Today's links
- Problems with Pepp-Pt: Privacy-preserving contact tracing is really hard.
- Disney publishes an official Dole Whip recipe: Orange whip? Orange whip? Three orange whips.
- Reset Everything: Crisis means crossroads.
- Usage stats from the National Emergency Library: Most of the checkouts are of books more than a decade old and last less than 30 minutes.
- RPG hagaddah: The Role-Player, what does he say?
- Managing UI claim surges: Hundreds of phone calls, day after day, without ever reaching a person.
- Realtime wildcat strike map: Coronavirus is leverage for low-waged workers.
- 501 Developer Manifesto: Free time over free snacks.
- Privacy Redirect: Nitter > Twitter.
- This day in history: 2005, 2010, 2015, 2019
- Colophon: Recent publications, upcoming appearances, current writing projects, current reading
Problems with Pepp-Pt (permalink)
A week ago, I wrote about Pepp-Pt, a European consortium of universities, telcos and others that had devised a "privacy preserving" form of contact tracing.
https://pluralistic.net/2020/04/02/eff-livestream-today/#pepp-pt
The system kept almost all the data on users' own devices, and employed a set of random, unique identifiers that participants broadcasted and collected from the devices of people they were close to.
If someone tested positive, the system would broadcast warnings saying "If you have identifier, A, B or C, you should get tested, because person with identifier X just came up positive."
In that way, you could manage your contagion risk without allowing the state to aggregate huge databases of location and contact data. At the time, I wrote that this seemed promising, assuming a robust implementation, but that it also needed expert analysis.
French cryptographer Serge Vaudenay has performed a deep analysis of the plan and has published a preprint that goes over multiple attack vectors with potential mitigations.
https://eprint.iacr.org/2020/399.pdf
Vaudenay is pretty pessimistic about the plan: "It is actually surprising that decentralization creates more privacy threats than it solves."
- Deanonymization
- Revealing private encounters
- Requires a TPM
- Always-on Bluetooth privacy threats.
Disney publishes an official Dole Whip recipe (permalink)
For decades, Disnephiles and themepunks have tried to reverse-engineer the recipe for Dole Whips, the Tiki Room delicacy. Now, Disney has published a recipe for all of us in lockdown, and it's remarkably simple.
- 1 big scoop of ice cream
- 4 oz of pineapple juice
- 2 cups of frozen pineapple
Add all ingredients to a blender until it’s a thick drink, swirl through a piping bag.
Note that numerous commentators have noted that actual Dole Whip is a powder that you pour into a machine and add water to, so this is merely a recipe, certainly not the recipe.
Reset Everything (permalink)
On April 29, I'm speaking at the Reset Everything conference, a free event to "explore the impact of the current crisis on old paradigms in the areas of work, healthcare, finance, privacy, environmental policy, and culture."
https://reseteverything.events/speakers/cory-doctorow
RSVP here:
Usage stats from the National Emergency Library (permalink)
A lot of my writer friends have been alarmed by the Internet Archive's National Emergency Library, an electronic lending library.
https://pluralistic.net/2020/03/25/national-emergency-library/#universal-access
The Archive has long acquired and scanned books and made them available as DRM-locked PDFs that one person at a time could check out, building on firm copyright precedent, notably the Hathi Trust decision.
The vast majority of "checkouts" from the Archive have always been fleeting — literally minutes long. Basically, it's a quick way to double-check a reference or look up a passage (a lot of checkouts are generated by people following references from Wikipedia).
The NEL works like the Archive's existing e-lending program, but it lifts its one-reader-at-a-time restriction. The Archive's basis for this is that the books in their holdings – the vast majority of which have no official electronic edition – are otherwise inaccessible.
The Archive's announcement raised many cheers and also provided aid to many people, but it also made a lot of people who were already in precarious and frightening situations very angry.
I get that. I have three books out in 2020 and was planning 6 tours in four countries for them. I don't know if any of those will happen nor whether there will be any bookstores to carry my books. This year was to be very important to my family's finances.
It's not a good year for anyone, and there's never a good time for a pandemic (obvs), but this timing is really anxiety-provoking for me.
(Let me pause here and mention that I've got it ten million times better than, say, people whose economic precarity dictates they have to risk their lives working at an Amazon warehouse during the crisis and I'm both thankful for that and even more worried for them).
So I totally get why people would be upset if they thought that the Archive was attacking their livelihoods at this incredibly stressful, fearful time.
What's more the Archive doesn't really provide much by way of usage statistics to help people understand the NEL's utility.
In part that's just a mistake the Archive made, but it's also the result of the Archive's privacy-first stance – they've put a lot of time and energy into ensuring that they don't log things that might compromise users' privacy (they even sued the USG over the Patriot Act).
So it's hard for them to produce the kind of data other services routinely provide (which, on balance, does not speak well of those other services).
But now, finally, they've produced some stats, and they're pretty reassuring, IMO.
First of all, let's recall that the NEL's ebooks are not Kindle files or Epubs, they're scanned PDFs. They are the books you get if you can't get any other books. The text can't be flowed, it can't be copy-pasted, and the search is based on flawed, unreliable OCR.
With that in mind:
- The majority of NEL checkouts last less than 30 minutes. That's people checking a reference, looking up a quote, etc. The kind of thing you'd call a reference librarian for if the libraries were open.
- The NEL only has books that are more than five years old. 90% of the books that are checked out are more than 10 years old.
- These books typically have NO official ebook edition, such as this one:
https://twitter.com/GCWOonagh/status/1247107092105908225
- The Archive believes (but has not fully validated) that in 90% of instances, the books that patrons check out are only opened once, irrespective of whether they're held for the full two-week lending period.
I understand why this freaked people out. If you're an author like me worried that pandemic might wipe out your publisher, your next book, the bookstores you rely on, and your career, this could seem really scary.
But I think the actual facts in evidence show that this is an entirely benign adjunct to libraries, delivered in timely fashion to a world of people who rely on books (including writers!) in times of crisis. It is not substitutive, it's not cannibalistic.
For librarians, teachers, and parents engaged in home-schooling, the NEL is a really important resource.
I get that you might still be angry at the Archive. You can take your books out of the NEL if you are:
https://docs.google.com/document/d/1QjErbouWG7pUlzcxPcRk4YEtbYs8ItlVTgLa1DfGh68/edit
RPG hagaddah (permalink)
Wondering what to do for your quarantine seder? Well, if you're playing a lot of videolinked RPGs, consider Avram Grumer's gamer's hagaddah, inspired by Glenn F Blacow's 1980 essay "Aspects of Adventure Gaming," from Different Worlds #10,
https://nielsenhayden.com/makinglight/archives/016646.html#016646
Midway through the seder, the reader discusses the parable of the four sons: "the wise, the wicked, the simple, and the one who doesn’t know how to ask."
Grumer's version is the wargamer, the roleplayer, the power-gamer and the storyteller.
E.g.: "The Wargamer, what does he say? 'What foe do we fight, and what is the lay of the land?' You, in turn, shall describe the battlefield, and challenge his tactical abilities, including the morale check for his henchmen."
Managing UI claim surges (permalink)
New Yorkers who need to file covid-related unemployment claims are spending multiple, consecutive days dialing in hundreds of times, sometimes on multiple phones, rarely getting through, only to be disconnected after a lengthy automated process.
https://www.thecut.com/2020/04/my-experience-applying-for-unemployment-in-new-york.html
It's obvious that for the people making the calls, this is a cruel, anxiety-producing system that makes a terrible situation potentially unbearable (the author of the piece above doesn't have kids – imagine trying to homeschool or look after a sick family member as well).
But it's also obvious that dealing with an orders-of-magnitude surge in claims to a system that itself has just undergone a massive rule-shift, which, if misapplied, could do untold harm to claimants, is an impossible bind.
Reading, I wondered what the situation was like for the people answering the phone (who obviously couldn't be reached by the paper, and if they could, they'd have likely said, "Are you kidding me? I haven't got time for an interview, there are people I need to talk to").
What kind of absolute hell must they be in? It's likely their office was understaffed already (thanks to decades of underprovisioning of public services), with the median caller being a traumatized, upset person who'd just lost their job and had to wait through a long hold.
Now, it's that times a million (or at least several thousand). The ratio of operators to callers is far, far worse, as it the trauma and anxiety of those callers.
I'm sure that someone's working on online claims processing portals, and the lack of these is a sign of serious mismanagement. A well-managed system would default to computers, using human operators to for people who didn't have computers and/or people who had complex cases.
That system would need a quick back-end retooling to accommodate new covid rules, and a bunch more capacity that could be quickly procured from cloud providers.
Woulda shoulda coulda.
In the absence of a time-machine, what could NY (and other local governments) do? They could do some helicopter money (say, prepaid SNAP cards for everyone in the city). They could guarantee retroactive benefits for when you DO get through.
The cruelty and anxiety of the system is all about uncertainty: "Will I get benefits? Before my money runs out?"
Anything that increased that certainty would make the overstretched system work – for claimants and for the doubtlessly miserable workers.
Here's a list of the measures the state is taking to improve the situation:
Realtime wildcat strike map (permalink)
Payday Report's maintaining an interactive map of wildcat strikes across the USA (45 in just the past month!). These include formal strikes, sickouts, etc.
https://paydayreport.com/covid-19-strike-wave-interactive-map/
Many strikes as missing from the report, because they took place in cities with NO labor reporters. Some union leaders try to keep it quiet out of fear of retaliation.
Also workers have such enormous leverage over their employers (because it's incredibly hard to source and train replacements during the pandemic) that many of these actions are settled (in the workers' favor!) in HOURS.
501 Developer Manifesto (permalink)
The 501 Developer Manifesto was named after a pejorative term: a "501 developer" is a technologist who is out the door at 5:01PM, rather than opting to work long, unpaid overtime hours.
We are proud to say that we value:
- Our families over the commercial goals of business owners
- Free time over free snacks
- Living our lives over maintaining our personal brands [love this one!]
- Sustainable pace over muscle-man heroics
- Personal creative projects over commercial products the world doesn't need
- Having money for stuff over getting free swag and work overtime
Privacy Redirect (permalink)
Privacy Redirect is a browser extension that intercepts links to surveilling websites and redirects them to alternative services that ad-block or don't practice surveillance like Nitter, Invidious, Bibliogram & OpenStreetMap.
https://github.com/SimonBrazell/privacy-redirect
Very excited about Nitter redirects! It's an alternative, free/open front-end to Twitter that ad- and tracker-blocks. Here's my Nitter feed:
That's very timely, as Twitter has just unilaterally obliterated all its users' privacy choices, announcing the change with a dialog box whose only button is "OK." What if it's not OK?
This day in history (permalink)
#15yrsago HOWTO de-obfuscate proprietary Sony Network Walkman files https://waider.livejournal.com/415461.html
#10yrsago HOWTO Make a Dalek Egg https://www.flickr.com/photos/pugno_muliebriter/sets/72157623645903881/
#5yrsago EFF busts podcasting patent, invalidating key claims at Patent Office https://www.eff.org/document/uspto-decision
#1yrago Chicago is demanding that children on bail wear private-sector ankle-cuffs with mics that can record them without their consent https://theappeal.org/chicago-electronic-monitoring-wiretapping-juveniles/
#1yrago What the rest of the world doesn't know about Chinese AI https://chinai.substack.com/p/chinai-48-year-1-of-chinai
#1yrago Victory! House of Reps passes legislation to restore Net Neutrality https://www.eff.org/deeplinks/2019/04/victory-house-representatives-passes-net-neutrality-protections
#1yrago Foxconn's inconsistent, chaotic behavior in Wisconsin looks awfully grifty https://www.theverge.com/2019/4/10/18296793/foxconn-wisconsin-location-factory-innovation-centers-technology-hub-no-news
#1yrago Security keys are "transformative" and "revolutionary" for information security https://medium.com/@mrisher_2499/phishing-and-security-keys-b5c8e8e26931
Colophon (permalink)
Today's top sources: François Garillot (https://garillot.net), Althea Kontis (https://twitter.com/AletheaKontis), Naked Capitalism (https://www.nakedcapitalism.com/), Fresh Fruit for Rotting Vegetables (https://gominosensei.org/), Strypey (https://mastodon.nzoss.nz/@strypey/).
Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation
Currently reading: I'm getting really into Anna Weiner's memoir about tech, "Uncanny Valley" and Jo Walton's forthcoming novel "Or What You Will."
Latest podcast: The Jubilee: Fill Your Boots https://craphound.com/podcast/2020/04/05/the-jubilee-fill-your-boots/
Upcoming appearances:
- Apr 22, Flatten The Curve Summit https://flattenthecurve.tech/
- Apr 23, Canada Reads Q&A https://www.cbc.ca/books/canadareads/ask-the-canada-reads-authors-your-questions-live-on-facebook-1.5512394
- Apr 29: Reset Everything https://reseteverything.events/speakers/cory-doctorow
Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627?utm_source=socialmedia&utm_medium=socialpost&utm_term=na-poesycorypreorder&utm_content=na-preorder-buynow&utm_campaign=9781626723627
(we're having a launch for it in Burbank on July 11 at Dark Delicacies and you can get me AND Poesy to sign it and Dark Del will ship it to the monster kids in your life in time for the release date).
"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastadon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://www.tumblr.com/tagged/pluralistic
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla