#VPN Tunnel | Explore Tumblr posts and blogs

mostlysignssomeportents · 5 days ago

Text

Pinkslump linkdump

Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.

We're less than a month into 2025 and I'm already overwhelmed by my backlog of links! Herewith, then, is my 25th linkdump post, a grab-bag of artful transitions between miscellaneous subjects. Here's the previous 24:

https://pluralistic.net/tag/linkdump/

Last week's big tech event was the Supreme Court giving the go-ahead for Congress to ban Tiktok, because somehow the First Amendment allows the US government to shut down a speech forum if they don't like the content of its messages. From now on, only Mark Zuckerberg and Sundar Pichai and Elon Musk and Tim Cook and the faceless mere centimillionaires running companies like Match.com will be able to directly harvest Americans' most private, sensitive kompromat. The People's Liberation Army will have to build their dossiers on Americans' lives the old fashioned way: by paying unregulated data-brokers who will sell any fact about you to anyone and who know everything about everyone.

After all, the reason the American market matters so much to Tiktok is that America is the only rich, populous country in the world without a federal privacy law. That's why an American is the most valuable user an ad-tech company can acquire. Keep your wealthy Norwegians: sure, they're saturated in oil money and thus fat prizes for ad-targeting, but they're also protected by the GDPR.

If you're an American (or anyone else, for that matter) who wants to use Tiktok without being spied on, Privacysafe has you covered: their Sticktock tool is a private, alternative, web-based front-end for Tiktok, with optional Tor VPN tunnelling:

https://sticktock.com/

As Privacysafe's Sean O'Brien explains, Sticktock is an free/open utility that's dead easy to use. Just change the URL of any Tiktok video from tiktok.com/whatever to sticktock.com/whatever, and you're have a private viewing experience that easily penetrates the Great Firewall of America:

https://bitsontape.com/p/sticktock-share-tiktok-videos

O'Brien – founder of the Yale Privacy Lab – writes that Privacysafe built this because they wanted to help Americans continue to access the great volume of speech on Tiktok, and because they knew that Americans would be using ad-supported, spyware-riddled VPNs to evade the Great Firewall.

Sticktock is a great hack, but it only defends your privacy while you're using Tiktok. For other social media, you'll need to try something else. For example, Mark Zuckerberg is the last person you want to entrust with your data, and always has been. Never forget that as soon as Zuckerberg's Harvard-based nonconsensual fuckability-rating service TheFacebook was up and running, he started offering copies of all his users' data as a flex to his buds:

Yeah so if you ever need info about anyone at Harvard Just ask I have over 4,000 emails, pictures, addresses, SNS

What? How'd you manage that one?

People just submitted it. I don't know why. They "trust me" Dumb fucks

Don't be a dumb fuck! Lots of people can't manage to leave Meta platforms because they love the people there more than they hate Mark Zuckerberg, and Zuck knows it, which is why he keeps turning the screws on his users. That doesn't mean there's nothing you can do. Over the years, various law enforcement and regulatory agencies have forced Meta to add privacy controls to its services, and though the company has implemented these as a baroque maze of twisty little malicious compliance passages, all alike, it is possible to lock down your data if you try hard enough. My EFF colleague Lena Cohen has a walkthrough of Meta's privacy settings, AKA the world's worst dungeon crawler, which will see you through safely:

https://www.eff.org/deeplinks/2025/01/mad-meta-dont-let-them-collect-and-monetize-your-personal-data

If this kind of thing interests you, you can spend a whole weekend learning about it, chilling and partying with some of the most fun-loving, fascinating weirdos in hackerdom this summer. 2600 magazine's semi-annual Hackers on Planet Earth (HOPE) con – now in its 31st year! – has gone annual, and they're pre-selling tickets at a freakishly low earlybird rate:

https://store.2600.com/products/tickets-to-hope_16

I keynoted HOPE last year and it was every bit as much fun as I remembered. Sure, DEF CON is amazing, but you can't really call a 40,000-person gathering in the Las Vegas Convention Center "intimate." HOPE is a homebrew, homely, cheap, cheerful and delightfully anarchic hacker con with deep history and great people.

Speaking of weird ancient history, my pal Ada Palmer – sf writer, librettist, singer, and Renaissance historian – blew my mind this week with her article on the tower-cities of medieval proto-Italy during the Guelph-Ghibelline wars (1125-1392):

https://www.exurbe.com/the-lost-towers-of-the-guelph-ghibelline-wars/

Once upon a time, Italian city-states were forested with tall towers, like miniature Manhattans. Rich families built these stone towers as a show of wealth and a source of power, since the stone towers were taller than nearby homes and far less flammable, so the plutes of the day could drop flaming garbage on their neighbors, burn them out, and emerge triumphant. This ended with cities like Florence banning towers above a certain height, forcing their warring oligarchs to decapitate their fortresses down to compliance levels.

The images need to be seen to be believed. Ada's got a new book about this, Inventing the Renaissance, "which shows how the supposed difference between a bad 'Dark Ages' and a Renaissance 'golden age' is 100% propaganda, but fascinating propaganda with a deep history":

https://www.adapalmer.com/publication/inventing-the-renaissance/

Palmer is one of the most fascinating writers, thinkers, performers, and speakers I know. This is the book for every history nerd in your life, and also a magic artifact with the power to transform normies into history nerds.

Speaking of scholars finding nontraditional ways to do technical communication to the general public: this week, 404 Media's Emmanuel Maiberg reported on Zara Dar, an OnlyFans model who's racked up millions of Pornhub views for videos that consist of detailed, accessible, fully clothed explanations of machine learning:

https://www.404media.co/why-this-onlyfans-model-posts-machine-learning-explainers-to-pornhub/

Dar's videos cover a variety of poorly understood, highly salient mathematical subjects, like this introduction to probability theory:

https://www.pornhub.com/view_video.php?viewkey=65cfae54411b9

Dar's got a pretty straightforward reason for posting her explainers to Pornhub – it pays about 300% more than Youtube does for the same amount of viewership ($1,000 per million views vs. Youtube's $340 per million). But it comes at a cost. Other platforms like Linkedin have banned her for discussing the economics of posting videos to Pornhub, without explanation or appeal.

The reason Dar's in the news now is that the Supremes didn't merely ban Tiktok this week, they also heard arguments about the red state "age verification" laws, in which Alito asked if looking at Pornhub was analogous to reading Playboy, which was famous for interleaving softcore pornography with hefty, serious reporting and editorials. Can you really look at Pornhub "just for the articles?" Seems like the answer is a resounding yes.

These "age verification" laws are jaw-droppingly reckless. Red state lawmakers – and ALEC, the dark money org that wrote the model legislation they're pushing – envision a system where each person who looks at porn is affirmatively identified as a named adult, and where that identity information is indefinitely retained. The most common way of gating services to adults is to demand a credit-card, which means that these weirdos want to create highly leakable databases of every one of their constituents' sexual kinks, which can be sorted by net worth by would-be blackmailers. Remember, any data you collect will probably leak, and any data you retain will almost certainly leak. Good times ahead.

Of course, it wasn't all gruesome policy malpratice this week. In the final days of the Biden admin, antitrust enforcers from multiple agencies launched a flurry of investigations, cases, judgments, fines and sanctions against companies that prey on the American public. The FTC went after John Deere for its repair monopoly:

https://www.404media.co/ftc-sues-john-deere-over-its-repair-monopoly/

And the FTC sued to end a system of secret noncompetes, where employers illegally collude not to hire each others' workers, something the workers are never told:

https://prospect.org/labor/2025-01-17-building-service-workers-ftc-stops-secret-no-hire-agreements/

That's just for starters. Matt Stoller rounds up the "full Tony Montana" of last-week enforcement actions undertaken by Biden's best appointees, an all-out assault on pharmacy benefit managers (most notably Unitedhealth), junk-fee-charging corporate landlords, Capitol One, Cash App, rent-rigging landlords, Southwest Airlines, anesthesia monopolists, Experian and Equifax, private equity plunderers, lootbox-peddling video game companies, AI companies, Honda finance, politically motivatedd debanking, Google, Elon Musk, Microsoft, Hino Motors, and more:

https://www.thebignewsletter.com/p/out-with-a-bang-enforcers-go-after

This is all amazing, but also frustrating, as it exemplifies what David Dayen rightly calls the "essential incoherence" of Bidenism, a political philosophy that sought "balance" between different Democratic Party factions by delegating enormous power to people with opposing goals, then unleashing them to work at cross-purposes:

https://prospect.org/politics/2025-01-17-essential-incoherence-end-of-biden-presidency/

What to make of a president whose final address warned the American public of an out-of-control oligarchy, but whose final executive order was a giant giveaway to the biggest AI companies – and their oligarch owners?

And what to make of a president who oversaw a genocide in Gaza, fronting for an Israeli regime that made a fool of him at every turn, laughed at his "red lines," and demanded (and received) fresh shipments of arms even as they campaigned for Trump?

This had nothing to do with sound electoral politics. The vast majority of Americans supported a cease-fire in Gaza, and have done virtually since the beginning of the bombings. Harris – who reportedly agreed not to criticize Biden's record as a condition of Biden stepping aside – made it clear that she would ignore voters' horror at the mass killing. Voters responded by staying home in droves: 19 million 2020 Biden voters simply refused to cast a ballot in 2024:

https://www.dropsitenews.com/p/kamala-harris-gaza-israel-biden-election-poll

A Yougov poll showed that 29% of the "non-voters" who turned out for Biden in 2020 refused to vote at all in 2024 because of Biden's support for genocide in Gaza. Polling during the campaign made it clear that Harris would improve her electoral chances by promising a cease-fire, but that was a bridge too far, even during an election "where democracy was on the ballot."

America is famously a country where legislators and leaders ignore the policy preferences of voters and give elites everything they want. In that world, not voting – even when "democracy is on the ballot" – makes a lot of sense:

https://www.vox.com/2014/4/18/5624310/martin-gilens-testing-theories-of-american-politics-explained

But Biden did do some popular things that elites hated – fighting corporate power, price-fixing, rent-gouging, and other forms of predatory business conduct. The "compromise" the Biden administration made with its elite backers was to call as little attention as possible to all this stuff. The Biden admin did more on antitrust in four years than all the preceding administrations of the previous forty years, combined. Just last week, the Biden admin did more on antitrust than any presidential administration did in a four-year term. And yet, they barely whispered about it.

This is a great example of what Anat Shenker-Osorio calls "Pizzaburger politics." Imagine half your family wants pizza for dinner and the other half wants burgers, so you make a disgusting pizzaburger that makes them all equally miserable and claim that everyone being mad at you is proof that you've been "fair":

https://pluralistic.net/2024/05/29/sub-bushel-comms-strategy/#nothing-would-fundamentally-change

Handing billionaires a bunch of voter-enraging gimmes and sucking up to ghouls like Liz Cheney didn't buy the loyalty of America's tower-owning, neighbor-incinerating princelings. They gave millions to Trump, whom they knew would hand them billions in tax breaks and a license to loot the country. Worse, this pizzaburger strategy caused voters to stay home by the millions, convinced that they couldn't trust Biden or Harris.

We're heading into another four years of planet-incinerating, human-rights-destroying, immigrant-pogroming, mass-imprisoning misery. The incoming dictator has promised to throw all kinds of people in prison, so maybe we should learn a little about how America's prolific, crowded, nightmare penitentiaries actually function.

David Skarbek is a political scientist who studies prison gangs. In a fascinating interview with Asterisk, he describes the forces that led to the rise of race-segregated prison gangs, from virtually nonexistent for 100 years to ubiquitous:

https://asteriskmag.com/issues/08/why-we-have-prison-gangs

It boils down to this: in small prisons, it's possible to enforce a social code among prisoners that maintains order. Each prisoner can keep track of the trustworthiness of others and of the safety risks they pose. But once we started building larger prisons, this system broke down, requiring hierarchical, authoritarian structures – gangs – to keep people in line. Gangs are brutal, but they also keep the peace, regulating financial disputes, contraband trade, and the use of violence.

Skarbek thinks that building more, smaller prisons would eliminate gangs – as would increasing the number of guards, which would give the institution the capacity to step in and fill the regulatory void filled by gangs. He's not saying prison gangs are good, but he's explaining why they emerged and why they have remained.

There is no pleasure quite like reading the work of top-flight scholars explaining their areas of research. That's why I subscribe to the RSS feed for Matthew Green's blog about cryptography. Green is a great explainer who works in fascinating areas.

In his latest post, Green talks about the way that AI interacts with end-to-end encryption. After decades of rising catastrophes, mobile device makers and cloud providers finally standardized on end-to-end encrypted cloud storage, meaning that your data in the cloud is so scrambled that the cloud provider can't even guess about what it is (which means that if the cloud gets breached, none of that data can be read by hackers or sold on the darknet):

https://blog.cryptographyengineering.com/2025/01/17/lets-talk-about-ai-and-end-to-end-encryption/

This works great for cloud storage, but it poses a serious impediment to cloud computing. You can't offload computationally intensive tasks onto someone else's giant data-center if you scramble your data so thoroughly that it can't be read or understood by the computers there. This is especially salient when we're talking about "AI," which involves a lot of data-processing that exceeds the capacity of your phone or laptop.

This presents a serious privacy risk, because it implies that AI companies are going to abandon the idea of end-to-end cloud encryption. They'll need the capacity to decrypt (and possibly retain) all the data you ask their "AI" services to munge in some way. Green uses this conundrum to discuss Apple's solution to this: a "trusted computing" server environment.

I've been fascinated (and horrified) by Trusted Computing ever since a group of Microsoft engineers came by EFF in 2002 to explain their plans for something called "Next Generation Secure Computing Base" (AKA "Palladium") to us:

https://pluralistic.net/2020/12/05/trusting-trust/#thompsons-devil

The idea was to put a second, secure computer into every device. This "trusted platform module" (or, sometimes, "technical protection measure") would be tamper-evident and tamper-resistant, contain some factory-installed, non-modifiable cryptographic signing keys, and run an extremely limited set of programs. It would observe and record the code your computer ran, from the bootloader to the OS and on up.

Other computers elsewhere in the world could "challenge" your computer to prove that it was running an OS and programs that would behave in certain way (for example, that it would block screenshots of confidential messages). This challenge would include a long random number. Your computer's TPM would combine that number with hashes of all the other elements of your computer's operating environment – it's bootloader, OS, etc – and cryptographically sign that using its signing keys. This is then sent back to the other computer as a "remote attestation" about how your computer is configured.

Notably, it's an attestation that is outside of your own control – you can't override it or falsify it. That TPM in your computer isn't loyal to you, it doesn't take orders from you. It's a snitch that tells other people truthful things about your computer, including things you'd rather it not disclose.

Over the years, variations on this idea and its applications have popped up. TPMs aren't necessarily a second chip anymore – these days, they're more likely to be a "secure enclave" – a rectangle of logic gates on your computer's CPU that is designated as "secure" and subject to more strict testing and scrutiny than the rest of the chip. These secure enclaves are used to prevent you from installing a third-party app store on your games console or phone, and to prevent your car from being serviced by an independent mechanic.

But despite all these anti-user applications, Trusted Computing remains a fascinating subject. For example, you could use Trusted Computing to ask a remote technician to assess whether your phone had been infected with spyware, and the spyware (theoretically) couldn't hide from that helper.

This is how Apple proposes to solve the privacy/AI conundrum. Its remote AI servers are outfitted with their own TPMs, and before your phone sends them your data to be AIed, it can challenge the server to send it an attestation that proves that it is running software that will not leak or retain that data, or use it in any way other than for the task you're asking it to perform.

Apple calls this "Private Cloud Compute" and if it comes into widespread use, it'll be the first time in a quarter century that there is a major pro-user application for Trusted Computing, something the industry has touted as on the horizon since the first days of the second Gulf War.

That said, Green writes that he's "not thrilled" with Apple's privacy solution:

it still centralizes a huge amount of valuable data, and its security relies on Apple getting a bunch of complicated software and hardware security features right, rather than the mathematics of an encryption algorithm.

Nevertheless, this is way better than the approach of Apple's competitors, like Openai/Microsoft, who are just YOLOing it. Green points out that even if this works, it's only one of the many privacy issues raised by AI, notably the use of private information in AI training, which this does nothing for. He also worries that techniques like this will cause lawmakers to insist that "client-side scanning" (where your device runs a program that scans it constantly for illegal content and uploads anything suspicious to the police) can be done in a "privacy-preserving" way. It's not true, but it's easy to see how bad-faith would-be spies could spin, "There is a way to do some AI stuff in a more-private way" to "there are no privacy risks with this other AI stuff."

It's a gnarly issue, and like I say, it's one you can easily spend decades chewing on (or at least, one that I have spent decades chewing on). It's interesting how many of the fundamental tech policy questions have been with us since the start of the internet age. This week, I happened on a viral 1994 post explaining the difference between "the internet" and the promised "information superhighway":

https://www.wired.com/1994/11/q-what-is-the-information-superhighway/

It's not entirely prophetic, but it sure lands some blows that still sting, 30 years later:

It's just like the Internet, except:

* It's a lot more expensive. * You can't post, and there's no killfile. * There's no alt.sex or alt.drugs. * The new rec.humor.funny has a laugh track. * There's a commercial break every 10 minutes. * Everything is formatted to 40 columns for TVs. * The free software costs you US$2 per Mbyte to ftp, more for long distance. * There's a commercial break every 10 minutes.

It's just like cable TV, except:

* It's a lot more expensive. * The picture isn't as good. * There are 500 channels of pay-per-view and home shopping. * You can watch any episode of Gilligan's Island or any Al Gore speech for only $2. * There are no public-access channels. * There's a commercial break every 10 minutes.

It's just like renting videos, except:

* It's a lot more expensive. * There's only 1 percent of the selection. * There's no porn. * There's no pause, fast-forward, or rewind, and it costs you another $3.95 if you want to watch something twice. * There's a commercial break every 10 minutes.

It's just like the telephone, except:

* It's a lot more expensive. * There's no one to talk to. * Every number is a toll call. * There's a commercial break every 10 minutes.

(Image: Jen, CC BY 2.0, cropped)

Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/01/18/ragbag/#reading-pornhub-for-the-articles

61 notes · View notes