Pluralistic: 15 Feb 2021

Today's links

ADT insider threat (permalink)

Self-control isn't merely a matter of eliminating your own weaknesses. Self control is primarily about compensating for those weaknesses. When you go on a diet, you don't just commit yourself to eating well – you also throw away the Oreos so you won't be tempted.

This manoeuvre has a name: a Ulysses Pact, named for the passage in the Odyssey in which Ulysses pilots his ship through the sirens' sea, eschewing wax-stoppered ears so that he could hear their song, protecting himself by lashing himself to the mast.

Ulysses knew he would face a moment of weakness in the future, so he used his strength in the moment to guard against his future self.

Tech was built on a Ulysses Pact: the irrevocable free software license: once a hacker applies the GPL, they can't unchoose it.

No pressure from investors, not even the risk of bankruptcy or physical coercion can remove a free software license once it has been applied.

A Ulysses Pact is an act of humility, an admission of frailty. Alas, humility is in short supply in tech (the GPL is an exception).

Far more common is to build systems that can be abused, and assume that you – and your successors, collaborators, and underlings – will never yield to temptation.

Think of when the W3C incorporated DRM into browser standards, sure that none of its members would use this to exclude future rivals, only to be proven wrong a mere three years later, when Google blocked all free/open entrants into the field.

Or when Apple arrogated to itself the power to decide which software you can run on your phones and tablets, only to have the Chinese state order it to block working privacy tools to facilitate a system of violent, totalitarian control.

As Pavel Chekov counselled us all those years ago on the Desliu lot, a phaser on the bulkhead in act one will go off by act three.

Back in 2015, we bought – and then returned – a Canary security camera. We'd just immigrated to the US and were feeling a little nervous.

I was suspicious of this gadget. Though I wasn't technically capable of auditing its software, I WAS able to read its privacy policy, in which they promised not to share footage from your home unless ordered to do so.

I suspected that meant that Canary didn't employ end-to-end encryption, meaning that company insiders could peek at that footage, and the only thing preventing such peeking was policy and integrity, not that such a thing was impossible.

I wrote to the company and they confirmed that this was so, explaining that having access to cleartext video streams helped them use ML models that could distinguish between intruders and pets, and promising that they carefully vetted people with access to the footage.

So far as I know, Canary hasn't had such a breach…yet. But ADT – an industry leader whose major investor is Google – did. An ADT technician named Telesforo Aviles admitted to spying on at least 200 ADT customers.

Aviles wanted to spy on attractive women in order to see them in naked and having sex. ADT's system was designed to allow this; the primary means by which it was prevented was vetting staff – a process that is obviously too imperfect to trust in a high-stakes environment.

When ADT discovered this was happening, they tried to cover it up, offering laughable cash payments to survivors of Aviles's spying in exchange for confidentiality.

Doubtless certain technical aspects of the administration of ADT's security system were made simpler by choosing to create a system that was vulnerable to insider attacks. But by making this tradeoff, ADT demonstrated its unfitness to be in this market.

Maturity, after all, isn't about resisting temptation – it's about recognizing your own fallibility and taking measures to limit it. Exposing millions of customers to insider attacks on the obviously false belief that you will never hire the wrong person is unforgivable.

Billionaires think VR stops guillotines (permalink)

The pandemic has afforded all of us a refresher course on the five stages of grief, a theoretical and controversial framework for describing how people cope with tragedy: denial, anger, bargaining, depression and acceptance.

A far slower-moving unfolding of these stages can be seen in the reactions of the super-wealthy to the breakdown in neoliberal orthodoxy, the tale that says that inequality results from meritocracy, and makes us all better off:

Denial came out in the "rationalist" view: the world is better off than ever – richer, less violent, healthier, and any discontent you feel with your plummeting fortunes and the contracting possibilities for your kids is just your tunnel vision. Lack of perspective.

But the Great Financial Crisis and Occupy triggered the anger of the elites: violent suppression of protests, the "Doom Boom" in new luxury bunkers, Howard Schultz's insistence that "billionaire" is a slur (he says we should call him a "person of wealth").

The pandemic – and the "K-shaped recovery"- has revealed the existential threat inequality poses for our species, between price-gouging, fraud, profiteering, flouting health directives, and coercing the poor and vulnerable into risking their lives to keep the economy afloat.

A palpable desperation has set in among the ultra-wealthy, and with it, bargaining. VR execs and their major investors have begun to quietly assert that it will stabilize our unequal society by anaesthetizing the have-nots with virtual wealth.

John Carmack: "Not everyone can have a mansion. Not everyone can have a home theater. These are things we can simulate, to some degree, in virtual reality."

Gabe Newell: "The real world will seem flat, colorless, blurry compared to the experiences you'll be able to create in people's brains"

None of this will work. VR as opiate for the masses is a great Ernie Cline plot, but it's lousy social policy. After all, providing the desperate victims of the Great Financial Crisis unlimited access to Oxycontin and Fentanyl did not stabilize our society.

As Matthew Gault writes in Wired: "If you want a picture of the future, imagine a Facebook-branded set of VR goggles strapped to an emaciated human face—forever."

(Image: Gaetan Lee, CC BY, modified)

Privacy Without Monopoly (permalink)

This week on my podcast, a spoken-word version of "Privacy Without Monopoly: Data Protection and Interoperability," a major new white-paper that Bennett Cyphers and I co-authored for EFF.

It’s a paper that tries to resolve the tension between demanding that tech platforms gather, retain and mine less of our data, and the demand that platforms allow alternatives (nonprofits, co-ops, tinkerers, startups) to connect with their services.

I read the first half of it this week – about 40 minutes' worth – and I'll finish it next week. If you don't want to wait, you can dive in with the written version straightaway:

You can subscribe to my podcast feed here:

Here's a direct link to the MP3 (hosting courtesy of the Internet Archive; they'll host your stuff for free, forever, too!):

This day in history (permalink)

#15yrsago RIAA: CD ripping isn’t fair use

#10yrsago “Psychic” cancels show due to “unforeseen circumstances”

#10yrsago CBS sends a YouTube takedown to itself

Colophon (permalink)

Today's top sources: Bruce Schneier (, Naked Capitalism (

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 514 words (110389 total).

  • A short story, "Jeffty is Five," for The Last Dangerous Visions. Friday's progress: 251 words (5077 total).

Currently reading: Analogia by George Dyson.

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 30)
Upcoming appearances:

Recent appearances:

Latest book:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla