Pluralistic: When Facebook came for your battery, feudal security failed (05 Feb 2023)

Today's links

A painting depicting the Roman sacking of Jerusalem. The Roman leader's head has been replaced with Mark Zuckerberg's head. The wall has Apple's 'Think Different' wordmark and an Ios 'low battery' icon.

When Facebook came for your battery, feudal security failed (permalink)

When George Hayward was working as a Facebook data-scientist, his bosses ordered him to run a "negative test," updating Facebook Messenger to deliberately drain users' batteries, in order to determine how power-hungry various parts of the apps were. Hayward refused, and Facebook fired him, and he sued:

Hayward balked because he knew that among the 1.3 billion people who use Messenger, some would be placed in harm's way if Facebook deliberately drained their batteries – physically stranded, unable to communicate with loved ones experiencing emergencies, or locked out of their identification, payment method, and all the other functions filled by mobile phones.

As Hayward told Kathianne Boniello at the New York Post, "Any data scientist worth his or her salt will know, 'Don’t hurt people…' I refused to do this test. It turns out if you tell your boss, 'No, that’s illegal,' it doesn’t go over very well."

Negative testing is standard practice at Facebook, and Hayward was given a document called "How to run thoughtful negative tests" regarding which he said, "I have never seen a more horrible document in my career."

We don't know much else, because Hayward's employment contract included a non-negotiable binding arbitration waiver, which means that he surrendered his right to seek legal redress from his former employer. Instead, his claim will be heard by an arbitrator – that is, a fake corporate judge who is paid by Facebook to decide if Facebook was wrong. Even if he finds in Hayward's favor – something that arbitrators do far less frequently than real judges do – the judgment, and all the information that led up to it, will be confidential, meaning we won't get to find out more:

One significant element of this story is that the malicious code was inserted into Facebook's app. Apps, we're told, are more secure than real software. Under the "curated computing" model, you forfeit your right to decide what programs run on your devices, and the manufacturer keeps you safe. But in practice, apps are just software, only worse:

Apps are part what Bruce Schneier calls "feudal security." In this model, we defend ourselves against the bandits who roam the internet by moving into a warlord's fortress. So long as we do what the warlord tells us to do, his hired mercenaries will keep us safe from the bandits:

But in practice, the mercenaries aren't all that good at their jobs. They let all kinds of badware into the fortress, like the "pig butchering" apps that snuck into the two major mobile app stores:

It's not merely that the app stores' masters make mistakes – it's that when they screw up, we have no recourse. You can't switch to an app store that pays closer attention, or that lets you install low-level software that monitors and overrides the apps you download.

Indeed, Apple's Developer Agreement bans apps that violate other services' terms of service, and they've blocked apps like OG App that block Facebook's surveillance and other enshittification measures, siding with Facebook against Apple device owners who assert the right to control how they interact with the company:

When a company insists that you must be rendered helpless as a condition of protecting you, it sets itself up for ghastly failures. Apple's decision to prevent every one of its Chinese users from overriding its decisions led inevitably and foreseeably to the Chinese government ordering Apple to spy on those users:

Apple isn't shy about thwarting Facebook's business plans, but Apple uses that power selectively – they blocked Facebook from spying on Iphone users (yay!) and Apple covertly spied on its customers in exactly the same way as Facebook, for exactly the same purpose, and lied about it:

The ultimately, irresolvable problem of Feudal Security is that the warlord's mercenaries will protect you against anyone – except the warlord who pays them. When Apple or Google or Facebook decides to attack its users, the company's security experts will bend their efforts to preventing those users from defending themselves, turning the fortress into a prison:

Feudal security leaves us at the mercy of giant corporations – fallible and just as vulnerable to temptation as any of us. Both binding arbitration and feudal security assume that the benevolent dictator will always be benevolent, and never make a mistake. Time and again, these assumptions are proven to be nonsense.

(Image Anthony Quintano, CC BY 2.0, modified)

Hey look at this (permalink)

A Wayback Machine banner.

This day in history (permalink)

#20yrsago PacBell and Scientology knock Kevin Burton offline<?a>

#20yrsago Brewster Kahle’s librarian rant

#10yrsago Bogosity generators: the secret heart of science fiction

#10yrsago NYT, 1924: Hitler’s tamed by prison, “no longer to be feared”

#5yrsago Trump’s Consumer Finance Protection Board chief gives up on punishing Equifax for doxing the entire United States of America

#5yrsago The GOP candidate who would represent a suburban Chicago district is an open Holocaust denier, white supremacist and anti-Semite

#5yrsago 139 pieces of (seemingly nonfunctional) malware that exploit Spectre and Meltdown are now circulating in the wild

#1yrago How to design an anti-monopoly interop system

Colophon (permalink)

Today's top sources: Slashdot (

Currently writing:

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Friday's progress: 520 words (102259 words total)

  • The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. FIRST DRAFT COMPLETE, WAITING FOR EDITORIAL REVIEW

  • A Little Brother short story about DIY insulin PLANNING

  • Vigilant, Little Brother short story about remote invigilation. ON SUBMISSION

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. ON SUBMISSION

Currently reading: Analogia by George Dyson.

Latest podcast: Social Quitting

Upcoming appearances:

Recent appearances:

Latest books:

Upcoming books:

  • Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023

  • The Internet Con: A nonfiction book about interoperability and Big Tech, Verso, September 2023

  • The Lost Cause: a post-Green New Deal eco-topian novel about truth and reconciliation with white nationalist militias, Tor Books, November 2023

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Medium (no ads, paywalled):

(Latest Medium column: "Small Government: The ref has to be more powerful than the players"

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla