Pluralistic: 15 Dec 2020

Today's links

Pornhub and payment processors (permalink)

Today, Pornhub took down all videos from unverified accounts after a New York Times report documented instances of nonconsensual pornography and child sexual abuse material on the service.

But the Times editorial isn't what spurred the shutdown: rather, it was the decision by Visa and Mastercard to withdrawn Pornhub's payment processing that prompted Pornhub to take action.

You may count that as a win. No one with any kind of moral center endorses nonconsensual pornography, especially when it involves children, and the less there is out there, the better the world is. I agree.

But we should also be worried about the growing monopolization of payment processing, and the role that payment processors are coming to play as gatekeepers for all kinds of activities.

Mastercard and Visa are not qualified to make those calls. More importantly, no one elected them to make those calls. No law requires them to make those calls, and any law that tried would likely be unconstitutional.

If you want a sex industry based on consent and dignity, this should doubly worry you. After all, the first group of people shut down by payment processors' arbitrary judgements about what speech should and should exist were independent sex-workers.

It took years for the payment processors to work their way up to the monopolistic, sprawling porn empire behind Pornhub – a Canadian company called Mindgeek that maintains the pretense that it is headquartered in Luxembourg,a notorious tax-evasion jurisdiction.

There's an old saw that the sex industry are early tech adopters. That's not quite true – rather, people with disfavored views are the first people for whom it's worth figuring out new technologies, since the old ones are unavailable to them.

Porn got into home films because most big cinemas wouldn't screen pornography. They got into VHS because it was easier to duplicate than film. They got into the net because it offered access without social costs of being seen in the adult section of the video rental place.

But while pornographers aren't early adopters, they ARE leading indicators. Pornographers' fights with novel censorship tactics are also trial-runs for using those tactics against OTHER people – and payment processors have already been pressed into service.

Visa and Mastercard threats have been used to block or shut down journalism, self-published books, dating services.

Mindgeek and Pornhub don't need our sympathy, but hard cases make bad law.

With only a few payment processors online, our ability to engage in legal conduct will always be at the mercy of Visa, Mastercard and a handful of others.

Asset forfeiture is just theft (permalink)

If you're charged with a crime, the prosecutor has to prove you did it beyond a reasonable doubt; when it's a civil case, it's up to YOU to prove based on "preponderance of evidence" that you are innocent. A real difference, especially when the accused is an inanimate object.

In civil asset forfeiture, police seize the goods of people they suspect of criminal activity – without the need for a charge or conviction – and sue that property (i.e. "State of Iowa v Six Tons of Bricks") and you pay a lawyer to prove your property's innocence.

If your lawyer loses (or if you can't afford a lawyer), you lose your stuff, and the cops get to keep it or sell it and keep the money as an off-the-books black budget. Cops love this money – it lets them buy military surveillance gear.

But not just that: one sheriff stole $70k from his townspeople and used the money to buy a muscle car that he only drove to and from work.–politics/feds-want-reimbursement-for-gwinnett-sheriff-70k-muscle-car/zkOidGb5oRfCHGO5RlZGsL/

City attorneys have worked with cops in the past to draw up "wish lists" of stuff they'd like to steal. The cops then nose around the owners of that stuff, looking for a pretence to seize it.

Indeed, police departments future budgets projected their forfeiture revenues for years to come, effectively setting a quota for how much they had to steal from people each year:

By 2014, US police were stealing more from the people they were sworn to protect than all the nation's burglars combined.

No wonder that by 2015 Congress ended the program (don't worry, Trump reinstated and expanded it):

Long after the program was ended, cops insisted that without forfeiture, they lacked the "incentive" to fight crime:

They predicted that without forfeiture, police budgets would be too strained to fight crime, while criminals' coffers would swell. That was the scare-story New Mexico's legislature heard in 2015 when the state ended civil forfeiture.

Five years later, the verdict is in, and the cops' predictions were wrong. A new report from The Institute for Justice shows that NM experienced no rise in crime, no drop in arrests, and "arrest/offense rates consistent with trends in two neighboring states, CO and TX."

The study shows that far from being an instrument to return stolen goods or make restitution to crime victims, forfeiture is a way to fatten police budgets and personally enrich police officials. The seizures are mostly small-dollar amounts (not drug dealer money).

The larger seizures tell an even worse story: they include numerous instances in which a family home was seized because an underage offender sold small quantities of drugs from the premises – leaving families to spend fortunes defending their homes, often unsuccessfully.

EU competition rules have real teeth (permalink)

Back in September, we got a glimpse of upcoming EU tech competition rules, courtesy of a leak from the European Commission; they set out an ambitious set of rules on mergers, self-dealing, surveillance, and interoperability.

The proposal wasn't perfect, but it was still exciting and encouraging, especially the interoperability proposals. Interop, after all, is the judo that every one of today's tech giants used to beat the companies that came before them.

Today, the Commission published the first public draft of its rules (these need to get through the EU Parliament and the Council of national governments):

The Digital Markets Act and its companion, the Digital Services Act, are the first major update to EU e-commerce rules in nearly two decades. A LOT has changed since the E-Commerce Directive!

For a quick overview, I recommend my EFF colleagues Christoph Schmon and Karen Gullo's analysis:

The good news: the proposal requires due process for content removal – not a system where filters remove your content in an eyeblink and then you spend months or years in autoresponder hell trying to get it back up.

It doesn't require giant companies to police their users' speech, a rule that has led to mass-scale censorship, especially targeted against marginalized people who lack the platform and resources to complain when they get blocked.

It includes very steep penalties for companies that don't comply (up to 6% of annual global revenue), and a means to reach beyond EU borders to sanction companies that do business in the EU – both measures are powerful and potentially dangerous, and both need more specifics.

One disappointment: the interoperability measures have been weakened since September's leaks, though Article 6 of the Digital Markets Act is still a strict and far-reaching set of pro-competition rules with some look-in for interop.

Here's some A6 highlights, rules for the largest tech companies ("gatekeeper companies"):

  • A ban on combining platform data with data from third parties and on automatically logging users from one service on a platform to other ones

  • A requirement to let businesses on the platform offer services and pricing that directly competes with the platform owner

  • A requirement to let businesses on the platform do subscription and payment with users on their own terms, without having to use the platform

  • A ban on blocking businesses on the platform from complaining about abuses to regulators

  • A ban on requiring that businesses on the platform use the platform's single sign-on method

  • A ban on requiring businesses on the platform from using unrelated platform services

  • A requirement on platforms to reveal how their ad services work, exposing how much advertisers paid and how much publishers received for ads

This is a solid starting point but there will be a lot of work in the years to come in the Parliament and Council.

Here's the Commission's press-release on the Acts:

and here's its plain-language(ish) explainer:

Blockchain voting is bullshit (permalink)

The 2020 US elections were a reality check for how fragile the legitimacy of elections really is. This is something that paper ballot advocates have been beating the drum on for decades, even before Bush v Gore.

In much of the world, elections are carried out by voters hand-marking paper ballots that they place in ballot boxes whose chain of custody and tallying are observed by representatives from political parties. This works in rural, urban, dense and remote places.

The US, however, has a bizarre love-affair with glitchy and poorly secured voting machines, despite the fact a) we shouldn't use voting machines at all, and b) we really shouldn't use these voting machines.

The manufactured controversy over Dominion is only possible because all voting machines are flaming garbage piles. Yes, there's no Dominion hack that would have changed the outcome, but the deserved disrepute of the whole sector is the only reason we're talking about it.

In a move that's totally on-brand for 2020, cryptocurrency advocates are now promoting the idea that rather than moving to hand-marked paper ballots, we should just put it all on the blockchain. This is a terrible idea.

As Matt Blaze says:

  • It doesn't solve any problems civil elections actually have.
  • It's basically incompatible with "software independence", considered an essential property

  • It can make ballot secrecy difficult or impossible.

If that's too terse for you, try this MIT paper on the inability of blockchain to make voting more secure (co-authored by Ron Rivest, the "R" in RSA): "Going from Bad to Worse: From Internet Voting to Blockchain Voting."

They recap the five criteria for an "evidence-based election":

I. Ballot secrecy

II. Software independence

III. Voter-verifiable ballots

IV. Contestability

V. Auditability

From there, they discuss how blockchain either fails to satisfy these requirements or actually worsens the problems of existing touchscreen and internet voting systems.

One thing to understand about internet-based voting is that it is subject to attacks that are both scalable (one attacker can change a lot of votes) and undetectable (you can't be sure if the attack has taken place).

This is true of all internet-based voting, including blockchain voting. Attackers can compromise users' devices, vote tallying software, "or any other systems that the device relies upon to cast the vote."

There have been numerous theoretical attempts to address this in internet voting, like zero-knowledge systems and coercion resistance – but all of these are complex, with extensive attack surfaces, and all rely on users' devices not being compromised.

Blockchain voting introduces new problems over the baseline problems of all internet voting systems: the fact that a lost key means a lost vote, for example. And permissioned blockchains just make the problem worse, by making it harder for voters to validate their votes.

The authors point out that all existing blockchain-based voting systems do not require ballot secrecy, an ironclad requirement of electoral voting, and that nonsecret voting challenges are completely different to those in a secret ballot.

But in case you're not convinced by all of that, the authors finish the paper with an appendix of questions that any blockchain-based electoral voting system should be able to answer. It's a good check against the wishful thinking of internet or blockchain voting.

Right after last month's elections, a number of smart people who aren't technologists said, "This uncertainty and chaos is unacceptable! We have to put all of this on the internet!" They were and are very, very wrong (sorry, my dudes).

The US voting system is a clusterfuck because of technology. The way to fix it is to replace all that tech with paper, pencils, and scrutineers – not to add more tech. As we say in computing circles, "Then you'd have two problems."

Everything you've heard about internet voting is BS. It doesn't increase turnout (not even in Estonia). It doesn't increase reliability. It doesn't reduce chaos. It is a quagmire that no democracy can afford to get lost in.

This day in history (permalink)

#15yrsago HOWTO make a DRM CD

#10yrsago DanKam: mobile app to correct color blindness

#10yrsago UBS’s 43-page dress code requires tie-knots that match your facial morphology

#5yrsago Sometimes, starting the Y-axis at zero is the BEST way to lie with statistics

#5yrsago Do Androids Dream of Electric Victim-Blamers?

#5yrsago Neil Gaiman reads “A Christmas Carol”

Colophon (permalink)

Today's top sources: Bruce Schneier (, Naked Capitalism (

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 539 words (93636 total).

Currently reading: The City We Became, NK Jemisin

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 26)

Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla