On Monday (November 20), I’m at the Simsbury, CT Public Library at 7PM.
Happy Saturday! As is so often the case, I have finished the week with more stray links that I can fit into my blog, so it’s time for a linkdump post, in which an assorted assortment is assembled. This is my tenth such linkdump — here are the previous installments:
While nostalgia is a toxic impulse (h/t John Hodgman), there’s no denying that there once existed an old, good web, and that it has given way to the enshitternet. I don’t want to bring the old, good web back, but I would welcome a new, good web, and by studying the factors that contributed to the old, good web’s rise and fall, we can both conjure up that new, good web — and protect it.
Above all, the old, good web was contingent, a series of lucky accidents, like Tim Berners Lee’s decision to make the code and ideas and protocols for the original web as open and free as possible:
This meant that there was no way to use the law to capture the web. Contrast that with, say, AOL or Compuserve. If you were the Compuserve’s CEO and one of your rivals started using your servers to deliver a service that your users preferred, which shifted value from you to this new rival, you could just pull the plug on them. If they came back — using reverse-engineering or fake signups or whatever — you could sue them. Compuserve’s bosses made the rules, any rules they wanted, and could kick you off if you violated them. If you pressed the issue, they could get the government to come and fine you, or, in extreme situations, arrest you.
But the open web didn’t have these enforcement hooks. If you ran an early website and Yahoo deeplinked to it, you could change the link, but you couldn’t make Yahoo stop. The open web was competitive, and that prevented anyone from exercising a veto over who could make the web, and how. It meant that the web was always up for grabs, with key chokepoints like browser market share swinging around wildly from one vendor to another (until Microsoft started illegally tying blocking rival browsers in Windows).
That meant that the “governance” of the web was often just a matter of the technical details of its standards. Code may not be law, but it was sure law-like — if something was in, say, a W3C browser standard, then all the browsers would support it, and then anyone trying to do something cool on the internet could rely on every potential user having it.
Naturally, this made standards development organizations into the sites of vicious power-struggles. These SDOs are classic “weak institutions,” lacking the robust rules of, say, a competition regulator, to say nothing of the investigative and enforcement powers of the DoJ:
But in the old, good web days, the SDOs had an important advantage: the corporate fragmentation of the web. Because of TBL’s decision not to create IP chokepoints, even the wildly overcapitalized companies of the go-go dotcom bubble days weren’t able to control the web. No one company was indispensable to the web.
If Microsoft wanted to tilt a W3C standard to its advantage, it couldn’t threaten to leave the consortium if it didn’t get its way. For one thing, the consortium had such a diversity of membership that losing any one member’s dues wouldn’t sink the org’s finances.
For another, if Microsoft boycotted the W3C, that would just mean that the web standards that all those other companies were making wouldn’t reflect its priorities or desires. By staying in the W3C, Microsoft got to participate in rulemaking — if it left, it would be relegated to rule-taking.
But the DoJ and FTC spent the ensuing decades in something like a coma. After a failed bid to break up Microsoft — killed when GW Bush stole the 2000 election and dropped the case — America’s antitrust enforcers snoozed through decades of consolidation, and the transformation of the old, good web into “five giant websites, filled with screenshots of text from the other four”:
This turned SDOs into increasingly fraught battlegrounds where giants duked it out among each other for control of the web. In the days of the old, good web, the W3C was able to continue TBL’s chokepoint-free ethos, creating rules that forced members to surrender their patents at the door:
But once the enthitternet was fully in force, the largest corporate members became so important to SDOs’ ability to operate that even the W3C wasn’t able to resist. They started turning out IP-encumbered standards that were so proprietary that even filing bug-reports against browsers could mean jailtime:
Within a couple years, it became functionally impossible to implement a web-browser without a license from one of a tiny handful of gigantic, monopolistic corporations, who could use the license to exercise a veto over both who could make a browser, and what that browser could do:
Standards development is one of those esoteric, hugely important activities that almost no one knows anything about. Good standards are key to an open, free internet, and as governments around the world grapple with Big Tech monopolies, their plans often include a block that basically reads “insert good standard here.”
As exciting as the EU’s Digital Markets Act and US proposals like the ACCESS Act are, the “insert good standard here” stuff is wildly underspecified and undertheorized. Making a good standard — one that is robust, flexible and secure — is hard enough even under competitive competitions where the SDO can play independent referee, more powerful than the participants. But making good standards under monopolistic conditions is really hard.
And yet, it happens! Look at the Fediverse, powered by Mastodon and its adaptation of a W3C standard called ActivityPub. The Fediverse has done more for an interoperable, decentralized web than all the other projects of the past decade combined:
How did something so useful and capture-resistant emerge from the enshitternet, from the same standards-body that gave us a proprietary “standard” that allowed three giant companies to seize the right to authorize the production of web browsers themselves?
Therein lies quite a tale. In a talk for this year’s Association of Internet Researchers conference, Robert Gehl talks about the weird, highly contingent factors that delivered a fit-for-purpose Fediverse standard:
Gehl starts by describing ActivityPub as a “non-standard standard.” The technologists who created it at the W3C were largely unpreturbed by the Big Tech members, who viewed ActivityPub as unimportant, a folly. While this meant that the ActivityPub creators were free from Big Tech attempts to corrupt the standard, they were also insulated from the discipline of Big Tech standards people, who are expert at propelling a standard to completion while resolving conflicts to create a single, unified spec.
By contrast, ActivityPub’s creators made seven different specs, resolving factional disputes by letting everyone get their way. Critical parts of these standards — including support for federation! — was marked as optional in group’s charter.
Then along came Mastodon, implementing the draft spec for ActivityPub. This triggered two extensions to the deadline for ActivityPub’s completion. ActivityPub moved to final draft against the backdrop of the real-world experiences of early Mastodon users. Four of the five ActivityPub authors self-identified as queer, and they set out to make Mastodon more harassment-resistant than corporate social media:
The early success of Mastodon shifted the focus of ActivityPub authors and implementers. In Gehl’s words, “half of ActivityPub” is now ignored. Gehl’s essay shows how many needles Mastodon threaded to get to where it is today, and while there’s an argument that there was a Fediverse-shaped hole in the internet that something was going to fill, the Mastodon-inflected flavor of ActivityPub we got is pretty great.
Gehl is working on a book about this for Oxford University Press, “Move Slowly and Build Bridges”:
One of the more contingent elements of the nascent new, good web is Signal, the secure, robust, easy-to-use encrypted messaging tool that has stepped in to fill the gap that encrypted email tools like PGP struggled to fill for years (though that doesn’t mean that secure email is impossible!):
Like Mastodon, Signal threaded a bunch of different needles to get to its current status, and it’s still threading needles. In a new article, Signal’s amazing new president, Meredith Whittaker and Joshua Lund explain what it costs to keep Signal running:
Bottom line: Signal costs $50m/year. The breakdown is fascinating and weird. Signal pays a fortune to send SMS messages to verify your number when you sign up. Here’s an irony: as Signal displaces SMS, telcos are making up for lost revenue by charging Signal ever-higher rates to send those signup codes — Signal’s spending $6m/year on SMSes!
Storage costs Signal another $1.3m/year. Servers are $2.9m/year. Bandwidth is $2.8m/year. Signal’s storage and compute costs are low because they’re privacy-first, so they’re collecting, processing and storing as little data as possible. Add a couple more zeros per user to approximate the costs for high-surveillance alternatives to Signal.
Because Signal is end-to-end encrypted, they can use untrusted (and cheap) third parties for bandwidth, relaying and storage. Your phone encrypts the data before it leaves your device, and no one can decrypt it except the person you’re talking to. That lets Signal shop around for server infra, saving much more. Even so, voice and video calls consume a lot of bandwidth, and it gets more expensive because they jump the connection through multiple servers to prevent the people you’re talking to from capturing your IP address.
Signal’s got 50 full-time employees — a “shockingly small” team by industry standards. But still: 50 developers, managers, designers, accountants, etc all add up to $19m/year (the org pays “as close to industry wages as possible within the boundaries of a nonprofit”).
As Signal scales up, it is discovering new and exciting bugs and problems. A one-in-a-billion bug that may never crop up in a small service can suddenly start occurring on a daily basis once you hit scale. That means Signal will continue to hire engineers to crush these weird little bugs, and they’re going to be the kinds of specialists who can preserve privacy while fixing servers.
Signal is amazing. It’s been six years since they figured out how to transmit userids, numbers and photos as fully encrypted blobs. Not one of their competitors — not even the “secure” ones from giant Big Tech companies — have managed this. Even Signal’s system for embedding animated GIFs is privacy-preserving — the system doesn’t reveal your search terms to the GIF repositories.
Today, Signal is tooling up to create “post-quantum resistance” to the system, anticipating the arrival of functional quantum computers that will (theoretically) make short work of existing encryption techniques.
The article ends — logically enough — with a plea for donations. I’m a Signal donor already:
The Signal and ActivityPub stories reveal the important interplay between principled individuals and sustainable institutions. Benevolent dictators — whether that’s Tim Berners Lee, or Mastodon’s Eugen Rochko — work well, but fail badly. No matter how benevolent a dictator is, they are not infallible or omniscient. A critical juncture in any good project is its transition from a dictatorship to a democracy — an individual to an institution.
Take the Archive of Contemporary Music, the largest archive of popular music in the world. It was founded in 1985 by Bob George, who had amassed a collection of 47,000 LPs in a loft he’d lived in since 1974:
George and his co-founder, David Wheeler, have since grown the collection to 3m pieces of media with 90m songs. They were the first people to start seriously collecting and preserving music that others viewed as ephemeral and disposable. The collection wandered from place to place before settling in a Hudson Valley facility that it is about to outgrow.
In part that’s because they’re still one of the only places where others’ collections can be reliably consigned. When Keith Richards wanted to turn his blues collection over to a facility for long-term preservation, he chose ARC. Now, ARC is working with the Internet Archive to digitize and make available its vast holdings.
But that’s a fraught and contingent business, too. The Internet Archive has been targeted with one of those bowel-loosening record-industry lawsuits last seen during the Napster Wars, with Sony, Universal and others seeking damages that would permanently shutter the Archive and bankrupt its founder, the wonderful Brewster Kahle:
The suit argues that when a library makes 78RPM recordings available for its patrons to check out over the internet, they cannot avail themselves of the copyright exemptions that have been a feature since copyright’s inception. Remember, libraries are an order of magnitude older than copyright! The core of this suit is that libraries cannot move into the digital world.
Rather than doing what libraries have done since (literal) time immemorial — collecting works, preserving them and making them available — digital libraries can only license time- and circulation-limited copies of works that can’t be preserved. It’s a grim vision of a future without libraries:
Giant corporations are an existential threat to human thriving. After 40 years of neoliberalism, there’s a growing recognition that the market’s invisible hand would like to swat you like a bug. Hence the rise and rise of the labor movement. Though “union density” (the proportion of unionized workers) is still at an historically low ebb, union support among the public is higher than at any time since the New Deal.
That’s why UAW president Shawn Fain is planning a general strike in 2028, calling on other unions “to align your contract expirations with our own” so that all the contracts come up for renegotiation at the same time:
This is a very clever way to overcome America’s ban on sympathy strikes, which was introduced in 1947 with the Taft-Hartley Act. Sympathy strikes — where all unionized workers refuse to provide any service to employers who won’t bargain fairly with their own workforce — are a hugely powerful tool for labor movements. Look at Sweden, where Tesla has refused to bargain with the technicians who fix its cars.
In response, the entire Swedish workforce has united against Tesla. Dockworkers won’t unload its cars at the port. Electricians won’t fix its chargers. Cleaners won’t clean Tesla showrooms:
This is how it’s done. Musk has made his fortune by crushing worker power in every one of his businesses, joining the ranks of Apple and Amazon as one of the world’s leading maimers and killers of his workforce:
While Musk’s latest turn toward open antisemitism is grim, especially in light of his ownership of Twitter, it’s perfectly in character for a man whose businesses have always been charnel houses of “crushed limbs, amputations, head injuries and death.”
But Musk can’t fire or even intimidate the dockworkers who won’t unload his cars. Sympathy strikes enlist workers who are beyond the reach of intransigent employers in aid of workers who are subject to retaliation for striking. That’s why Taft-Hartley abolished sympathy strikes.
But if all the major unions are negotiating their contracts in 2028 — as Fain has called for — they can all strike without falling afoul of Taft-Hartley. That’s some shrewd tactics.
Even if you believe in markets as a force for increasing human thriving, it takes an act of will to miss how corporations who can exploit their customers or workers will. When it comes to exploitable customers, prisoners are the ultimate captive audience. Most of us are familiar with the horrors of private prisons — especially after the acute phase of the covid pandemic, when corporate prison managers simply left America’s prisoners to die.
But prison privatization is fractal. You can privatize a prison facility, but you can also privatize the commissary, the library, the mail, even phone calls and visitations. Some of the slimiest prison profiteers are the ones providing telecoms facilities to prisons. These companies lobby to ban in-person visits and mail and then provide “free” phone service to state facilities — service that can cost prisoners and their families $10/minute.
One of the worst of these companies is ViaPath (formerly Global Tel*Link). Not only did they charge prisoners sky-high rates for contact with their families, they ran a wildly insecure service that breached the data of 600,000 users:
These prisoners and families had “sensitive personal information” exposed online in unencrypted form, and were not informed of the breach, according to an FTC complaint:
The company went on to defraud state and local prison systems whose contracts they were bidding on, by claiming to have never have suffered a breach.
The sleaze of the prison-tech system is the worst imaginable — which is about what you’d expect. After all, prison-tech is at the very foot of the shitty technology adoption curve:
The prisoners who are abused by companies like Viapath are test subjects for technology that will work its way up the privilege gradient, moving on to mental patients, asylum seekers, kids, blue collar workers, white collar workers — then, everyone.
This makes prison-tech a great oracle for understanding what’s coming for the rest of us in a decade or two. That’s why I made prison-tech the McGuffin of The Bezzle, the sequel to my 2023 novel Red Team Blues, which comes out next February:
High-tech forensic accountant Marty Hench is back in The Bezzle for a story of early-2000s internet consolidation, LA Sheriffs Department gangs, prison privatization, collateralized debt obligations, and the absolute depraved sleaze of prison-tech privateers. If you still have a Twitter account, you can enter this sweepstakes to get an early copy:
(There will be other ways to get an early peek for non-Twitter users, rest assured!)
Attentive readers will note that The Bezzle will be my fourth book in 14 months. I’m presently touring my third book of 2023, The Lost Cause, a climate emergency book that Rebecca Solnit described as “a future woven from our successes (Green New Deal!), failures (climate chaos anyway), and unresolved conflicts (old MAGA dudes). I loved it”:
Book tours are exhausting and exhilarating. They have the weirdest social dynamic, where you’re bouncing to a new city every day or two, having high-speed social contact with hundreds of people at a go, then hunkering down alone in a hotel room to do press calls and answer publicity emails. I’ve been doing this since 2006 or so, and one mystery I’ve pondered all that time is the weirdness of stinky hotel soap:
Go to any Marriott, any Hilton, a Comfort Inn or a Holiday Inn, and you will find yourself in the Kingdom of Beige. The wallpaper, art, carpets and bedspreads are all calculated to be as generic and invisible as possible. But the soap and shampoo stocked by these redoubts of nothingness are wildly perfumed. I’m not a big fan of floral perfume anyway, but the hand-soap in your typical hotel bathroom makes Axe Body Spray seem innocuous. No taxi air-freshener, no urinal puck, not even the most lethal of 1960s-era douches ever aspired to the eye-watering, clinging, scent of hotel soaps, shampoos, conditioners and hand-cream.
It’s like hygiene perfume is the mid-priced hotelier’s equivalent of 1980s Wall Street traders’ suspenders: while everything else must be absolutely uniform and staid, this is the one realm where you can really let your freak flag fly. I’m always up for a unfettered freak-flag, but holy shit does this stuff stink.
I’ll get a chance to ponder this anew on the tour for The Bezzle next February, and again for Picks and Shovels, the February 2025 Martin Hench novel that’s already pending.
I need to get ready for my bookstore event, but before I sign off, one more bit of science fiction publishing news. An indie filmmaker in Paris is working with the brilliant John Varley on an adaptation of his sf classic Titan, and they’re trying to raise $65k on Kickstarter to pay for it. I kicked in — a world with more Varley in it is a better world:
If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog: