PLEASE CALL YOUR REP

TELL THEM TO SAY NO TO HR 9495

hr9495 is a bill that would destroy our only way to fight against trump and his administration. Please call your house reps. If your house rep is democrat please tell them what I said above. If theyre republican tell them that this would also affect non profits like the Salvation Army! They’re voting on hr9495 this Monday so please call within today and tomorrow. If you can’t call due to not being American or just fear please tell your American friends to call their reps.

CALL THESE REPS SPECIFICALLY CUZ THEY SAID YES TO THE BIL CONVINCE THEM TO SAY NO

Premature Internet Activists

I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me TOMORROW (Feb 14) in BOSTON for FREE at BOSKONE , and SATURDAY (Feb 15) for a virtual event with YANIS VAROUFAKIS. More tour dates here.

"Premature antifacist" was a sarcastic term used by leftists caught up in the Red Scare to describe themselves, as they came under ideological suspicion for having traveled to Spain to fight against Franco's fascists before the US entered WWII and declared war against the business-friendly, anticommunist fascist Axis powers of Italy, Spain, and, of course, Germany:

https://www.google.com/books/edition/In_Denial/fBSbKS1FlegC?hl=en&gbpv=1&bsq=%22premature+anti-fascist%22&pg=PA277&printsec=frontcover

The joke was that opposing fascism made you an enemy of America – unless you did so after the rest of America had woken up to the existential threat of a global fascist takeover. What's more, if you were a "premature antifascist," you got no credit for fighting fascism early on. Quite the contrary: fighting fascism before the rest of the US caught up with you didn't make you prescient – it made you a pariah.

I've been thinking a lot about premature antifascism these days, as literal fascists use the internet to coordinate a global authoritarian takeover that represents an existential threat to a habitable planet and human thriving. In light of that, it's hard to argue that the internet is politically irrelevant, and that fights over the regulation, governance, and structure of the internet are somehow unserious.

And yet, it wasn't very long ago that tech policy was widely derided as a frivolous pursuit, and that tech organizing was dismissed as "slacktivism":

https://www.newyorker.com/magazine/2010/10/04/small-change-malcolm-gladwell

Elevating concerns about the internet's destiny to the level of human rights struggle was delusional, a glorified argument about the rules for forums where sad nerds argued about Star Trek. If you worried that Napster-era copyright battles would make it easy to remove online content by claiming that it infringed copyright, you were just carrying water for music pirates. If you thought that legalizing and universalizing encryption technology would safeguard human rights, you were a fool who had no idea that real human rights battles involved confronting Bull Connor in the streets, not suing the NSA in a federal courtroom.

And now here we are. Congress has failed to update consumer privacy law since 1988 (when they banned video store clerks from blabbing about your VHS rentals). Mass surveillance enables everything from ransomware, pig butchering and identity theft to state surveillance of "domestic enemies," from trans people to immigrants. What's more, the commercial and state surveillance apparatus are, in fact, as single institution: states protect corporations from privacy law so that corporations can create and maintain population-scale nonconsensual dossiers on all the intimate facts of our lives, which governments raid at will, treating them as an off-the-books surveillance dragnet:

https://pluralistic.net/2023/08/16/the-second-best-time-is-now/#the-point-of-a-system-is-what-it-does

Our speech forums have been captured by billionaires who censor anti-oligarchic political speech, and who spy on dissident users in order to aid in political repression. Bogus copyright claims are used to remove or suppress disfavorable news reports of elite rapists, thieves, war criminals and murderers:

https://pluralistic.net/2024/06/27/nuke-first/#ask-questions-never

You'd be hard pressed to find someone who'd describe the fights over tech governance in 2025 as frivolous or disconnected from "real politics"

This is where the premature antifascist stuff comes in. An emerging revisionist history of internet activism would have you believe that the first generation of tech liberation activists weren't fighting for a free, open internet – we were just shilling for tech companies. The P2P wars weren't about speech, privacy and decentralization – they were just a way to help the tech sector fight the entertainment industry. DRM fights weren't about preserving your right to repair, to privacy, and to accessibility – they were just about making it easy to upload movies to Kazaa. Fighting for universal access to encryption wasn't about defending everyday people from corporate and state surveillance – it was just a way to help terrorists and child abusers stay out of sight of cops.

Of course, now these fights are all about real things. Now we need to worry about centralization, interoperability, lock-in, surveillance, speech, and repair. But the people – like me – who've been fighting over this stuff for a quarter-century? We've gone from "unserious fools who mistook tech battles for human rights fights" to "useful idiots for tech companies" in an eyeblink.

"Premature Internet Activists," in other words.

This isn't merely ironic or frustrating – it's dangerous. Approaching tech activism without a historical foundation can lead people badly astray. For example, many modern tech critics think that Section 230 of the Communications Decency Act (which makes internet users liable for illegal speech acts, while immunizing entities that host that speech) is a "giveaway to Big Tech" and want to see it abolished.

Boy is this dangerous. CDA 230 is necessary for anyone who wants to offer a place for people to meet and discuss anything. Without CDA 230, no one could safely host a Mastodon server, or set up the long-elusive federated Bluesky servers. Hell, you couldn't even host a group-chat or message board:

https://www.techdirt.com/2020/06/23/hello-youve-been-referred-here-because-youre-wrong-about-section-230-communications-decency-act/

Getting rid of CDA 230 won't get rid of Facebook or make it clean up its act. It will just make it impossible for anyone to offer an alternative to Facebook, permanently enshrining Zuck's dominance over our digital future. That's why Mark Zuckerberg wants to kill Section 230:

https://www.nbcnews.com/tech/tech-news/zuckerberg-calls-changes-techs-section-230-protections-rcna486

Defending policies that make it easier to host speech isn't the same thing as defending tech companies' profits, though these do sometimes overlap. When tech platforms have their users' back – even for self-serving reasons – they create legal precedents and strong norms that protect everyone. Like when Apple stood up to the FBI on refusing to break its encryption:

https://en.wikipedia.org/wiki/Apple%E2%80%93FBI_encryption_dispute

If Apple had caved on that one, it would be far harder for, say, Signal to stand up to demands that it weaken its privacy guarantees. I'm no fan of Apple, and I would never mistake Tim Cook – who owes his CEOhood to his role in moving Apple production to Chinese sweatshops that are so brutal they had to install suicide nets – for a human rights defender. But I cheered on Apple in its fight against the FBI, and I will cheer them again, if they stand up to the UK government's demand to break their encryption:

https://www.bbc.com/news/articles/c20g288yldko

This doesn't make me a shill for Apple. I don't care if Apple makes or loses another dime. I care about Apple's users and their privacy. That's why I criticize Apple when they compromise their users' privacy for profit:

https://pluralistic.net/2024/01/12/youre-holding-it-wrong/#if-dishwashers-were-iphones

The same goes for fights over scraping. I hate AI companies as much as anyone, but boy is it a mistake to support calls to ban scraping in the name of fighting AI:

https://pluralistic.net/2023/09/17/how-to-think-about-scraping/

It's scraping that lets us track paid political disinformation on Facebook (Facebook isn't going to tell us about it):

https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck

And it's scraping that let us rescue all the CDC and NIH data that Musk's broccoli-hair brownshirts deleted on behalf of DOGE:

https://www.cnet.com/tech/services-and-software/how-to-access-important-health-info-thats-been-scrubbed-from-the-cdc-site/

It's such a huge mistake to assume that anything corporations want is bad for the internet. There are many times when commercial interests dovetail with online human rights. That's not a defense of capitalism, it's a critique of capitalism that acknowledges that profits do sometimes coincide with the public interest, an argument that Marx and Engels devote Chapter One of The Communist Manifesto to:

https://www.nytimes.com/2022/10/31/books/review/a-spectre-haunting-china-mieville.html

In the early 1990s, Al Gore led the "National Information Infrastructure" hearings, better known as the "Information Superhighway" hearings. Gore's objective was to transfer control over the internet from the military to civilian institutions. It's true that these institutions were largely (but not exclusively) commercial entities seeking to make a buck on the internet. It's also true that much of that transfer could have been to public institutions rather than private hands.

But I've lately – and repeatedly – heard this moment described (by my fellow leftists) as the "privatization" of the internet. This is strictly true, but it's even more true to say that it was the demilitarization of the internet. In other words, corporations didn't take over functions performed by, say, the FCC – they took over from the Pentagon. Leftists have no business pining for the days when the internet was controlled by the Department of Defense.

Caring about the technological dimension of human rights 30 years ago – or hell, 40 years ago – doesn't make you a corporate stooge who wanted to launch a thousand investment bubbles. It makes you someone who understood, from the start, that digital rights are human rights, that cyberspace would inevitably evert into meatspace, and that the rules, norms and infrastructure we built for the net would someday be as consequential as any other political decision.

I'm proud to be a Premature Internet Activist. I just celebrated my 23rd year with the Electronic Frontier Foundation, and yesterday, we sued Elon Musk and DOGE:

https://www.eff.org/press/releases/eff-sues-opm-doge-and-musk-endangering-privacy-millions

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/02/13/digital-rights/#are-human-rights

Image: Felix Winkelnkemper (modified) https://commons.wikimedia.org/wiki/File:Acoustic_Coupler.jpg

CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/deed.en

I didn't feel like drawing, but I didn't feel like doing nothing either. I had this top that I never used and paint.

On December 14, James Harr, the owner of an online store called ComradeWorkwear, announced on social media that he planned to sell a deck of “Most Wanted CEO” playing cards, satirizing the infamous “Most-wanted Iraqi playing cards” introduced by the U.S. Defense Intelligence Agency in 2003. Per the ComradeWorkwear website, the Most Wanted CEO cards would offer “a critique of the capitalist machine that sacrifices people and planet for profit,” and “Unmask the oligarchs, CEOs, and profiteers who rule our world...From real estate moguls to weapons manufacturers.”  

But within a day of posting his plans for the card deck to his combined 100,000 followers on Instagram and TikTok, the New York Post ran a front page story on Harr, calling the cards “disturbing.” Less than 5 hours later, officers from the New York City Police Department came to Harr's door to interview him. They gave no indication he had done anything illegal or would receive any further scrutiny, but the next day the New York police commissioner held the New York Post story up during a press conference after announcing charges against Luigi Mangione, the alleged assassin of UnitedHealth Group CEO Brian Thompson. Shortly thereafter, platforms from TikTok to Shopify disabled both the company’s accounts and Harr’s personal accounts, simply because he used the moment to highlight what he saw as the harms that large corporations and their CEOs cause.

a very polite cat so be nice

They want to privatize the frequencies LoRa and similar technologies operate on to... do similar things to what Meshtastic, PierMesh and a ton of other projects are working to address/have already addressed but the innovation is that it's worse and the specifics of what they want to do is secondary (secondary to GPS) geolocating that would only work in the so called us.

Worth your time to read and go through the steps to limit harvesting of your data.

We must strategically focus on a relatively smaller number of carefully selected companies and products for maximum impact. Companies that play a clear and direct role in Israel’s crimes and where there is real potential for winning, as was the case with, among others, G4S, Veolia, Orange, Ben & Jerry’s and Pillsbury. Compelling huge, complicit companies, through strategic and context-sensitive boycott and divestment campaigns, to end their complicity in Israeli apartheid and war crimes against Palestinians sends a very powerful message to hundreds of other complicit companies that “your time will come, so get out before it’s too late!” Many of the prohibitively long lists going viral on social media do the exact opposite of this strategic and impactful approach. They include hundreds of companies, many without credible evidence of their connection to Israel’s regime of oppression against Palestinians, making them ineffective.

Consumer boycott targets - The BDS movement calls for a complete boycott of these brands carefully selected due to the company's proven record of complicity in Israeli apartheid. (Siemens, Puma, Carrefour, AXA, Hewlett Packard (HP), SodaStream, Ahava, RE/MAX, Israeli produce in your supermarkets)

Divestment targets - The BDS movement is pressuring governments, institutions and investment funds to exclude and divest from as many complicit companies as practical, especially weapons manufacturers, banks, and companies listed in the UN database of business involved in Israel’s illegal settlement enterprise, as well as the WhoProfits and AFSC Investigate databases of companies enabling the occupation. Below we give some of the targets we are campaigning against. (Elbit Systems, HD Hyundai/Volvo/CAT/JCB, Barclays, CAF, Chevron, HikVision, TKH Security)

Pressure (non-boycott) targets - The BDS movement actively calls for pressure campaigns against these brands and services due to their complicity in Israeli apartheid. We have not, on strategic grounds, called for a boycott of these brands and services, instead we strategically call on supporters and institutions to mount other forms of pressure on them until they end their complicity in Israeli apartheid. (Google and Amazon, Airbnb/Booking/Expedia, Disney)

Organic boycott targets - The BDS movement did not initiate these grassroots boycott campaigns but is in support of them due to these brands openly supporting Israel’s genocide against Palestinians. (McDonald's, Burger King, Papa John's, Pizza Hut, WIX, etc)

— From the BDS Movement Website, originally posted November 5th 2023 and edited for clarification November 8th 2023

Escape From Furnace if they were birds

IF YOU STILL LIKE ESCAPE FROM FURNACE PLEASE WATCH THIS VIDEO

WE HAVE LIKE 6 PPL IN THE SERVER RN WE'RE ALL COOL I PROMISE

Holy CRAP the UN Cybercrime Treaty is a nightmare

Support me this summer on the Clarion Write-A-Thon and help raise money for the Clarion Science Fiction and Fantasy Writers' Workshop!

If there's one thing I learned from all my years as an NGO delegate to UN specialized agencies, it's that UN treaties are dangerous, liable to capture by unholy alliances of authoritarian states and rapacious global capitalists.

Most of my UN work was on copyright and "paracopyright," and my track record was 2:0; I helped kill a terrible treaty (the WIPO Broadcast Treaty) and helped pass a great one (the Marrakesh Treaty on the rights of people with disabilities to access copyrighted works):

https://www.wipo.int/treaties/en/ip/marrakesh/

It's been many years since I had to shave and stuff myself into a suit and tie and go to Geneva, and I don't miss it – and thankfully, I have colleagues who do that work, better than I ever did. Yesterday, I heard from one such EFF colleague, Katitza Rodriguez, about the Cybercrime Treaty, which is about to pass, and which is, to put it mildly, terrifying:

https://www.eff.org/deeplinks/2024/07/un-cybercrime-draft-convention-dangerously-expands-state-surveillance-powers

Look, cybercrime is a real thing, from pig butchering to ransomware, and there's real, global harms that can be attributed to it. Cybercrime is transnational, making it hard for cops in any one jurisdiction to handle it. So there's a reason to think about formal international standards for fighting cybercrime.

But that's not what's in the Cybercrime Treaty.

Here's a quick sketch of the significant defects in the Cybercrime Treaty.

The treaty has an extremely loose definition of cybercrime, and that looseness is deliberate. In authoritarian states like China and Russia (whose delegations are the driving force behind this treaty), "cybercrime" has come to mean "anything the government disfavors, if you do it with a computer." "Cybercrime" can mean online criticism of the government, or professions of religious belief, or material supporting LGBTQ rights.

Nations that sign up to the Cybercrime Treaty will be obliged to help other nations fight "cybercrime" – however those nations define it. They'll be required to provide surveillance data – for example, by forcing online services within their borders to cough up their users' private data, or even to pressure employees to install back-doors in their systems for ongoing monitoring.

These obligations to aid in surveillance are mandatory, but much of the Cybercrime Treaty is optional. What's optional? The human rights safeguards. Member states "should" or "may" create standards for legality, necessity, proportionality, non-discrimination, and legitimate purpose. But even if they do, the treaty can oblige them to assist in surveillance orders that originate with other states that decided not to create these standards.

When that happens, the citizens of the affected states may never find out about it. There are eight articles in the treaty that establish obligations for indefinite secrecy regarding surveillance undertaken on behalf of other signatories. That means that your government may be asked to spy on you and the people you love, they may order employees of tech companies to backdoor your account and devices, and that fact will remain secret forever. Forget challenging these sneak-and-peek orders in court – you won't even know about them:

https://www.eff.org/deeplinks/2024/06/un-cybercrime-draft-convention-blank-check-unchecked-surveillance-abuses

Now here's the kicker: while this treaty creates broad powers to fight things governments dislike, simply by branding them "cybercrime," it actually undermines the fight against cybercrime itself. Most cybercrime involves exploiting security defects in devices and services – think of ransomware attacks – and the Cybercrime Treaty endangers the security researchers who point out these defects, creating grave criminal liability for the people we rely on to warn us when the tech vendors we rely upon have put us at risk.

This is the granddaddy of tech free speech fights. Since the paper tape days, researchers who discovered defects in critical systems have been intimidated, threatened, sued and even imprisoned for blowing the whistle. Tech giants insist that they should have a veto over who can publish true facts about the defects in their products, and dress up this demand as concern over security. "If you tell bad guys about the mistakes we made, they will exploit those bugs and harm our users. You should tell us about those bugs, sure, but only we can decide when it's the right time for our users and customers to find out about them."

When it comes to warnings about the defects in their own products, corporations have an irreconcilable conflict of interest. Time and again, we've seen corporations rationalize their way into suppressing or ignoring bug reports. Sometimes, they simply delay the warning until they've concluded a merger or secured a board vote on executive compensation.

Sometimes, they decide that a bug is really a feature – like when Facebook decided not to do anything about the fact that anyone could enumerate the full membership of any Facebook group (including, for example, members of a support group for people with cancer). This group enumeration bug was actually a part of the company's advertising targeting system, so they decided to let it stand, rather than re-engineer their surveillance advertising business.

The idea that users are safer when bugs are kept secret is called "security through obscurity" and no one believes in it – except corporate executives. As Bruce Schneier says, "Anyone can design a system that is so secure that they themselves can't break it. That doesn't mean it's secure – it just means that it's secure against people stupider than the system's designer":

The history of massive, brutal cybersecurity breaches is an unbroken string of heartbreakingly naive confidence in security through obscurity:

https://pluralistic.net/2023/02/05/battery-vampire/#drained

But despite this, the idea that some bugs should be kept secret and allowed to fester has powerful champions: a public-private partnership of corporate execs, government spy agencies and cyber-arms dealers. Agencies like the NSA and CIA have huge teams toiling away to discover defects in widely used products. These defects put the populations of their home countries in grave danger, but rather than reporting them, the spy agencies hoard these defects.

The spy agencies have an official doctrine defending this reckless practice: they call it "NOBUS," which stands for "No One But Us." As in: "No one but us is smart enough to find these bugs, so we can keep them secret and use them attack our adversaries, without worrying about those adversaries using them to attack the people we are sworn to protect."

NOBUS is empirically wrong. In the 2010s, we saw a string of leaked NSA and CIA cyberweapons. One of these, "Eternalblue" was incorporated into off-the-shelf ransomware, leading to the ransomware epidemic that rages even today. You can thank the NSA's decision to hoard – rather than disclose and patch – the Eternalblue exploit for the ransoming of cities like Baltimore, hospitals up and down the country, and an oil pipeline:

https://en.wikipedia.org/wiki/EternalBlue

The leak of these cyberweapons didn't just provide raw material for the world's cybercriminals, it also provided data for researchers. A study of CIA and NSA NOBUS defects found that there was a one-in-five chance of a bug that had been hoarded by a spy agency being independently discovered by a criminal, weaponized, and released into the wild.

Not every government has the wherewithal to staff its own defect-mining operation, but that's where the private sector steps in. Cyber-arms dealers like the NSO Group find or buy security defects in widely used products and services and turn them into products – military-grade cyberweapons that are used to attack human rights groups, opposition figures, and journalists:

https://pluralistic.net/2021/10/24/breaking-the-news/#kingdom

A good Cybercrime Treaty would recognize the perverse incentives that create the coalition to keep us from knowing which products we can trust and which ones we should avoid. It would shut down companies like the NSO Group, ban spy agencies from hoarding defects, and establish an absolute defense for security researchers who reveal true facts about defects.

Instead, the Cybercrime Treaty creates new obligations on signatories to help other countries' cops and courts silence and punish security researchers who make these true disclosures, ensuring that spies and criminals will know which products aren't safe to use, but we won't (until it's too late):

https://www.eff.org/deeplinks/2024/06/if-not-amended-states-must-reject-flawed-draft-un-cybercrime-convention

A Cybercrime Treaty is a good idea, and even this Cybercrime Treaty could be salvaged. The member-states have it in their power to accept proposed revisions that would protect human rights and security researchers, narrow the definition of "cybercrime," and mandate transparency. They could establish member states' powers to refuse illegitimate requests from other countries:

https://www.eff.org/press/releases/media-briefing-eff-partners-warn-un-member-states-are-poised-approve-dangerou

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/07/23/expanded-spying-powers/#in-russia-crime-cybers-you

Image: EFF https://www.eff.org/files/banner_library/cybercrime-2024-2b.jpg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/us/

F - as in foxtrot.

You aren't the only ghosts down here

This article gets into deep waters pretty quickly but the main takeaway is this: you're never alone and never not watched, whether you're on your computer or walking through a mall.

There are things you can do to protect yourself to a degree, but basically a surprisingly detailed analysis of who you are and what you do is only a few keystrokes away for those who know.