Pluralistic: 20 Aug 2020


Today's links



Kickstarting mailbox hearts (permalink)

Maker Joe Bonasera has an Etsy store specialized in selling 3D printed decorative items; he had an unexpected success with a 3D printed USPS Heart to be affixed to your mailbox to show your support for the beleaguered postal service.

https://www.etsy.com/shop/makingthingsclt/

Now he's scaling up production with a Kickstarter campaign. They've structured the pricing so that the majority of the money goes to shipping – that is, to support the USPS.

https://www.kickstarter.com/projects/baltimore/show-some-love-to-your-postal-workers-with-a-mailbox-badge

The kickstarted version of the hearts come in wood or plastic; the wood ones are laser-cut from 3/4" maple ply, stencil-painted, the plastic ones are 3D printed. They are either magnet- or adhesive-backed. $5 gets you a 3" heart with your choice of backing.

$45 gets you a 10-pack; $125 buys a neighborhood pack of 30.



The Mail (permalink)

The USPS has endured decades of fuckery thanks to the brush-war that led to the passage of the 2006 bill that made America's unglamorous, essential, universal, self-funding agency nominally broke, forcing it to prefund pension liabilities for 75 years in the future.

But the brush-war became a full-blown hostility thanks to the confluence of two factors:

I. Trump's appointing of a predatory swamp-gator to run the agency (Loius DeJoy, a wealthy Trump donor with tens of millions invested in private logistics firms that compete with USPS)

II. Trump's realization that this year's election would be almost entirely run by postal ballot, that this would increase voter turnout, and that this would deliver a humiliating electoral pasting to him and other GOP grifters who rely on voter suppression to win office.

All of a sudden, we've got post office mania! I am not immune. But the post office is a big, complicated system with a long and nuanced history, and its tale is wilder that a mere high-profile skirmish with Fedex investors and neofascist dictators.

Enter The Mail, a new weekly newsletter from Motherboard's Aaron W Gordon that will tell the story of the postal service, running from now until the election.

https://themail.substack.com/p/introducing-the-mail-a-newsletter

As befits a postal-obsessed new publication, The Mail will also have a monthly companion zine, physically published on paper, stapled, put into envelopes and sent to your home via the loving offices of your unionized letter carrier.

"The zines will be put together by the entire Motherboard staff, and will focus on digital security, hacking, internet ephemera, labor, and will generally be intended to inform and delight."



College Covid app is a security dumpster-fire (permalink)

In the early days of the pandemic, the term "contact tracing" vaulted into the public consciousness: that's the shoe-leather- and labor-intensive process whereby skilled heath experts establish a personal rapport with infected people to establish who they had contact with.

For both good reasons (the scale of the pandemic) and bad ones (tech's epistemological blindness, which insists that all social factors can be ignored in favor of quantifiable ones), there was interest in automating this process and "exposure notification" was born.

The difference is that exposure notification tells you whether your device was near another device whose owner is sick. It doesn't tell you about the circumstances – like, was it one of the people at that eyeball-licking party? Or someone in the next car in a traffic jam?

Exposure notification vaporizes qualitative elements of contact tracing, leaving behind just a quantitative residue of unknown value. There are two big problems with this: first, it might just not be very useful (that's what they learned in Iceland):

https://pluralistic.net/2020/05/12/evil-maid/#fjords

Second: people might be so distrustful of your data-handling processes that they actively subvert the app, meaning there are so many holes in your data that the data-set is useless. That's what happened in Norway.

https://techcrunch.com/2020/06/15/norway-pulls-its-coronavirus-contacts-tracing-app-after-privacy-watchdogs-warning/

The thing is, contact tracing is high-touch/low-tech because it is a social science intervention. Social scientists have always understood that if you only gather the data that's easy to reach, you'll come to bad conclusions skewed by defects in your collection.

A canonical text on this is Clifford Geertz's "Thick Description," where he describes an anthropologist trying to figure out why a subject just winked: is it flirting? Dust in the eye? Something else? The only way to know is to ask: you can't solve this with measurement.

To a first approximation, all the important stuff in our world has an irreducible, vital qualitative dimension. Take copyright exemptions: fair use rules are deliberately qualitative ("Is your use transformative in a way that comments on or criticizes the work it uses?").

These are questions that reflect policy priorities: in the words of the Supreme Court, fair use is the "escape valve" for the First Amendment, the thing that squares exclusive rights for authors with the public's right to free expression.

But the tech and entertainment industry have spent decades trying to jettison this in favor of a purely quantitative measure: it's not fair use if your image incorporates more than X pixels from another, or if your video or sound has more than Y seconds from another work.

This is idiotic. Solving automation challenges by declaring the non-automatable parts to be unimportant is how we get self-driving car assholes saying, "We just need to tell people that they're not allowed to act unpredictably in public."

(BTW, this is all said much better than I can in a superb Communications of the ACM article by Randy Connolly: "Why Computing Belongs Within the Social Sciences.")

https://cacm.acm.org/magazines/2020/8/246368-why-computing-belongs-within-the-social-sciences/fulltext

All of this is a leadup to the story of @Q3w3e3, an anonymous student at Michigan's Albion College, a private uni that reopened after insisting that all students must install a proprietary exposure notification app before returning to campus to lick each other's eyeballs.

Albion paid some grifters to develop this app. Because of course they did. The app is called Aura, and it was created by a company called "Nucleus Careers."

If you're thinking that's a weird name for a public health development company, you're right. They're a recruiting firm, founded this year, "with no apparent history or experience in building or developing healthcare apps."

https://techcrunch.com/2020/08/19/coronavirus-albion-security-flaws-app/

Aura is predictably terrible. As @Q3w3e3 discovered when they audited it, the app stores all the students' location data in an Amazon storage bucket, and comes with the keys to access that data hard-coded into the app.

The app also allows attackers to trivially discover the test status of any registered user. Techcrunch discovered this bug and hypothesizes that they could get the health data for 15,000 people this way. Did someone say HIPAA?

Nucleus Careers refused to talk with Techcrunch's Zack Whittaker about this beyond a few glomarish nonstatements. But the school administration is standing behind the app, threatening to expel students who don't use it.

And this brings us back to the disutility of the denatured quantitative residue of the thick, qualitative process of contact tracing. Many of the students who have the most at risk from using the app are also at the highest risk of contracting the disease.

People struggling with addiction, queer kids who aren't out and have secret partners, people engaged in survival sex-work are all at higher risk of exposure, and they also have the biggest reason NOT to use the app, lest it leak their secrets.

These are the people who you absolutely want to include in public health efforts, but that can only happen through noncoercive, personal, high-trust, low-tech interventions.

In other words, Aura isn't just technologically inept, it's also epidemiologically inept. The cliche that "you treasure what you measure" could not be more applicable here.

Look, these students shouldn't even be on campus. Obviously. And even a good contact tracing system would probably mostly serve as a postmortem for analyzing the inevitable conflagration of infection incoming in 3…2…1

But Albion is still a fascinating case-study in the lethal incoherence of the contempt of both managerial and technology circles for "human factors."

At the very least, we should ensure that the lives they will squander through their hubris aren't totally wasted.



Boeing fixes the 737 Max problem (permalink)

Before the plague, Boeing murdered hundreds of people by releasing a lethally defective aircraft, the 737-Max, whose failings included vital safety features that were sold as premium after-market add-ons.

The 737-Max scandal threatened to destroy the company, which had weakened itself through an orgy of financial engineering, gnawing off several of its limbs and devouring many of its vital organs.

But now, after receiving billions in bailouts, Boeing has finally announced a fix for the 737-Max.

They're renaming it.

Henceforth, the plane will be called "the 737-8."

https://onemileatatime.com/boeing-737-8/

As Rob Beschizza points out, it's a strategy most prominently associated with Trump, who tweeted "If I were Boeing, I would FIX the Boeing 737 MAX, add some additional great features, & REBRAND the plane with a new name."

https://twitter.com/realDonaldTrump/status/1117736685721223168

(Image: pjs2005, CC BY-SA)



Crowdfunding Skycircles (permalink)

Skycircl.es is a project of John Wiseman, a furloughed Disney Imagineer who became obsessed with mysterious overhead aircraft and decided to monitor them, discovering (among other things) a massive, covert FBI aerial surveillance program.

The project uses a cheap software-defined radio and a low-cost antenna to intercept transponder signals from overhead aircraft and plot their movements on maps in realtime, also storing longitudinal flight data.

https://docs.google.com/presentation/d/1sowJrQQfgxnLCErb-CvUV8VGXdtca6SWYWWLRPZgaHI/edit#slide=id.ga3a076b34_0_12

But the other half of the project is using open sources and freedom of information requests to pierce the veils of secrecy surrounding the front companies that many of these aircraft are registered to.

The program has revealed just how busy our skies are with invisible, unregarded surveillance aircraft. This image is not a lengthy time-lapse: it is a snapshot of a single moment in the LA skies.

https://docs.google.com/presentation/d/1sowJrQQfgxnLCErb-CvUV8VGXdtca6SWYWWLRPZgaHI/edit#slide=id.g5086fd3e26_0_79

Wiseman has collected BILLIONS of transponder pings from surveillance aircraft. New ones are tweeted in realtime by Advisory Circular, a network of Twitter bots that report on the skies over many major cities.

https://twitter.com/i/lists/1263724487435890688

The project is all free/open source, and Wiseman has run it for years as a self-funded hobby. But since being furloughed, this has become harder to sustain. Now one of his laptops has died and he doesn't have the cash to replace it.

He's soliciting donations to keep the project going. He's also in search of other coders to contribute, and free hosting for some of the project.

https://skycircl.es/donate-nerd-mode/

If he gets enough money, he's planned to give every spy aircraft in America its own social media account that tracks its movements in realtime; a mobile app that tells you which aircraft are overhead right now, and planet-scale analysis of spy planes.

Our own household finances are under severe strain, but I just donated to him. He's an example of how tech can serve as a force-multiplier for people resisting authoritarianism and illegitimate exercises of power.

A self-funded hobbyist is fighting the entire surveillance-industrial complex…and winning!



This day in history (permalink)

#15yrsago Oxford no longer accepting "child prodigies" https://www.theguardian.com/uk/2005/aug/21/highereducation.accesstouniversity

#5yrsago Ashley Madison commits copyfraud in desperate bid to suppress news of its titanic leak https://boingboing.net/2015/08/20/ashley-madison-commits-copyfra.html

#5yrsago Google covertly lobbied against net neutrality in India http://www.medianama.com/2015/08/223-google-iamai-net-neutrality-india/

#5yrsago Ulysses pacts and spying hacks: warrant canaries and binary transparency https://www.theguardian.com/technology/2015/aug/20/warrant-canaries-a-subtle-hint-that-your-email-provider-is-compromised

#5yrsago Your Android unlock pattern sucks as much as your password did https://web.archive.org/web/20171202220215/https://bsideslv2015.sched.com/event/9b17c2285b59eac2cca5700c7462e327

#5yrsago Universities' tax-exempt giga-endowments spend more on hedge fund managers than on education https://www.nytimes.com/2015/08/19/opinion/stop-universities-from-hoarding-money.html

#5yrsago America does a better job of tracking bee deaths than deaths in police custody https://www.muckrock.com/news/archives/2015/aug/20/bees-not-bodies/

#5yrsago "I hope the Chinese aren't collating the Ashley Madison data with their handy federal list of every American with a security clearance." -Bruce Sterling https://brucesterling.tumblr.com/post/127151439198/man-those-are-some-savage-vigilantes-i-hope

#5yrsago Eat invasive species and enjoy guilt-free meat https://www.bloomberg.com/news/articles/2015-08-19/invasive-species-chefs-latest-menu-offering

#5yrsago Windows 10 EULA: Microsoft can killswitch your unauthorized hardware and pirate games https://www.alphr.com/microsoft/microsoft-windows-10/1001360/microsoft-can-disable-your-pirated-games-and-illegal-hardware

#1yrago First detailed look at Poland's challenge to the EU Copyright Directive https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.C_.2019.270.01.0021.01.ENG&toc;=OJ:C:2019:270:TOC

#1yrago From search-engine to walled garden: majority of Google searches do not result in a click https://sparktoro.com/blog/less-than-half-of-google-searches-now-result-in-a-click/

#1yrago Gawker's new owners demand right to search journalists, ban encrypted email and institute dress code https://deadspin.com/this-is-how-things-work-now-at-g-o-media-1836908201

#1yrago How "meritocracy" went from a joke to a dogma, and destroyed the lives of everyone it touched https://www.theatlantic.com/magazine/archive/2019/09/meritocracys-miserable-winners/594760/

#1yrago Read: Jeannette Ng's Campbell Award acceptance speech, in which she correctly identifies Campbell as a fascist and expresses solidarity with Hong Kong protesters https://medium.com/@nettlefish/john-w-campbell-for-whom-this-award-was-named-was-a-fascist-f693323d3293

#1yrago Adding pink seaweed to cow feed eliminates their methane emissions https://www.usc.edu.au/about/usc-news/news-archive/2019/august/burp-free-cow-feed-drives-seaweed-science-at-usc

#1yrago A free/open tool for making XKCD-style "hand-drawn" charts https://timqian.com/chart.xkcd/

#1yrago A deep dive into how parasites hijack our behavior and how we evolved to resist them https://slatestarcodex.com/2019/08/19/maybe-your-zoloft-stopped-working-because-a-liver-fluke-tried-to-turn-your-nth-great-grandmother-into-a-zombie/



Colophon (permalink)

Today's top sources: Jason Koebler (https://twitter.com/jason_koebler/), John Naughton (https://memex.naughtons.org/),freeFall3 (https://twitter.com/Fall3Free), Boing Boing (https://boingboing.net/), Super Punch (https://www.superpunch.net/).

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 509 words (51597 total).

Currently reading: Twilight of Democracy, Anne Applebaum.

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 13) https://craphound.com/podcast/2020/08/16/someone-comes-to-town-someone-leaves-town-part-13/

Upcoming appearances:

Latest book:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla