Today's links
- The TSA is hoarding N95s: It doesn't even use 'em.
- Look at this banana gondola.: Just look at it.
- America is united: Turkeys skeptical about Christmas.
- $3 router rebooter: If no_google then reboot.
- EFF's Guide to Digital Rights During the Pandemic: Digital rights are human rights.
- Wink will brick your smart home if you don't pay a monthly fee: How you act in bad times reveals your true character.
- Helicopter flyover of deserted Disneyland: We find it delightfully unlivable here in this ghostly retreat.
- EU: "Cookie walls violate the GDPR": Another blow to cookie consent theatre.
- Unix and Adversarial Interoperability: The "one weird antitrust trick" that defined modern computing.
- Sidewalk Labs pulls out of Toronto: Sic Semper Boondoggle.
- Wechat spies on non-Chinese users for in-China censorship: Your dank memes, banned in realtime.
- Hidden doors disguised as bookcases: No books harmed.
- Vent dragons: Alas, you can't use them as working vent covers.
- This day in history: 2010, 2015, 2019
- Colophon: Recent publications, upcoming appearances, current writing projects, current reading
The TSA is hoarding N95s (permalink)
Charles Kielkopf is a TSA attorney based in Columbus, OH. In an whistleblower complaint filed Mon, he says that TSA is hoarding 1.3m N95 masks that it isn't using, even as other federal agencies like the VA go begging for PPE for high-risk workers.
Use of America's airports have fallen by 95% and the TSA has asked most of its screeners to stay home. Those screeners that are working are wearing surgical masks, as they have not been trained to fit N95 masks.
The masks were a gift to the TSA from Customs and Border Protection, which located a forgotten cache of masks in a warehouse. Most are now in a warehouse near DFW, though many have been dispersed to supply cupboards in other US airports.
TSA managers are at a loss when it comes to the masks. Minnesota TSA security director Cliff Van Leuven sent a memo to TSA bosses: "“I just received 9,000 N-95 masks that I have very little to no need for."
"I’d like to donate the bulk of our current stock of N-95s [to the Minnesota Department of Health] and keep a small supply on hand."
Weeks later, he wrote, "I have been very disappointed in our position to keep tens of thousands of n95 masks while healthcare workers who have a medical requirement for the masks — because of their contact with infected people — still go without.”
Look at this banana gondola. (permalink)
Just look at this banana-celery gondola.
https://twitter.com/70s_party/status/1258125192343228417
Just look at it.
Toothpick is a verb!
"Toothpick on a partly reeled radish and draw on features with food color….A long piece of uncooked spaghetti is a boatman's pole."
Here's a simpler, modern version that uses toothpicks, but not straight pins, which is a pity…What makes a kid's novelty dessert better than hidden straight pins?
http://www.kiddiefoodies.com/dessert/67-gondola
America is united (permalink)
Rightist politics are intrinsically antimajoritarian. The underlying premise of right wing movements is that the many should be dominated by the few, though different strains differ on who should rule: men, white people, America, bosses, kings, etc.
https://pluralistic.net/2020/03/31/reality-endorses-sanders/#voter-suppression
For the right to dominate in democracies, it requires that turkeys be convinced to vote for Christmas, for example by convincing evangelicals that supporting the rule of the finance sector will get them performative cruelty to women seeking abortions.
https://pluralistic.net/2020/04/12/mammon-worshippers/#mammon-worshipper
But there are limits to this. Once the farmer starts grabbing and beheading turkeys, he'll lose support for his Turkeys For Christmas movement. That's what's happening in America today.
The tiny minority who'd benefit from the premature re-opening of businesses (large shareholders in large corporations that might survive such a blunder) want the rest of us to throw ourselves in the volcano to appease the economy gods.
If "Stay at Home" was a political party, it would sweep every state house and governor's race, the House of Reps, the Senate, and the Presidency. It's the most unifying issue in American politics today.
Which is why the gloves have come off. "Vote for Christmas" has been replaced with "Vote for Christmas…or else" with measures like Ohio's snitchline where bosses can report workers who won't come back because they fear for their lives.
The message is: risk death at work, or risk starvation and homlessness when we take away your benefits.
https://pluralistic.net/2020/05/06/moloch-demands-death/#life-or-death
$3 router rebooter (permalink)
Mike Diamond is a lawyer/hacker/maker whose latest gadget is a $3 router rebooter.
It sits on the power line of your home router, using its internet to periodically ping Google. If Google can't be reached, it powers down your router, waits a few, and brings it back up again.
(on the assumption that an unreachable Google is more likely the result of a hung router than a problem with Google's server farms).
The gadget uses a $1.50 ESP8266 board and a single relay and gets power from a 5v, 1A cellphone charger that was lying around.
Coming soon: a version that pings you when it cycles the router, and keeps logs.
EFF's Guide to Digital Rights During the Pandemic (permalink)
For 30 years, orgs like EFF have argued that digital rights are human rights and that the exercise of the latter requires the former. This has never been more true than it is now, during the pandemic.
So this new ebook, "EFF's Guide to Digital Rights During the Pandemic," could not be more timely:
- Surveillance
- Free Speech
- Government Transparency
- Innovation
- Living More Online
https://www.eff.org/pages/guide-digital-rights-pandemic
These aren't hot takes, they're "written based on our decades of experience tangling with rapid societal and technological change."
The ebook is licensed CC BY. Many, many, MANY thanks to the amazing Tobias Buckell for his work getting this formatted as a proper ebook!
Wink will brick your smart home if you don't pay a monthly fee (permalink)
Wink makes home automation systems for "smart homes." You buy their gadgets and you integrate them into your house and then use their app to control them. They claim to have connected 4,000,000 devices since 2014.
Now they've unilaterally altered the deal, announcing that customers must immediately start paying a $5/month subscription fee or their devices will be bricked.
https://blog.wink.com/wink-blog/2020/5/6/introducing-wink-subscription
"Wink has relied solely on the one-time fee derived from hardware sales to cover ongoing cloud costs, development, and customer support…however, long term costs and recent economic events have caused additional strain on our business."
They say that they have to do this because they don't spy on you to sell your data, so they need another revenue stream to see them through the pandemic. I have no reason to doubt them.
And as someone who's been plunged into economic uncertainty by the crisis, I sympathize.
But this…
"Should you choose not to sign up for a subscription you will no longer be able to access your Wink devices from the app, with voice control or through the API, and your automations will be disabled on May 13."
…is bullshit.
Here's the thing; there are LOTS of companies that sold you things and are struggling to keep them going. Macmillan sold you the first two Little Brother books, and they're about to bring out the third, Attack Surface, on Oct 12.
They've also done layoffs, paycuts, etc.
I have lots of sympathy for Macmillan, too, but I don't think that Macmillan should be allowed to announce that, in light of the crisis, they're going to render your copies of the books they sold you unreadable unless you start paying them a nominal monthly fee to keep going.
Not even if they want to argue that doing so will enable them to launch the third Little Brother book in October. This is so unfair, so unethical, that I wouldn't support it even though my own livelihood might depend on it.
(To be clear, Macmillan isn't proposing this!)
That's why it's important to think about technological self-determination beyond the crucial issue of privacy. Sure, having your data harvested and sold is one way that technology can screw you over, but it's just one way.
Tech can also take away your autonomy by preventing interoperability (with terms of service, DRM, patents, etc), making you utterly dependent on the vendor for ongoing access to, and enjoyment of, your property.
Laws like the DMCA, CFAA, etc make "adversarial interoperability" – when you connect new things to existing services without permission – into a potential felony. We can't afford to overlook this issue, even for "privacy-respecting" companies.
https://www.eff.org/deeplinks/2019/10/adversarial-interoperability
It's what lets Wink Vader their policy changes: "I am altering the deal, pray I don't alter it any further." They don't have to worry that their customers or competitors will make new control panels for the devices they sold, because they can sue them if they do.
This is why Apple is no better than Google, despite its insistence that selling you devices at a premium means it doesn't have to spy on you. Sure, it doesn't spy on you for ad-tech, but it uses its extraordinary control to take away your self-determination in other ways.
Apple uses its monopoly on Ios apps to extract rents from vendors, who raise prices on you. It uses its monopoly on parts and service to gouge for repairs, and to unilaterally declare some products to be at their end-of-life to force you to buy new ones.
It's no coincidence that Tim Cook's opening letter to investors in 2019 warned them that one of the company's biggest financial risks was that customers were choosing to hang onto their devices for longer, rather than replacing them.
And Apple's aversion to ad-tech is no guarantee of freedom from surveillance. When the Chinese state ordered Apple to remove all working privacy tools from its App Store so that its users could be spied on, Apple complied.
Iphones only work with Apple's App Store, and making a tool to allow alternative app store access is a DMCA 1201 felony. This decision leaves Chinese users with no alternatives, even as the state is using mobile surveillance to put 1M+ Uyghurs in concentration camps.
People reveal their moral character in bad times. It's cool to talk about your respect for privacy in good times, but if you pull a Vader when times turn bad (telling, not asking, your customers to open their wallets to help you survive the crisis), it speaks volumes.
If "You bought it, you own it" can be trashed when the company is at risk, then why not "we won't sell your data?"
Helicopter flyover of deserted Disneyland (permalink)
Micah Muzio's Youtube features multiple camera views from his helicopter as he flies over LA and nearby cities, like Las Vegas. He's been at it for years but the crisis makes this far more interesting, with deserted looks at normally busy places.
https://www.youtube.com/user/micahmuzio/
His latest video is a Disneyland flyover. Come for the empty I-5, stay for the ghostly themepark.
https://www.youtube.com/watch?v=bXTZVQqC-KQ
EU: "Cookie walls violate the GDPR" (permalink)
The purpose of the EU's General Data Protection Regulation was to effectively ban the ad-tech industry and its practices by annihilating the pretense that clicking "I agree" or loading a page that said, "You agree" was the same as consent for tracking.
https://boingboing.net/2018/01/09/information-controllers-galore.html
Under the GDPR, service providers would be forced to only collect data for explicit, enumerated purposes that could be expressed in plain language, and could only share data with other entities after each one was explicitly approved by the user.
So if you operated a site that ran 50 trackers that harvested data that was passed on to hundreds of brokers who passed it on to thousands of other brokers, then each time you got a new user, you'd have to get thousands of permissions from the user.
Each permission would have to be meaningful: you'd have to explain in simple language what you were doing and why, and even if the user opted out of that collection, you'd have to still let them proceed to the site.
The fact that users might just leave your site rather than saying "no" 2,000 times before being allowed to proceed was a feature, not a bug. It was meant to expose the sham of consent.
Basically: "Obtaining informed consent to thousands of surveillance acts takes hours of patient explaining, so whatever you were getting by adding a line of 8pt grey-on-white type that said, 'By visiting this site you consent to our privacy policy,' it was not consent."
But ad-tech didn't get the memo. They started to put up "cookie walls" on their sites, pop-up boxes that basically said, "Accept our cookies or fuck off."
That's not consent either, and the European Data Protection Board (EDPB) just published guidelines saying so:
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf
Also not consent: scrolling past a thing that says, "Please look at this dashboard and tell us which acts of surveillance you're OK with." A user who scrolls past that dialog should be presumed to have withheld consent, not granted it.
"Actions such as scrolling or swiping through a webpage or similar user activity will not under any circumstances satisfy the requirement of a clear and affirmative action”
On Tech Crunch, Natasha Lomas calls this "cookie consent theatre," and predicts new enforcement action, noting that "GDPR fines can scale as high as €20M or 4% of global annual turnover."
Unix and Adversarial Interoperability (permalink)
AT&T; invented the Unix operating system in 1969. Since then, it has grown to be the basis of almost every computer you use today, from OS X to GNU/Linux, Ios to Android, and all the embedded systems in the "smart" gadgets in your world.
In the early days of Unix, all kinds of companies made their own commercial versions: Sun, SGI, IBM, Apple, DEC, etc.
But AT&T; didn't.
The story of how AT&T; – a vicious monopolist that jealously guarded its treasures – sat by while others commercialized, popularized and perfected Unix is a fantastic parable about how anti-monopoly laws connect with adversarial interoperability.
In short: AT&T; was only spared from a serious antitrust beat-down because the Pentagon intervened to keep it intact during the Korean War. The compromise the DoJ reached was to put AT&T; under a "consent decree" that banned it from entering new markets.
So when the legends of Bell Telephone Labs (Ken Thompson, Dennis Ritchie, et al) invented Unix, AT&T; just sat on it – until Thompson presented it at a ACM meeting and people started clamoring for licenses to it.
AT&T;'s lawyers were so gunshy of DoJ scrutiny that they let others use and sell Unix on really open terms, and the community of Unix hackers that emerged to swap patches and improvements created the ethic that turned into the free software movement.
Meanwhile, AT&T;'s own scientists were so committed to technical excellence that they defied their own bosses to distribute improvements (like hiding data-tapes behind rocks in parks and then anonymously tipping off Unix leaders about where to find them!).
As I write in my case-study, "The DoJ's didn't merely ban AT&T; from certain monopolistic conduct—it set up rules and incentives that encouraged AT&T; to share, and it stripped AT&T; of the legal weapons it needed to stop competitors from making interoperable products."
Today, we've allowed Big Tech to distort the law to create a whole new suite of tools to prevent interoperability: the anti-circumvention rules in DMCA 1201, the CFAA, software patents, and more.
To see new weapons being fashioned before your very eyes, just look at Oracle's bid to make APIs copyrightable.
https://www.eff.org/cases/oracle-v-google
Adversarial Interoperability once drove dynamism in tech: if your technology dominated a sector, a rival would come along and make something that plugged into it, robbing you of your big margins and forcing you to innovate.
We've let Big Tech climb that ladder…and then kick it away. The pirates of yesteryear have all become admirals.
To read more about adversarial interoperability, check out my other articles and case studies.
https://www.eff.org/deeplinks/2019/10/adversarial-interoperability
Sidewalk Labs pulls out of Toronto (permalink)
Sidewalk Labs is the Google/Alphabet division that did a deal with the City of Toronto to turn part of the downtown into a private surveillance-city where people who opted out of data-collection would be punished for their privacy choices.
From the start, the company acted in deceptive and disreputable ways, and suffered waves of resignations of its high-profile privacy board and denunciations from the indigenous leaders it consulted with (and then roundly ignored).
https://pluralistic.net/2020/02/27/pluralistic-your-daily-link-dose-27-feb-2020/#minorityreport
It became increasingly clear that even if "smart cities" were a good idea, Sidewalk Labs wasn't. The company became a lightning rod for criticism, but the city kept greenlighting new phases of the project.
Now, the project is dead.
CEO Dan Doctoroff (no relation) attributed the cancellation to a collapse of the financial case for building it, which is just another example of why your city's key infrastructure should not be built and operated by private firms – they'll always leave you in the lurch.
Imagine if Sidewalk had walked away from the project AFTER it was built, spitefully bricking the city on its way out the door.
Wechat spies on non-Chinese users for in-China censorship (permalink)
Wechat from Tencent is the third most popular social media platform in the world, primarily because it is the de facto standard for Chinese social media, rolling up many other services like identity and payment.
Having conquered China, Wechat's new growth will come from the rest of the world, and it has aggressively courted non-Chinese users – and while Tencent acts as an arm of the Chinese state in conducting surveillance and censorship in China, non-Chinese users weren't censored.
But that doesn't mean they weren't being spied upon – nor that the usage of non-Chinese users didn't power Chinese censorship efforts.
In a major new paper, the University of Toronto's Citizen Lab reveals that Tencent spies on non-Chinese users, too.
https://citizenlab.ca/2020/05/we-chat-they-watch/
They proved that by looking at what happened to the censorship of Chinese accounts when non-Chinese accounts exchanged documents – including image files – that violated Chinese censorship rules.
They were able to show that shortly after two non-Chinese Wechat accounts exchanged a document containing words blacklisted in China, the document itself would be blacklisted for Chinese users, too.
It's a pretty conclusive smoking gun.
Hidden doors disguised as bookcases (permalink)
I love decorating with books, by which I mean, "I own a lot of books and need somewhere to put them, therefore they are my decor." But I'm also very impressed by Original Book Works, who make decor elements that look like bookcases and stacks of books.
They've got a wide product range and while I'm no fan of the "pretend you're a reader by creating wall panels made from fake book spines," I'm FAR more interested in secret doors, hidden safes and radiator covers that look like rows and rows of books.
https://www.fauxbooks.co.uk/secret-doors/
And to be clear, these are not actual old books that are destroyed to make decor – they're basically a full employment scheme for talented book-binders who make thin rows of leather book spines that appear to be bookshelves.
With one exception: the "paperback book panels" are "constructed from genuine guillotined books," mounted on 3mm backing boards. And yeah, I've worked with paperbacks enough to know that they're far more disposable than you might think, but this still feels off to me.
Beyond the panels and doors, the company has a wide variety of book-based novelties, including this fantastic ice-bucket.
https://www.originalbooks.net/ice-bucket
Vent dragons (permalink)
Artist David Lee Pancake makes a range of "Vent Dragons" – sculptures of dragons with glowing eyes that appear to be crawling out of household HVAC vents (you can't actually use them as vent covers alas).
https://davidleepancake.com/shop/Vent-Dragons-p99730574/
He also does a mail-slot dragon:
https://davidleepancake.com/shop/Beware-of-Dragon-p54643007
This day in history (permalink)
#10yrsago Linux users twice as generous as Windows users http://blog.wolfire.com/2010/05/Linux-users-contribute-twice-as-much-as-Windows-users
#10yrsago Walt Disney World's Haunted Mansion: stupendous essay https://passport2dreams.blogspot.com/2010/05/history-and-haunted-mansion.html
#10yrsago FCC hands Hollywood the keys to your PC, home theater and future https://boingboing.net/2010/05/07/fcc-hands-hollywood.html
#5yrsago Drug pump is "most insecure" devices ever seen by researcher https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/
#5yrsago Appeals Court rejects NSA's bulk phone-record collection program https://www.aclu.org/blog/national-security/privacy-and-surveillance/why-todays-landmark-court-victory-against-mass
#1yrago Charter's new way to be terrible: no more prorated cancellations https://arstechnica.com/information-technology/2019/05/charter-squeezes-more-money-out-of-internet-users-with-new-cancellation-policy/
#1yrago Google will now delete your account activity on a rolling basis https://myactivity.google.com/item?restrict=waa&otzr;=1
#1yrago Human Rights Watch reverse-engineered the app that the Chinese state uses to spy on people in Xinjiang https://www.hrw.org/report/2019/05/01/chinas-algorithms-repression/reverse-engineering-xinjiang-police-mass-surveillance
#1yrago "A Fire Story": a moving, beautiful memoir of the Calistoga wildfire in comics form https://boingboing.net/2019/05/07/the-things-we-carried.html
#1yrago danah boyd explains the connection between the epistemological crisis and the rise of far-right conspiratorial thinking https://points.datasociety.net/agnotology-and-epistemological-fragmentation-56aa3c509c6b
Colophon (permalink)
Today's top sources: PZ (https://twitter.com/ziselberger), Pink Frankenstein (https://twitter.com/pinkfranken/), Hackaday (https://hackaday.com/), Bookshelf (https://www.onthebookshelf.co.uk/), Sean Gallagher (https://twitter.com/thepacketrat), Slashdot (https://slashdot.org/), Alvin Chung (https://twitter.com/ayhcheung), Geekologie (https://geekologie.com/).
Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 522 words (12448 total).
Currently reading: Facebook: The Inside Story, by Steven Levy.
Latest podcast: Someone Comes to Town, Someone Leaves Town (part 02) https://craphound.com/podcast/2020/05/04/someone-comes-to-town-someone-leaves-town-part-02/
Upcoming appearances:
- May 7: The Collapse, Re:publica https://re-publica.tv/de/session/collapse
- May 9: Being Civil With Security Experts, Essence of Wonder, https://essenceofwonder.com/2020/04/28/cory-doctorow-being-civil-with-security-experts-panel/
Upcoming books: "Poesy the Monster Slayer" (Jul 2020), a picture book about monsters, bedtime, gender, and kicking ass. Pre-order here: https://us.macmillan.com/books/9781626723627
"Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla
Ironically, when I tried to click on the link to the TechCrunch article about GDPR and cookies, I get redirected to a page (https://consent.yahoo.com/collectConsent?sessionId=2_cc-session_8b7e6eb7-ffa0-4b02-8dd3-0040dc089e2f&lang=it-IT&inline=false) asking me to agree… to cookies. (Plus, it's in Italian — probably due to the fact that I'm using a VPN.)
Well, at least you can be sure that the journalists at Techcrunch have editorial independence from the business side.
Just hopping up and down at a new blog.
(This a micro.blog?)
And sidewalk retreating from Toronto’s data and real estate.
Nope, self-hosted WordPress!