Pluralistic: 26 Jan 2021

Today's links

Twitter's Project Blue Sky (permalink)

It's been more than a year since Jack Dorsey announced Project Blue Sky, inspired by Mike Masnick's "Protocols, Not Platforms," paper – a critical work explaining how walled gardens can be transformed into open protocols.

There hasn't been much (visible) progress on Blue Sky since the 2019 announcement, but Twitter just published an "ecosystem review" analyzing the distributed systems out there as a kind of lay of the land.

The idea of a distributed social media landscape may seem unlikely but consider how heartily sick the public has become with the big platforms' moderation choices (both what they moderate and what they don't).

And also how unlikely it is that the platforms will ever be able to make the kinds of situational calls about acceptable and unacceptable speech for each country, community and context.

Indeed, if things are so dire, why are any of us even sticking around? The problem is:

  • Network effects (the more people there are on a platform, the more reason there is to join)

  • High switching costs (if you leave, you give up all those people)

And those lead to:

  • Lock in (you don't leave because you don't want to give up everyone else, and they don't leave for the same reason – we're all holding each other hostage)

But there's a way to unwind all of this – break the lock in, lower the switching costs, and undo the network effects.

Think of East Berlin. People who wanted to leave didn't just face The Wall, they also faced permanently abandoning their friends and worldly goods.

Today, Berliners can hop a train to Paris and scope it out. If they like it, they can move their stuff, and still go back whenever they want. They can call their friends back home and read the German papers.

The low switching costs mean that hundreds of millions – billions – of people have tried another city and settled there, or changed their minds and moved home, or moved to a third city. They have friends come to stay, or go back for the holidays.

Using Facebook – or any walled garden – is like getting trapped in East Berlin. FB legally terrorizes anyone who dares make a tool that creates interoperability between its service any its rivals.

And just like the East German politburo (who said The Wall wasn't to keep its citizens in, but rather to keep envious westerners out), Facebook swears it sues these companies to protect its users' privacy (as we all know, FB is a company that really cares about privacy).

There's a lot of energy to fix the big platforms, and this is a laudable goal.

But the reality is that wise kings are few and far between.

We don't just need the platforms to clean up their act, we also need to make it easier for us to leave when they get it wrong.

Interop will do that – but at a price. The trade-off we make when we decentralize the internet is that we can no longer hope to improve hundreds of millions of peoples' lives just by convincing Zuck or Jack to change their policies.

But honestly, when was the last time you managed to do that?

In a decentralized internet, neither the good nor the bad decisions of the platforms will carry the reach they do now. It will be harder to silence the people whose (legal) speech makes you angry.

But it will be easier to find a community whose definition of what Neil Gaiman calls "icky speech" matches your own – and to send messages from there to other communities who have different definitions.

Social media companies make errors just like we do – they are made up of fallible people. The problem is that when they screw up, their bad decisions redound to millions – even billions – of lives.

By all means, we should try and make these companies less error prone.

But far more important is to make their errors less consequential.

As I wrote for EFF: "Interoperability moves power from corporate board-rooms to tinkerers, co-ops, nonprofits, startups, and the users that they serve."

Brazil's world-beating data breach (permalink)

Brazil's public health agency has suffered what is arguably the worst data-exposure in world history, losing 243m+ records in a country of 211m people (the excess represents dead peoples' records).

For more than six months, the HTML for the website for the Sistema Único de Saúde included the login and password to access the database as an administrator; the credentials were obscured through Base 64 encoding, a trivially detected measure that is just as easy to bypass.

It was the second grave security error at SUS in less than a month (last month, a SUS techie posted a spreadsheet with the system's database keys, logins and passwords to Github, exposing 16m records).

Another leak exposed records in the country's covid tracing data.

The exposed records include the most highly sensitive information: names, dates of birth, full health records, addresses and phone numbers.

Included in the breach are many officials, including the Brazilian dictator Jair Bolsonaro and his junta.

The insecure systems were built by an IT contractor called Zello (formerly MBI Mobi), which has billed the Brazilian state $8.5m since 2017.

The vulnerabilities were discovered by the NGO Open Knowledge Brasil, who sounded the alarm. The breach puts every Brazilian at risk of identity theft and many other forms of cyberattack.

Evictions and utility cutoffs are covid comorbidities (permalink)

"Public health" isn't just about vaccinations, clinics and urgent care: it's a holistic discipline that encompasses all the contributors to health outcomes, which include things like housing, employment, transportation, pollution and more.

A new working paper from the National Bureau of Economic Research estimates the number of US covid deaths that could have been prevented with a coherent, effective eviction moratorium and a ban on utility cutoffs: 164,000.

The paper, written by a multidisciplinary group of Duke researchers from medicine and economics, found that housing precarity (a risk of losing your home) drove risky behavior that increased the spread of the disease and the resulting deaths.

For example, it forced people to double-up on lodgings, making social distancing impossible, to say nothing of self-isolating after an exposure. It also drove people to tolerate high-risk workplace conditions, including illegal conditions.

The authors used regression techniques to control for confounding variables, and used like-for-like counties with different utility and eviction policies to estimate the effect that these had on infection rates.

"Public health" is a notion that challenges the very foundation of neoliberal ideology, which says that all outcomes are the results of your individual choices – that your right to swing your arm ends at the tip of my nose.

Public health says that our decisions about treating covid (and other health issues) affect all of us – that the system matters more than individual choices.

Public health says that we're all in the same swimming pool. Neoliberal choice theory says that if some of us want to piss in the pool, we can just create a "pissing" and a "no pissing" end.

And that the answer to the yellowing of both ends is to make the pool longer, and that the market opportunity is to charge people who want to swim in the no pissing end to use the toilets and fine them if they can't afford the charge.

Because here's the kicker: although covid mostly kills poor, racialized and otherwise marginalized people, it doesn't do so exclusively. Even people who can afford high quality care and thus recover face unknown, long-term health consequences.

Keeping rentiers' income streams intact by allowing evictions made us all sicker, put us all at risk. Even the landlords.

Treating system problems as a matter of personal choice is like telling people to recycle harder to avert the climate emergency.

The parochial gains to the minute class of landlords came at the expense of mass-scale, social costs – human lives, human misery, widespread infection, and traumas and waste that will drag us down for decades to come.

(Image: Luis Prado, CC BY, modified)

"North Korea" targets infosec researchers (permalink)

One of the most fascinating revelations from the Snowden documents was the story of "fourth party collection," which is when the NSA hacks the spy agency of a friendly nation to suck up all the spy data it has amassed on its own people.

It's a devilishly effective spying technique and it surfaces a major risk of mass domestic surveillance – if your internal police get hacked by another nation, then that country can get all of your data. The secret police say they're spying to protect you – some protection!

Even more mind-blowing is the existence of "fifth-party collection" (spying on a spy agency that's spying on another spy agency) and "sixth-party collection" (spying on a spy agency that's spying on another spy agency that's spying on another spy agency) .

It's also fascinating because it's so obvious in retrospect. Willie Sutton robbed banks "because that's where the money is." Spooks spy on other spooks because that's where the kompromat is: gathered, sorted, filed and analyzed.

This week, Google's Threat Analysis team published a warning to security researchers to be vigilant about a sophisticated threat-actor that is targeting the infosec community.

Google says the attacker is working from North Korea (which strongly implies that they are working on behalf of the DPRK itself).

An analysis of the attack recounts how the hackers would ingratiate themselves to infosec professionals, ask them to collaborate on interesting problems, and then slip them a poisoned software library that would take over their systems.

Like fourth-party collection, this is a highly leveraged attack. Security researchers tend to have a lot of proof-of-concept malware, notes on vulnerabilities, and other juicy tools and intel that could be weaponized to attack high-level systems.

(Image: Cryteria, CC BY, modified)

This day in history (permalink)

#15yrsago How the malicious software on Sony CDs works

#15yrsago Censorship: Comparisons of Google China and Google

#10yrsago DHS kills color-coded terror alerts

#5yrsago Charlie Jane Anders’s All the Birds in the Sky: smartass, soulful novel

#1yrago Banks have returned to the pre-2008 world of automatic credit-limit increases for credit cards used by already indebted people

#5yrsago Profile of James Love, “Big Pharma’s worst nightmare”

#1yrago Fatal car wrecks are correlated with stock-market fluctuations

#1yrago Andrew Cuomo’s naked hostility drives out MTA president Andy Byford, the “Train Daddy” who has transformed the world’s rail systems

#1yrago Two years after a federal law banning shackling women during childbirth was passed, prisoners in America are still giving birth in chains

Colophon (permalink)

Today's top sources: Bruce Schneier (, Naked Capitalism (, The Grugq (

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 502 words (103096 total).
  • A short story, "Jeffty is Five," for The Last Dangerous Visions. Yesterday's progress: 289 words (1366 total).

Currently reading: Analogia by George Dyson.

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 29)

Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla