Reverse engineers bust sleazy gig work platform

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/11/23/hack-the-class-war/#robo-boss

A COMPUTER CAN NEVER BE HELD ACCOUNTABLE

THEREFORE A COMPUTER MUST NEVER MAKE A MANAGEMENT DECISION

Supposedly, these lines were included in a 1979 internal presentation at IBM; screenshots of them routinely go viral:

https://twitter.com/SwiftOnSecurity/status/1385565737167724545?lang=en

The reason for their newfound popularity is obvious: the rise and rise of algorithmic management tools, in which your boss is an app. That IBM slide is right: turning an app into your boss allows your actual boss to create an "accountability sink" in which there is no obvious way to blame a human or even a company for your maltreatment:

https://profilebooks.com/work/the-unaccountability-machine/

App-based management-by-bossware treats the bug identified by the unknown author of that IBM slide into a feature. When an app is your boss, it can force you to scab:

https://pluralistic.net/2023/07/30/computer-says-scab/#instawork

Or it can steal your wages:

https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men

But tech giveth and tech taketh away. Digital technology is infinitely flexible: the program that spies on you can be defeated by another program that defeats spying. Every time your algorithmic boss hacks you, you can hack your boss back:

https://pluralistic.net/2022/12/02/not-what-it-does/#who-it-does-it-to

Technologists and labor organizers need one another. Even the most precarious and abused workers can team up with hackers to disenshittify their robo-bosses:

https://pluralistic.net/2021/07/08/tuyul-apps/#gojek

For every abuse technology brings to the workplace, there is a liberating use of technology that workers unleash by seizing the means of computation:

https://pluralistic.net/2024/01/13/solidarity-forever/#tech-unions

One tech-savvy group on the cutting edge of dismantling the Torment Nexus is Algorithms Exposed, a tiny, scrappy group of EU hacker/academics who recruit volunteers to reverse engineer and modify the algorithms that rule our lives as workers and as customers:

https://pluralistic.net/2022/12/10/e2e/#the-censors-pen

Algorithms Exposed have an admirable supply of seemingly boundless energy. Every time I check in with them, I learn that they've spun out yet another special-purpose subgroup. Today, I learned about Reversing Works, a hacking team that reverse engineers gig work apps, revealing corporate wrongdoing that leads to multimillion euro fines for especially sleazy companies.

One such company is Foodinho, an Italian subsidiary of the Spanish food delivery company Glovo. Foodinho/Glovo has been in the crosshairs of Italian labor enforcers since before the pandemic, racking up millions in fines – first for failing to file the proper privacy paperwork disclosing the nature of the data processing in the app that Foodinho riders use to book jobs. Then, after the Italian data commission investigated Foodinho, the company attracted new, much larger fines for its out-of-control surveillance conduct.

As all of this was underway, Reversing Works was conducting its own research into Glovo/Foodinho's app, running it on a simulated Android handset inside a PC so they could peer into app's data collection and processing. They discovered a nightmarish world of pervasive, illegal worker surveillance, and published their findings a year ago in November, 2023:

https://www.etui.org/sites/default/files/2023-10/Exercising%20workers%20rights%20in%20algorithmic%20management%20systems_Lessons%20learned%20from%20the%20Glovo-Foodinho%20digital%20labour%20platform%20case_2023.pdf

That report reveals all kinds of extremely illegal behavior. Glovo/Foodinho makes its riders' data accessible across national borders, so Glovo managers outside of Italy can access fine-grained surveillance information and sensitive personal information – a major data protection no-no.

Worse, Glovo's app embeds trackers from a huge number of other tech platforms (for chat, analytics, and more), making it impossible for the company to account for all the ways that its riders' data is collected – again, a requirement under Italian and EU data protection law.

All this data collection continues even when riders have clocked out for the day – its as though your boss followed you home after quitting time and spied on you.

The research also revealed evidence of a secretive worker scoring system that ranked workers based on undisclosed criteria and reserved the best jobs for workers with high scores. This kind of thing is pervasive in algorithmic management, from gig work to Youtube and Tiktok, where performers' videos are routinely suppressed because they crossed some undisclosed line. When an app is your boss, your every paycheck is docked because you violated a policy you're not allowed to know about, because if you knew why your boss was giving you shitty jobs, or refusing to show the video you spent thousands of dollars making to the subscribers who asked to see it, then maybe you could figure out how to keep your boss from detecting your rulebreaking next time.

All this data-collection and processing is bad enough, but what makes it all a thousand times worse is Glovo's data retention policy – they're storing this data on their workers for four years after the worker leaves their employ. That means that mountains of sensitive, potentially ruinous data on gig workers is just lying around, waiting to be stolen by the next hacker that breaks into the company's servers.

Reversing Works's report made quite a splash. A year after its publication, the Italian data protection agency fined Glovo another 5 million euros and ordered them to cut this shit out:

https://reversing.works/posts/2024/11/press-release-reversing.works-investigation-exposes-glovos-data-privacy-violations-marking-a-milestone-for-worker-rights-and-technology-accountability/

As the report points out, Italy is extremely well set up to defend workers' rights from this kind of bossware abuse. Not only do Italian enforcers have all the privacy tools created by the GDPR, the EU's flagship privacy regulation – they also have the benefit of Italy's 1970 Workers' Statute. The Workers Statute is a visionary piece of legislation that protects workers from automated management practices. Combined with later privacy regulation, it gave Italy's data regulators sweeping powers to defend Italian workers, like Glovo's riders.

Italy is also a leader in recognizing gig workers as de facto employees, despite the tissue-thin pretense that adding an app to your employment means that you aren't entitled to any labor protections. In the case of Glovo, the fine-grained surveillance and reputation scoring were deemed proof that Glovo was employer to its riders.

Reversing Works' report is a fascinating read, especially the sections detailing how the researchers recruited a Glovo rider who allowed them to log in to Glovo's platform on their account.

As Reversing Works points out, this bottom-up approach – where apps are subjected to technical analysis – has real potential for labor organizations seeking to protect workers. Their report established multiple grounds on which a union could seek to hold an abusive employer to account.

But this bottom-up approach also holds out the potential for developing direct-action tools that let workers flex their power, by modifying apps, or coordinating their actions to wring concessions out of their bosses.

After all, the whole reason for the gig economy is to slash wage-bills, by transforming workers into contractors, and by eliminating managers in favor of algorithms. This leaves companies extremely vulnerable, because when workers come together to exercise power, their employer can't rely on middle managers to pressure workers, deal with irate customers, or step in to fill the gap themselves:

https://projects.itforchange.net/state-of-big-tech/changing-dynamics-of-labor-and-capital/

Only by seizing the means of computation, workers and organized labor can turn the tables on bossware – both by directly altering the conditions of their employment, and by producing the evidence and tools that regulators can use to force employers to make those alterations permanent.

Image: EFF (modified) https://www.eff.org/files/issues/eu-flag-11_1.png

CC BY 3.0 http://creativecommons.org/licenses/by/3.0/us/

With growing concerns over online privacy and securing personal data, more people than ever are considering alternatives to Google products.

After all, Google's business model essentially revolves around data collection and advertisements, both of which infringe on your privacy. More data means better (more targeted) ads and consequently, more revenue for Google. The company pulled in over $230 billion in ad revenue last year — and that number continues to climb higher.

But the word is getting out. A growing number of people are seeking alternatives to Google products that respect their privacy and data. Since you are reading this, we assume you are one of them.

Small steps to restoring your privacy

When beginning the journey of restoring digital privacy, some people get overwhelmed with all the work involved, and perhaps give up. Don't let that be you. Understand that you don't need to do everything right away. Instead, start small and go step by step at your own pace. With each step in the process, you get more security and control over your personal data, which is a small victory.

So don't be overwhelmed and remember that there's no “one size fits all” with this process. Even small changes, such as using a private search engine and a privacy-focused browser, are victories. So push on in your quest for more privacy and celebrate each step of the journey.

"MUSCLE EMPHASIS TABLETS" -

Bloody Wolf (Data East - PC Engine - 1990)

reopening my kofi shop! i have some new items and some old ones, im moving soon so im trying to get rid of what i do have in storage LOL. YOU CAN FIND IT HERE!

Imagine working in Engineering on the Enterprise-D and you're hovering by the door of the Chief Engineer's office, waiting to ask him a question bc the Operations Officer is down here AGAIN and has been talking about a dream he had for the past 20 minutes.

Did You Know: Scientists will analyze data from the Nancy Grace Roman Space Telescope in the cloud? (For most missions, research often happens on astronomers’ personal computers.) Claire Murray, a scientist at the Space Telescope Science Institute, and her colleague Manuel Sanchez, a cloud engineer, share how this space, known as the Roman Research Nexus, builds on previous missions’ online platforms:

Claire Murray: Roman has an extremely wide field of view and a fast survey speed. Those two facts mean the data volume is going to be orders of magnitude larger than what we're used to. We will enable users to interact with this gigantic dataset in the cloud. They will be able to log in to the platform and perform the same types of analysis they would normally do on their local machines.

Manuel Sanchez: The Transiting Exoplanet Survey Satellite (TESS) mission’s science platform, known as the Timeseries Integrated Knowledge Engine (TIKE), was our first try at introducing users to this type of workflow on the cloud. With TIKE, we have been learning researchers’ usage patterns. We can track the performance and metrics, which is helping us design the appropriate environment and capabilities for Roman. Our experience with other science platforms also helps us save time from a coding perspective. The code is basically the same for our platforms, but we can customize it as needed.

Read the full interview: https://www.stsci.edu/contents/annual-reports/2024/where-data-and-people-meet

Data is a hoot because he's constantly trying out new shit. One day everyone wakes up and he's in his stoner phase and Picard yells at him for danking out the bridge

I just now saw a post on Instagram saying Firefox has changed its Terms of Service to allow the selling of your data. The post has become popular, gaining almost 15k likes.

I looked it up, as I know how misleading Instagram posts are and found this article from today:

● Some quotes from the article-

'A new clause appeared in Firefox’s terms of use. "When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox," the term read.'

● Response from FireFox:

"We need a license to allow us to make some of the basic functionality of Firefox possible," Mozilla said in a blog post on the incident. "Without it, we couldn’t use information typed into Firefox, for example. It does NOT give us ownership of your data or a right to use it for anything other than what is described in the Privacy Notice."

FireFox also said, "[They] wipe any personal data related to the user."

I personally will still use FireFox as I do enjoy it and have extensions that help prevent data collection, but did want to share in case others may be weary with this and/or have not actually looked up the response from FireFox. They've already received heavy backlash, so there's no need to rag on them and said "The change was poorly worded and confusing"

TOR is a very good option if you would like to switch from FireFox altogether.

I also use DuckDuckGo as my main search engine, which helps some with preventing data sharing.

Overall, it is your choice to take this how you will, but anything is better than Google.

How To Learn Math for Machine Learning FAST (Even With Zero Math Background)

I dropped out of high school and managed to became an Applied Scientist at Amazon by self-learning math (and other ML skills). In this video I'll show you exactly how I did it, sharing the resources and study techniques that worked for me, along with practical advice on what math you actually need (and don't need) to break into machine learning and data science.

Bullshit engines.

I mean, I don’t suppose many people following this blog strongly disagree.

Bloody Wolf (Data East - PC Engine - 1990)

Hello. The following is a message from the Teufort Census Bureau.

How would you rate your current employment?

Thank you for your co-operation.

@tf2-data-collection-agency

7/10. It's great but there's multiple things that need fixing.

behold! the yugioh duel monsters english dub crimes and kill count list, up to episode 78 because that's where dice and I are in the show. I've set the sheet up so that all stats will increment automatically as I add more episodes

some fun facts:

Yami Bakura and Marik are currently tied for most crimes! But Yami Bakura tries to kill people more often (he's made 14 attempts, 6 of which were successful). Marik hasn't successfully killed anyone yet

The Pharaoh has the highest murder success rate (75%!) this number will go up once we watch s0

Joey is the show's punching bag (we already knew this) with 0 crimes committed to 11 crimes committed against him

Kaiba has the most crimes committed against his person (12), the majority of which are murder attempts (6). he also holds the record for the most attempts on his life

despite being a side character that doesn't actively duel, Téa has an alarming lot of crimes committed against her

the most popular crime is attempted murder! followed by actual murder! then it's kidnapping and mind control (shoutout for Marik for single-handedly carrying that stat)

disclaimer: it's a bit hard to separate crimes against Yugi from crimes against the Pharaoh. one could argue most of the crimes committed against Yugi were actually meant for the Pharaoh. it's also hard to gauge how many times people have tried to kill the Pharaoh, because every duel against him could be counted as attempted murder. as such, I'm counting attempted murder as actual, outside of card game murder. hence why Yugi has more attempts against him than the Pharaoh