chamberlain bought all its competitors.

Chamberlain operates in a regulatory environment that is extremely tolerant of unfair and deceptive practices. Worse: they can unilaterally take away your right to sue them, which means that if regulators don't bestir themselves to police Chamberlain, you are shit out of luck.

Chamberlain has endless flexibility to unilaterally alter its products' functionality, in fine-grained ways, even after you've purchased them.

Chamberlain can sue you if you try to exercise some of that same flexibility to protect yourself from their bad practices.

Combine all four of those factors, and of course Chamberlain is going to enshittify its products. Every company has had that one weaselly asshole at the product-planning table who suggests a petty grift like breaking every one of the company's customers' property to sell a few ads. But historically, the weasel lost the argument to others, who argued that making every existing customer furious would affect the company's bottom line, costing it sales and/or fines, and prompting customers to permanently sever their relationship with the company by seeking out and installing alternative software. Take away all the constraints on a corporation's worst impulses, and this kind of conduct is inevitable:

https://pluralistic.net/2023/07/28/microincentives-and-enshittification/

This isn't limited to Chamberlain. Without the discipline of competition, regulation, self-help measures or technological limitations, every industry in undergoing wholesale enshittification. It's not a coincidence that Chamberlain's grift involves a push to move users into its app. Because apps can't be reverse-engineered and modified without risking DMCA 1201 prosecution, forcing a user into an app is a tidy and reliable way to take away that user's rights.

Think about ad-blocking. One in four web users has installed an ad-blockers ("the biggest boycott in world history" -Doc Searls). Zero app users have installed app-blockers, because they don't exist, because making one is a felony. An app is just a web-page wrapped in enough IP to make it a crime to defend yourself against corporate predation:

https://pluralistic.net/2023/08/27/an-audacious-plan-to-halt-the-internets-enshittification-and-throw-it-into-reverse/

The temptation to enshitiffy isn't new, but the ability to do so without consequence is a modern phenomenon, the intersection of weak policy enforcement and powerful technology. Your car is autoenshittified, a rolling rent-seeking platform that spies on you and price-gouges you:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

Cars are in an uncontrolled skid over Enshittification Cliff. Honda, Toyota, VW and GM all sell cars with infotainment systems that harvest your connected phone's text-messages and send them to the corporation for data-mining. What's more, a judge in Washington state just ruled that this is legal:

https://therecord.media/class-action-lawsuit-cars-text-messages-privacy

While there's no excuse for this kind of sleazy conduct, we can reasonably anticipate that if our courts would punish companies for engaging in it, they might be able to resist the temptation. No wonder Mozilla's latest Privacy Not Included research report called cars "the worst product category we have ever reviewed":

https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

I mean, Nissan tries to infer facts about your sex life and sells those inferences to marketing companies:

https://foundation.mozilla.org/en/privacynotincluded/nissan/

But the OG digital companies are the masters of enshittification. Microsoft has been at this game for longer than anyone, and every day brings a fresh way that Microsoft has worsened its products without fear of consequence. The latest? You can't delete your OneDrive account until you provide an acceptable explanation for your disloyalty:

https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification

It's tempting to think that the cruelty is the point, but it isn't. It's almost never the point. The point is power and money. Unscrupulous businesses have found ways to make money by making their products worse since the industrial revolution. Here's Jules Dupuis, writing about 19th century French railroads:

It is not because of the few thousand francs which would have to be spent to put a roof over the third-class carriages or to upholster the third-class seats that some company or other has open carriages with wooden benches. What the company is trying to do is to prevent the passengers who can pay the second class fare from traveling third class; it hits the poor, not because it wants to hurt them, but to frighten the rich. And it is again for the same reason that the companies, having proved almost cruel to the third-class passengers and mean to the second-class ones, become lavish in dealing with first-class passengers. Having refused the poor what is necessary, they give the rich what is superfluous.

https://www.tumblr.com/mostlysignssomeportents/731357317521719296/having-refused-the-poor-what-is-necessary-they

But as bad as all this is, let me remind you about the good part: we know how to stop companies from enshittifying their products. We know what disciplines their conduct: competition, regulation, capability and self-help measures. Yes, rats are gnawing our eyeballs, but we know which rat-poison to use, and where to put it to control those rats.

Competition, regulation, constraint and self-help measures all backstop one another, and while one or a few can make a difference, they are most powerful when they're all mobilized in concert. Think of the failure of the EU's landmark privacy law, the GDPR. While the GDPR proved very effective against bottom-feeding smaller ad-tech companies, the worse offenders, Meta and Google, have thumbed their noses at it.

This was enabled in part by the companies' flying an Irish flag of convenience, maintaining the pretense that they have to be regulated in a notorious corporate crime-haven:

https://pluralistic.net/2023/05/15/finnegans-snooze/#dirty-old-town

That let them get away with all kinds of shenanigans, like ignoring the GDPR's requirement that you should be able to easily opt out of data-collection without having to go through cumbersome "cookie consent" dialogs or losing access to the service as punishment for declining to be tracked.

As the noose has tightened around these surveillance giants, they're continuing to play games. Meta now says that the only way to opt out of data-collection in the EU is to pay for the service:

https://pluralistic.net/2023/10/30/markets-remaining-irrational/#steins-law

This is facially illegal under the GDPR. Not only are they prohibited from punishing you for opting out of collection, but the whole scheme ignores the nature of private data collection. If Facebook collects the fact that you and I are friends, but I never opted into data-collection, they have violated the GDPR, even if you were coerced into granting consent:

https://www.nakedcapitalism.com/2023/11/the-pay-or-consent-challenge-for-platform-regulators.html

The GDPR has been around since 2016 and Google and Meta are still invading 500 million Europeans' privacy. This latest delaying tactic could add years to their crime-spree before they are brought to justice.

But most of this surveillance is only possible because so much of how you interact with Google and Meta is via an app, and an app is just a web-page that's a felony to make an ad-blocker for. If the EU were to legalize breaking DRM – repealing Article 6 of the 2001 Copyright Directive – then we wouldn't have to wait for the European Commission to finally wrestle these two giant companies to the ground. Instead, EU companies could make alternative clients for all of Google and Meta's services that don't spy on you, without suffering the fate of OG App, which tried this last winter and was shut down by "felony contempt of business model":

https://pluralistic.net/2023/02/05/battery-vampire/#drained

Enshittification is demoralizing. To quote @wilwheaton, every update to the services we use inspires "dread of 'How will this complicate things as I try to maintain privacy and sanity in a world that demands I have this thing to operate?'"

https://wilwheaton.tumblr.com/post/698603648058556416/cory-doctorow-if-you-see-this-and-have-thoughts

But there are huge natural constituencies for the four disciplining forces that keep enshittification at bay.

Remember, Antitrust's Twilight Zone doesn't just allow rollups of garage-door opener companies – it's also poison for funeral homes, hospital beds, magic mushrooms, youth addiction treatment centers, mobile home parks, nursing homes, physicians’ practices, local newspapers, or e-commerce sellers.

The Binding Arbitration scam that stops Chamberlain customers from suing the company also stops Uber drivers from suing over stolen wages, Turbotax customers from suing over fraud, and many other victims of corporate crime from getting a day in court.

The failure to constrain twiddling to protect privacy, labor rights and consumer rights enables a host of abuses, from stalking, doxing and SWATting to wage theft and price gouging:

https://pluralistic.net/2023/11/06/attention-rents/#consumer-welfare-queens

And Felony Contempt of Business Model is used to screw you over every time you refill your printer, run your dishwasher, or get your Iphone's screen replaced.

The actions needed to halt and reverse this enshittification are well understood, and the partisans for taking those actions are too numerous to count. It's taken a long time for all those individuals suffering under corporate abuses to crystallize into a movement, but at long last, it's happening.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/11/09/lead-me-not-into-temptation/#chamberlain

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

375 notes · View notes

mostlysignssomeportents · 8 months

Text

Saturday linkdump, part the sixth

On September 12 at 7pm, I'll be at Toronto's Another Story Bookshop with my new book The Internet Con: How to Seize the Means of Computation.

On September 14, I'm hosting the EFF Awards in San Francisco.

I usually write this blog 5-6 days/week, but every now and again, I take a break, and when I do, I get massive link backlogs of stuff I want to write about, but lack the time to address in depth. When that happens, I turn my Saturday edition into a linkdump. Today, I present the sixth in the series – here's the other five:

https://pluralistic.net/tag/linkdump/

Why was I offline and away from my blog? I went to the dirt rave. Yes, I was one of the 70,000+ people stuck in the mud at this year's Burning Man, and when I emailed my editor at the New York Times to say I might be late on the op-ed I was working on, she asked me to write about what this year's mud crisis meant:

https://www.nytimes.com/2023/09/06/opinion/burning-man-flood-playa-climate-change.html

tl;dr:

Bad weather is normal at Burning Man (it's a feature, not a bug);

Mostly burners leapt to the occasion, which is what people almost always do in disaster situations;

This is the second Burning Man heavy weather year in a row;

The climate emergency is tipping the Black Rock Desert from "extremely challenging" to "impossible";

This isn't the last event, place and tradition that will have to be radically reconsidered in light of the climate emergency;

But now I'm home, in my hammock, with all the laundry done – just in time to leave again. I'm about to head back to my hometown of Toronto for a book launch. The Internet Con, my latest nonfiction (from Verso Books) came out last week, and I'll be appearing at Another Story Bookshop on Tuesday:

https://anotherstory.ca/events/29283

Internet Con is a "Big Tech disassembly manual." It explains how Big Tech got so big (lax anti-monopoly enforcement, which led to regulatory capture, which let Big Tech abuse our privacy, labor rights, and consumer rights), and how we can use interoperability so it's no longer Too Big to Fail, nor Too Big to Jail:

https://www.versobooks.com/products/3035-the-internet-con

You can read a long excerpt from the book in Wired, which lays out some of the shovel-ready legislative, regulatory and technical proposals that are the book's main purpose:

https://www.wired.com/story/the-internet-con-cory-doctorow-book-excerpt/

You can also hear me read the whole introduction and first chapter of the audiobook on my podcast:

https://craphound.com/internetcon/2023/08/01/the-internet-con-how-to-seize-the-means-of-computation-audiobook-outtake/

That comes from the audiobook, a DRM-free, independent edition that I financed, produced and narrated myself. You can get the audiobook everywhere except Audible, Apple Books, and Audiobooks.com, all of which have mandatory DRM policies. You can also get it direct from me:

https://transactions.sendowl.com/products/78992826/DEA0CE12/purchase

The DRM-free ebook is available everywhere ebooks are sold (Kobo, Kindle, Nook, etc), as well as in my own DRM-free ebook store:

https://transactions.sendowl.com/products/78992801/9C4FC2B8/purchase

Verso's books are sold in bookstores around the world; you can support your local bookseller by buying it through Bookshop:

https://bookshop.org/p/books/the-internet-con-how-to-seize-the-means-of-computation-cory-doctorow/18771891?ean=9781804291245

If you'd like a signed copy, there's stock at Book Soup:

https://www.booksoup.com/book/9781804291245

Now, it was inevitable that I would do a book event for Internet Con in Toronto – I've never had a bad event there, and I love my hometown – but the timing of this event was driven by a non-book-related factor. Talking Heads is appearing together at TIFF, to support the re-release of Stop Making Sense, the greatest concert film in human history:

https://pluralistic.net/StopMakingSense

People often ask me what my favorite book is, and I always tell them that you should never trust people who have one favorite book, as it inevitably turns out to be The Bible, The Fountainhead, or Mein Kampf. But while I don't have a favorite book, I have a clear and unambiguous favorite band.

If I was forced to listen to no music other than Talking Heads for the rest of my life, I would be perfectly happy. Ecstatic, even. Throw in David Byrne, Tom Tom Club and Casual Gods and I probably wouldn't even notice anything missing.

There's a running joke among my Burning Man campmates that whenever I'm in charge of the music, I'm just shuffling Talking Heads rarities, and whenever someone puts on anything else, I demand to know which Talking Heads album it came from. Which is all to say: I have tickets for the Talking Heads event at TIFF and I could *not be more excited.*

Continuing on the Canadian theme, one of the annual highlights of Canadian media is the Massey Lectures, a series of public lectures given around the country and rebroadcast on CBC. These are always great, but recent years have been superb – Ron Deibert's 2020 series was unmissable:

https://pluralistic.net/2020/11/10/dark-matter/#citizenlab

This year's Masseys are shaping up to be the GOAT. They're presented by Astra Taylor, an activist rock-and-roller turned documentary filmmaker who is one of the founders of the Debt Collective, fighting for student debt cancellation. Everything Astra does is amazing and her profile on CBC Ideas gives some background on the role that unschooling played in making her the powerful activist she is today:

https://www.cbc.ca/radio/ideas/astra-taylor-interview-2023-massey-lecturer-1.6959320

There's no question that things are messed up right now, but Astra and people like her shine out like beacons of hope. 17 years ago, self-described "democracy nut" Tom Stites gave one of the seminal lectures on the role news media play in democracy:

http://citmedia.org/blog/2006/07/03/guest-posting-is-media-performance-democracys-critical-issue/

17 years later – and from his perch as editor at the essential International Consortium of Investigative Journalists – Stites presents us a long-overdue, extremely pertinent followup: "Building Civic Energy is the Goal, Not Saving Old News Business Models":

https://banyanproject.coop/wp-content/uploads/2023/09/Hope-College-speech-for-Banyan-website-1.pdf

Stites's intervention is extremely timely, because policymakers all over the world have made the mistake of thinking that Big Tech is stealing the news media's content, which is absolutely untrue. It is good, actually, to index news stories and let people discuss, quote from and link to news stories. News you're not allowed to talk about isn't news, it's a secret.

But Big Tech is stealing from news. They're not stealing content – they're stealing money. The Google/Apple duopoly rakes 30% off every subscription payment collected in an app. The Google/Meta duopoly rakes 51% out of every ad-dollar (and maintain that death-grip through creepy, privacy-invading surveillance ads). Meta and Twitter hold social media subscribers hostage, forcing publishers to pay to reach their own subscribers.

We don't want the news to be Big Tech's partners – we need them to be Big Tech's watchdogs. "Link taxes" and other profit-sharing arrangements between the media and tech cut against the civic energy Stites wants to build.

(You can read more about this – along with policy prescriptions for halting Big Tech's rent-extraction from the news – in "Saving the News From Big Tech," my EFF white-paper:)

https://www.eff.org/deeplinks/2023/04/saving-news-big-tech

If your spirits are lifted by stories of principled activists achieving important – and improbable – victories, you could do worse than to attend the EFF Awards on in San Francisco Sept 14 (I'm the emcee). This year, we're honoring Alexandra Elbakyan for her founding of Sci-Hub, the Library Freedom Project and the Signal Foundation:

https://www.eff.org/awards/effawards/2023

In more activist news: Mozilla produced a startling and astoundingly good – if demoralizing – report on the state of digital privacy and security in the automotive sector:

https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/

Entitled, "It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy," the report reveals just how absolutely terrible the automotive sector is when it comes to privacy practices, collecting (and selling) (and giving away) information about your sex life, your geneology, your genetic characteristics, and your smell (no, seriously).

Their recommendations for which new car you should buy boil down to "don't buy a new car." I have been urging consumer research groups to release a report like this for a decade. There are whole categories of gadgets – like, say, "smart speakers" – that are unsafe at any speed. At a certain point, reviewers need to have the guts to say that every manufacturer in an entire sector is a dumpster fire and they should all be dragged in front of a firing squad – or at least a Congressional committee.

Cars, after all, are nightmares of privacy invasion and rent-extraction, the source of autoenshittification on a massive scale, a mobile form of technofeudalism:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

The fact that cars score so badly on privacy is especially ironic given the campaign Big Car waged against the 2020 Massachusetts Right to Repair ballot initiative, in which car manufacturers held themselves out as the defenders of driver privacy from unscrupulous third parties who couldn't be trusted to handle the vast troves of data your car collects with every hour that God sends:

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

This is a familiar refrain: monopolists often claim that any check on their absolute authority over their users will expose those users to privacy risks. Apple has run a global ad-campaign claiming this, and while Apple does prevent Facebook from spying on iPhone owners, they also secretly spy on those customers in exactly the same way that Facebook used to, and lie about it:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

It turns out that giant companies just aren't good proxies for their customers' interests, and that the power they amass through monopolization shouldn't be counted on as a source of user safety. Monopolists won't reliably defend user privacy – that job belongs to democratically accountable regulators. That's an argument I developed in detail with Bennett Cyphers in our EFF white-paper "Privacy Without Monopoly":

https://www.eff.org/wp/interoperability-and-privacy

That is, rather than getting privacy by "voting with your wallet," you need to get it by voting with your ballot. "The market" is an election that you vote in with dollars, which means that the people with the most dollars always win. When there are zero cars on the market that are safe to drive, you can't vote with your wallet by buying a good one.

On a related subject, the DOJ Antitrust Division has brought the most important tech anti-monopoly case of the century, charging Google with monopolizing search:

https://www.nytimes.com/2023/09/06/technology/modern-internet-first-monopoly-trial-us-google-dominance.html

Part of the DOJ case turns on the fact that Google goes to extraordinary lengths to keep you from every trying another search engine, paying out more than $45 billion every year to be the default search on every device, program and service you might use. In other words, Google spends entire Twitter's worth of dollars every year, lighting it on fire to keep you from finding out about rivals.

Google argues that this is fine, actually, because these are only defaults, and users can dig through their settings to change their search engine. Sure, Google – and the first 20 search results you serve are only defaults, and it wouldn't matter if you were ordered to put them ten screens down, because users could always scroll to see them.

But search defaults aren't the only way that Google locks in searchers – and then harms us by invading our privacy. Google's ubiquitous Chrome browser ties Google's search to Google's invasive, nonconsensual, total surveillance. Chrome turned 15 this year and Google made a huge PR splash out of the anniversary:

https://blog.google/products/chrome/google-chrome-new-features-redesign-2023/

But all that puffery conspicuously failed to mention that Google had quietly rolled out its long-discredited, new surveillance technology, FLOC, which it pretended to kill in 2021:

https://pluralistic.net/2021/04/22/ihor-kolomoisky/#not-that-competition

FLOC is back, rebranded as the Topics API: this is a system for spying on you so advertisers can target you. Google is spinning this as a privacy improvement because it might someday replace "third party cookies," one of the creepiest web surveillance systems.

But as Ron Amadeo writes for Ars Technica, Chrome is the last major browser to support third party cookies – both Safari and Firefox block them by default. So Google is basically saying, "We are going to improve your privacy by changing how we spy on you, even though all our competitors don't do this kind of spying at all":

https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/

This kind of gaslighting, where Google pisses in all our mouths and tells us it's raining, is the hallmark of a decrepit, arrogant, crapulent monopolist that needs to be shattered in the courts. Kudos to the DoJ for doing the people's business here – and kudos to DoJ antitrust boss Jonathan Kanter for promising that he will not go into corporate law when he finishes his stint in government.

The DoJ isn't the only public agency that's serving the American people. The FCC just announced proceedings to force cybersecurity labels for "smart" devices:

https://www.fcc.gov/consumer-governmental-affairs/fcc-proposes-cybersecurity-labeling-program-smart-devices

This is long overdue, and it's a welcome action from the FCC, which was hamstrung for years because cowardly Democratic senators joined with homophobic, libelous Republicans in blocking confirmation hearings for the amazing Gigi Sohn:

https://pluralistic.net/2022/12/15/useful-idiotsuseful-idiots/#unrequited-love

After years of abuse, Sohn bowed out. Now, Anna Gomez has been confirmed to fill that fifth FCC chair, turning the FCC into a fully operational battle station:

https://www.fiercewireless.com/wireless/senate-votes-approve-anna-gomez-5th-fcc-commissioner

The fact that there's all this great stuff going on in the administrative branch is easy to lose sight of amidst the circus of federal electoral politics, in which Donald Trump has retained his role as ringmaster and chief distractor.

Thankfully, we have expert Pantsless Emperor skewerers like Ruben Bolling around – his latest Tom the Dancing Bug revives his brilliant Calvin and Hobbes-inspired Trump gag:

https://boingboing.net/2023/09/06/tom-the-dancing-bug-a-calvinesque-and-hobbesian-look-at-taking-a-mug-shot.html

Well, that's me signing off for the weekend – I've got to pack for my flight to Toronto. If you're looking for more weekend fun, check out the trailer for Fractured Veil, the video game my old pal Chris DiBona has been working on for seven years and which is heading for Steam early access next month:

https://www.youtube.com/watch?v=NjNd3QQnENU

Just watch it. I mean. Wow.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/09/09/nein-nein/#everything-is-miscellaneous

Image: Roel Schroeven (modified) https://www.flickr.com/photos/roelschroeven/45413895

CC BY-SA 2.0 https://creativecommons.org/licenses/by-sa/2.0/

141 notes · View notes

mostlysignssomeportents · 9 months

Text

Autoenshittification

Your car is stuffed full of microchips, a fact the world came to appreciate after the pandemic struck and auto production ground to a halt due to chip shortages. Of course, that wasn’t the whole story: when the pandemic started, the automakers panicked and canceled their chip orders, only to immediately regret that decision and place new orders.

But it was too late: semiconductor production had taken a serious body-blow, and when Big Car placed its new chip orders, it went to the back of a long, slow-moving line. It was a catastrophic bungle: microchips are so integral to car production that a car is basically a computer network on wheels that you stick your fragile human body into and pray.

The car manufacturers got so desperate for chips that they started buying up washing machines for the microchips in them, extracting the chips and discarding the washing machines like some absurdo-dystopian cyberpunk walnut-shelling machine:

https://www.autoevolution.com/news/desperate-times-companies-buy-washing-machines-just-to-rip-out-the-chips-187033.html

These digital systems are a huge problem for the car companies. They are the underlying cause of a precipitous decline in car quality. From touch-based digital door-locks to networked sensors and cameras, every digital system in your car is a source of endless repair nightmares, costly recalls and cybersecurity vulnerabilities:

https://www.reuters.com/business/autos-transportation/quality-new-vehicles-us-declining-more-tech-use-study-shows-2023-06-22/

What’s more, drivers hate all the digital bullshit, from the janky touchscreens to the shitty, wildly insecure apps. Digital systems are drivers’ most significant point of dissatisfaction with the automakers’ products:

https://www.theverge.com/23801545/car-infotainment-customer-satisifaction-survey-jd-power

Even the automakers sorta-kinda admit that this is a problem. Back in 2020 when Massachusetts was having a Right-to-Repair ballot initiative, Big Car ran these unfuckingbelievable scare ads that basically said, “Your car spies on you so comprehensively that giving anyone else access to its systems will let murderers stalk you to your home and kill you:

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

But even amid all the complaining about cars getting stuck in the Internet of Shit, there’s still not much discussion of why the car-makers are making their products less attractive, less reliable, less safe, and less resilient by stuffing them full of microchips. Are car execs just the latest generation of rubes who’ve been suckered by Silicon Valley bullshit and convinced that apps are a magic path to profitability?

Nope. Car execs are sophisticated businesspeople, and they’re surfing capitalism’s latest — and last — hot trend: dismantling capitalism itself.

Now, leftists have been predicting the death of capitalism since The Communist Manifesto, but even Marx and Engels warned us not to get too frisky: capitalism, they wrote, is endlessly creative, constantly reinventing itself, re-emerging from each crisis in a new form that is perfectly adapted to the post-crisis reality:

https://www.nytimes.com/2022/10/31/books/review/a-spectre-haunting-china-mieville.html

But capitalism has finally run out of gas. In his forthcoming book, Techno Feudalism: What Killed Capitalism, Yanis Varoufakis proposes that capitalism has died — but it wasn’t replaced by socialism. Rather, capitalism has given way to feudalism:

https://www.penguin.co.uk/books/451795/technofeudalism-by-varoufakis-yanis/9781847927279

Under capitalism, capital is the prime mover. The people who own and mobilize capital — the capitalists — organize the economy and take the lion’s share of its returns. But it wasn’t always this way: for hundreds of years, European civilization was dominated by rents, not markets.

A “rent” is income that you get from owning something that other people need to produce value. Think of renting out a house you own: not only do you get paid when someone pays you to live there, you also get the benefit of rising property values, which are the result of the work that all the other homeowners, business owners, and residents do to make the neighborhood more valuable.

The first capitalists hated rent. They wanted to replace the “passive income” that landowners got from taxing their serfs’ harvest with active income from enclosing those lands and grazing sheep in order to get wool to feed to the new textile mills. They wanted active income — and lots of it.

Capitalist philosophers railed against rent. The “free market” of Adam Smith wasn’t a market that was free from regulation — it was a market free from rents. The reason Smith railed against monopolists is because he (correctly) understood that once a monopoly emerged, it would become a chokepoint through which a rentier could cream off the profits he considered the capitalist’s due:

https://locusmag.com/2021/03/cory-doctorow-free-markets/

Today, we live in a rentier’s paradise. People don’t aspire to create value — they aspire to capture it. In Survival of the Richest, Doug Rushkoff calls this “going meta”: don’t provide a service, just figure out a way to interpose yourself between the provider and the customer:

https://pluralistic.net/2022/09/13/collapse-porn/#collapse-porn

Don’t drive a cab, create Uber and extract value from every driver and rider. Better still: don’t found Uber, invest in Uber options and extract value from the people who invest in Uber. Even better, invest in derivatives of Uber options and extract value from people extracting value from people investing in Uber, who extract value from drivers and riders. Go meta.

This is your brain on the four-hour-work-week, passive income mind-virus. In Techno Feudalism, Varoufakis deftly describes how the new “Cloud Capital” has created a new generation of rentiers, and how they have become the richest, most powerful people in human history.

Shopping at Amazon is like visiting a bustling city center full of stores — but each of those stores’ owners has to pay the majority of every sale to a feudal landlord, Emperor Jeff Bezos, who also decides which goods they can sell and where they must appear on the shelves. Amazon is full of capitalists, but it is not a capitalist enterprise. It’s a feudal one:

https://pluralistic.net/2022/11/28/enshittification/#relentless-payola

This is the reason that automakers are willing to enshittify their products so comprehensively: they were one of the first industries to decouple rents from profits. Recall that the reason that Big Car needed billions in bailouts in 2008 is that they’d reinvented themselves as loan-sharks who incidentally made cars, lending money to car-buyers and then “securitizing” the loans so they could be traded in the capital markets.

Even though this strategy brought the car companies to the brink of ruin, it paid off in the long run. The car makers got billions in public money, paid their execs massive bonuses, gave billions to shareholders in buybacks and dividends, smashed their unions, fucked their pensioned workers, and shipped jobs anywhere they could pollute and murder their workforce with impunity.

Car companies are on the forefront of postcapitalism, and they understand that digital is the key to rent-extraction. Remember when BMW announced that it was going to rent you the seatwarmer in your own fucking car?

https://pluralistic.net/2020/07/02/big-river/#beemers

Not to be outdone, Mercedes announced that they were going to rent you your car’s accelerator pedal, charging an extra $1200/year to unlock a fully functional acceleration curve:

https://www.theverge.com/2022/11/23/23474969/mercedes-car-subscription-faster-acceleration-feature-price

This is the urinary tract infection business model: without digitization, all your car’s value flowed in a healthy stream. But once the car-makers add semiconductors, each one of those features comes out in a painful, burning dribble, with every button on that fakakta touchscreen wired directly into your credit-card.

But it’s just for starters. Computers are malleable. The only computer we know how to make is the Turing Complete Von Neumann Machine, which can run every program we know how to write. Once they add networked computers to your car, the Car Lords can endlessly twiddle the knobs on the back end, finding new ways to extract value from you:

https://doctorow.medium.com/twiddler-1b5c9690cce6

That means that your car can track your every movement, and sell your location data to anyone and everyone, from marketers to bounty-hunters looking to collect fees for tracking down people who travel out of state for abortions to cops to foreign spies:

https://www.vice.com/en/article/n7enex/tool-shows-if-car-selling-data-privacy4cars-vehicle-privacy-report

Digitization supercharges financialization. It lets car-makers offer subprime auto-loans to desperate, poor people and then killswitch their cars if they miss a payment:

https://www.youtube.com/watch?v=4U2eDJnwz_s

Subprime lending for cars would be a terrible business without computers, but digitization makes it a great source of feudal rents. Car dealers can originate loans to people with teaser rates that quickly blow up into payments the dealer knows their customer can’t afford. Then they repo the car and sell it to another desperate person, and another, and another:

https://pluralistic.net/2022/07/27/boricua/#looking-for-the-joke-with-a-microscope

Digitization also opens up more exotic options. Some subprime cars have secondary control systems wired into their entertainment system: miss a payment and your car radio flips to full volume and bellows an unstoppable, unmutable stream of threats. Tesla does one better: your car will lock and immobilize itself, then blare its horn and back out of its parking spot when the repo man arrives:

https://tiremeetsroad.com/2021/03/18/tesla-allegedly-remotely-unlocks-model-3-owners-car-uses-smart-summon-to-help-repo-agent/

Digital feudalism hasn’t stopped innovating — it’s just stopped innovating good things. The digital device is an endless source of sadistic novelties, like the cellphones that disable your most-used app the first day you’re late on a payment, then work their way down the other apps you rely on for every day you’re late:

https://restofworld.org/2021/loans-that-hijack-your-phone-are-coming-to-india/

Usurers have always relied on this kind of imaginative intimidation. The loan-shark’s arm-breaker knows you’re never going to get off the hook; his goal is in intimidating you into paying his boss first, liquidating your house and your kid’s college fund and your wedding ring before you default and he throws you off a building.

Thanks to the malleability of computerized systems, digital arm-breakers have an endless array of options they can deploy to motivate you into paying them first, no matter what it costs you:

https://pluralistic.net/2021/04/02/innovation-unlocks-markets/#digital-arm-breakers

Car-makers are trailblazers in imaginative rent-extraction. Take VIN-locking: this is the practice of adding cheap microchips to engine components that communicate with the car’s overall network. After a new part is installed in your car, your car’s computer does a complex cryptographic handshake with the part that requires an unlock code provided by an authorized technician. If the code isn’t entered, the car refuses to use that part.

VIN-locking has exploded in popularity. It’s in your iPhone, preventing you from using refurb or third-party replacement parts:

https://doctorow.medium.com/apples-cement-overshoes-329856288d13

It’s in fuckin’ ventilators, which was a nightmare during lockdown as hospital techs nursed their precious ventilators along by swapping parts from dead systems into serviceable ones:

https://www.vice.com/en/article/3azv9b/why-repair-techs-are-hacking-ventilators-with-diy-dongles-from-poland

And of course, it’s in tractors, along with other forms of remote killswitch. Remember that feelgood story about John Deere bricking the looted Ukrainian tractors whose snitch-chips showed they’d been relocated to Russia?

https://doctorow.medium.com/about-those-kill-switched-ukrainian-tractors-bc93f471b9c8

That wasn’t a happy story — it was a cautionary tale. After all, John Deere now controls the majority of the world’s agricultural future, and they’ve boobytrapped those ubiquitous tractors with killswitches that can be activated by anyone who hacks, takes over, or suborns Deere or its dealerships.

Control over repair isn’t limited to gouging customers on parts and service. When a company gets to decide whether your device can be fixed, it can fuck you over in all kinds of ways. Back in 2019, Tim Apple told his shareholders to expect lower revenues because people were opting to fix their phones rather than replace them:

https://www.apple.com/newsroom/2019/01/letter-from-tim-cook-to-apple-investors/

By usurping your right to decide who fixes your phone, Apple gets to decide whether you can fix it, or whether you must replace it. Problem solved — and not just for Apple, but for car makers, tractor makers, ventilator makers and more. Apple leads on this, even ahead of Big Car, pioneering a “recycling” program that sees trade-in phones shredded so they can’t possibly be diverted from an e-waste dump and mined for parts:

https://www.vice.com/en/article/yp73jw/apple-recycling-iphones-macbooks

John Deere isn’t sleeping on this. They’ve come up with a valuable treasure they extract when they win the Right-to-Repair: Deere singles out farmers who complain about its policies and refuses to repair their tractors, stranding them with six-figure, two-ton paperweight:

https://pluralistic.net/2022/05/31/dealers-choice/#be-a-shame-if-something-were-to-happen-to-it

The repair wars are just a skirmish in a vast, invisible fight that’s been waged for decades: the War On General-Purpose Computing, where tech companies use the law to make it illegal for you to reconfigure your devices so they serve you, rather than their shareholders:

https://memex.craphound.com/2012/01/10/lockdown-the-coming-war-on-general-purpose-computing/

The force behind this army is vast and grows larger every day. General purpose computers are antithetical to technofeudalism — all the rents extracted by technofeudalists would go away if others (tinkereres, co-ops, even capitalists!) were allowed to reconfigure our devices so they serve us.

You’ve probably noticed the skirmishes with inkjet printer makers, who can only force you to buy their ink at 20,000% markups if they can stop you from deciding how your printer is configured:

https://pluralistic.net/2022/08/07/inky-wretches/#epson-salty But we’re also fighting against insulin pump makers, who want to turn people with diabetes into walking inkjet printers:

https://pluralistic.net/2022/06/10/loopers/#hp-ification

And companies that make powered wheelchairs:

https://pluralistic.net/2022/06/08/chair-ish/#r2r

These companies start with people who have the least agency and social power and wreck their lives, then work their way up the privilege gradient, coming for everyone else. It’s called the “shitty technology adoption curve”:

https://pluralistic.net/2022/08/21/great-taylors-ghost/#solidarity-or-bust

Technofeudalism is the public-private-partnership from hell, emerging from a combination of state and private action. On the one hand, bailing out bankers and big business (rather than workers) after the 2008 crash and the covid lockdown decoupled income from profits. Companies spent billions more than they earned were still wildly profitable, thanks to those public funds.

But there’s also a policy dimension here. Some of those rentiers’ billions were mobilized to both deconstruct antitrust law (allowing bigger and bigger companies and cartels) and to expand “IP” law, turning “IP” into a toolsuite for controlling the conduct of a firm’s competitors, critics and customers:

https://locusmag.com/2020/09/cory-doctorow-ip/

IP is key to understanding the rise of technofeudalism. The same malleability that allows companies to “twiddle” the knobs on their services and keep us on the hook as they reel us in would hypothetically allow us to countertwiddle, seizing the means of computation:

https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men

The thing that stands between you and an alternative app store, an interoperable social media network that you can escape to while continuing to message the friends you left behind, or a car that anyone can fix or unlock features for is IP, not technology. Under capitalism, that technology would already exist, because capitalists have no loyalty to one another and view each other’s margins as their own opportunities.

But under technofeudalism, control comes from rents (owning things), not profits (selling things). The capitalist who wants to participate in your iPhone’s “ecosystem” has to make apps and submit them to Apple, along with 30% of their lifetime revenues — they don’t get to sell you jailbreaking kit that lets you choose their app store.

Rent-seeking technology has a holy grail: control over “ring zero” — the ability to compel you to configure your computer to a feudalist’s specifications, and to verify that you haven’t altered your computer after it came into your possession:

https://pluralistic.net/2022/01/30/ring-minus-one/#drm-political-economy

For more than two decades, various would-be feudal lords and their court sorcerers have been pitching ways of doing this, of varying degrees of outlandishness.

At core, here’s what they envision: inside your computer, they will nest another computer, one that is designed to run a very simple set of programs, none of which can be altered once it leaves the factory. This computer — either a whole separate chip called a “Trusted Platform Module” or a region of your main processor called a secure enclave — can tally observations about your computer: which operating system, modules and programs it’s running.

Then it can cryptographically “sign” these observations, proving that they were made by a secure chip and not by something you could have modified. Then you can send this signed “attestation” to someone else, who can use it to determine how your computer is configured and thus whether to trust it. This is called “remote attestation.”

There are some cool things you can do with remote attestation: for example, two strangers playing a networked video game together can use attestations to make sure neither is running any cheat modules. Or you could require your cloud computing provider to use attestations that they aren’t stealing your data from the server you’re renting. Or if you suspect that your computer has been infected with malware, you can connect to someone else and send them an attestation that they can use to figure out whether you should trust it.

Today, there’s a cool remote attestation technology called “PrivacyPass” that replaces CAPTCHAs by having you prove to your own device that you are a human. When a server wants to make sure you’re a person, it sends a random number to your device, which signs that number along with its promise that it is acting on behalf of a human being, and sends it back. CAPTCHAs are all kinds of bad — bad for accessibility and privacy — and this is really great.

But the billions that have been thrown at remote attestation over the decades is only incidentally about solving CAPTCHAs or verifying your cloud server. The holy grail here is being able to make sure that you’re not running an ad-blocker. It’s being able to remotely verify that you haven’t disabled the bossware your employer requires. It’s the power to block someone from opening an Office365 doc with LibreOffice. It’s your boss’s ability to ensure that you haven’t modified your messaging client to disable disappearing messages before he sends you an auto-destructing memo ordering you to break the law.

And there’s a new remote attestation technology making the rounds: Google’s Web Environment Integrity, which will leverage Google’s dominance over browsers to allow websites to block users who run ad-blockers:

https://github.com/RupertBenWiser/Web-Environment-Integrity

There’s plenty else WEI can do (it would make detecting ad-fraud much easier), but for every legitimate use, there are a hundred ways this could be abused. It’s a technology purpose-built to allow rent extraction by stripping us of our right to technological self-determination.

Releasing a technology like this into a world where companies are willing to make their products less reliable, less attractive, less safe and less resilient in pursuit of rents is incredibly reckless and shortsighted. You want unauthorized bread? This is how you get Unauthorized Bread:

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/amp/

If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

[Image ID: The interior of a luxury car. There is a dagger protruding from the steering wheel. The entertainment console has been replaced by the text 'You wouldn't download a car,' in MPAA scare-ad font. Outside of the windscreen looms the Matrix waterfall effect. Visible in the rear- and side-view mirror is the driver: the figure from Munch's 'Scream.' The screen behind the steering-wheel has been replaced by the menacing red eye of HAL9000 from Stanley Kubrick's '2001: A Space Odyssey.']

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

4K notes · View notes