Originally published at: Pluralistic: 07 Oct 2020 – Pluralistic: Daily links from Cory Doctorow
Today's links
- Hackers can remotely lock IoT cock-cages: The Qiui Cellmate is a giant wontfix that requires an angle-grinder to remove.
- Congress's Big Tech trustbusting smackdown: Tech is exceptional, except when it's not.
- This day in history: 2005, 2010, 2015, 2019
- Colophon: Recent publications, upcoming appearances, current writing projects, current reading
Hackers can remotely lock IoT cock-cages (permalink)
Smart sex-toys are a terrible idea, notwithstanding the ways that they work for certain kinks (to say nothing of sex workers, who can charge for access to them during livestreams).
It's just the combining the intrinsically terrible security of IoT with the inherently sensitive nature of sex-toy use and the unavoidable risk of network interfaces for servos and motors on your junk makes this a big old nope.
Receipts:
* A networked fellatio machine
FOR PUBLIC SAFETY REASONS, THIS EMAIL HAS BEEN INTERCEPTED BY YOUR GOVERNMENT AND WILL BE RETAINED FOR FUTURE ANALYSIS
—
Cory Doctorow
doctorow@craphound.com
Blog: https://pluralistic.net
Newsletter: https://pluralistic.net/plura-list
Upcoming appearances: https://craphound.com/?page_id=4667
Books: https://craphound.com
Podcast: https://feeds.feedburner.com/doctorow_podcast
Announcements list: https://mail.flarn.com/mailman/listinfo/doctorow-l
For avoidance of doubt: This email does not constitute permission to add me to your mailing list.
READ CAREFULLY. By reading this email, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
As is the case with every email you've ever received, this email has not been scanned for all known viruses.
is vulnerable to code-injection attacks that cause it to mangle your junk
https://twitter.com/SarahJamieLewis/status/933150566347284481?ref_src=twsrc%5Etfw
- Smart dildoes tracked users' wanking habits and sold the data
https://www.vocativ.com/358530/smart-dildo-company-sued-for-tracking-users-habits/
- Smart buttplugs broadcast their presence using Bluetooth and can be detected from the sidewalk in front of your house
https://www.pentestpartners.com/security-blog/screwdriving-locating-and-exploiting-smart-adult-toys/
- Sex toy secretly records audio from your sexual activity, vendor calls it a "minor bug"
https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance
And now, the latest one: the Qiui Cellmate – a smart cock cage that lets kinksters lock up their subs' dicks in a hardened steel cage, is vulnerable to networked attacks that can freeze the lock shut, so that you need an angle-grinder to remove them.
https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/
That's the headline, but there are so many other ways you can attack a Cellmate user: steal their location, password and other PII.
Oh, also, if the company pushes an update to fix any of this, they could permanently lock up the dicks of many of their users.
Thankfully (?) there's not much risk of them fixing it. When Pen Test Partners contacted them, the company said it only had $50k on hand and couldn't afford to update the software.
So Pen Test went public, notably with Zack Whittaker from Techcrunch, who was told by Qiui CEO Jake Guo that there'd be a fix by August. No fix was released. Guo told Whittaker, "We are a basement team. When we fix it, it creates more problems."
https://techcrunch.com/2020/10/06/qiui-smart-chastity-sex-toy-security-flaw/
As Whittaker notes, many users of non-hacked Cellmates have found that they can't remove them, because the software is just that buggy.
Congress's Big Tech trustbusting smackdown (permalink)
After more than a year of investigations, House Dems have produced a 450-page report on market concentration in the tech industry, with a slate of findings that are obvious and long overdue, and a slate of recommendations that are simultaneously traditional and radical.
Start with the findings: the market is concentrated and the companies preserve their monopolistic standing with anitcompetitive tactics:
- Apple's App Store stranglehold raises prices and transfers money from creators to the company
- Google preferences its own services in search results
-
Facebook buys companies for predatory reasons, to snuff out potential future competition threats
-
Amazon rips off its sellers and engages in predatory pricing
https://www.wired.com/story/congress-unveils-plan-curb-big-tech-power/
All obvious, but it's nice to have it in the record.
Then there's the traditional AND radical remedies: blocking mergers, prohibiting the creation of vertical monopolies by entering "adjacent lines of business."
And then there's "structural separation" – the rule that banned rail companies from owning freight companies that competed with their customers and banks from owning businesses that competed with the businesses that borrowed money from them.
There's a shifting of the default in mergers: the DoJ should presume ALL mergers and acquisitions by large firms are anticompetitive and require the companies to prove otherwise.
A kind of neutrality in platforms, requiring them not to preference their own products over others. I predict this one will be the source of endless misery because it supposes that there is a "right" way to organize search results.
Weirdly, this was Google's position for a long time. If you were an early web writer and you cornered a Google exec at a party to complain about your pagerank, they'd just shrug and say, "Make the page better then."
The implication being that they were measuring objective quality of your page, like they'd invented a machine for taking pictures of the forms casting shadows on the wall of Plato's cave. It was an algorithm and algorithms are math and math is objective.
This excited the world's governments, who started to say, "Oh, hey, if this is MATH, then it's not censorship to order you to change the math.
"If we order you to keep certain things above the fold, or to downrank or banish others, that's like specifying the equations for structural steel, not like ordering the editor of the New York Times to put certain articles on the front page."
Hoist on their own petard, Google started working with eminent First Amendment scholars to advance the (correct) position that the math was in service to expression: the programmers and QA teams that wrote and tuned the algorithms were making editorial judgments.
These were indirect – in the way that, say, a newspaper proprietor might say, "We need more coverage of inflation" or "Let's call Qanon a 'cult' and not a 'conspiracy theory'" – but they were acts of human expression.
I mean, they HAD to be. Google doesn't have a webcam in Plato's cave. There is no objective, universal quality metric. And they're not choosing sites at random, either. So it has to be judgment, and judgment is expression.
All to say: "Good luck with search neutrality, Congress."
But there's more! The report calls for increased budgets for antitrust enforcement and killing forced arbitration and its bans on class action suits.
And finally, the report calls for overturning 40 years' worth of antitrust case-law, the decisions that depended on the doctrine of the Nixonite criminal Robert Bork, who became a court sorcerer to Ronald Reagan.
Bork's doctrine was that antitrust law needed objective standards and objective standards were impossible to come by in markets – you could never hope to objectively define when a company had too much marketshare or was abusing its power.
This may sound like my argument about "search neutrality" – but there's a big difference. Bork had a counsel of despair: "Because we can't identify shenanigans, we shouldn't try to prevent them."
But the pre-Borkian enforcement strategy wasn't grounded only in objective correlates of shenanigans: it was also designed to make it harder for shenanigans to occur. Pre-Bork, we fought monopolies because they were bad – they had the power to distort markets and policies.
Pre-Bork, we fought monopolies because they were monopolies. Post-Bork, we only fought monopolies if we caught them in the act, and even then, we could only win if we could prove shenanigans – and monopolists got really good at making it hard to prove them.
For example, they perfected the idea of the "market definition" defense. You hear this with Amazon, when Bezos tells Congress that Amazon isn't a monopoly because people buy stuff at Walmart.
By including "Walmart" (or every time in which goods change hands for money) in the definition of Amazon's market, Amazon can make itself out to be a bit-player.
Here's an example of a Borkean giving this line just last year: "Facebook doesn't have a monopoly because I can still make phone calls."
https://www.youtube.com/watch?v=Y_Jp-GJ9LM0
Returning to a pre-Borkean vision of antitrust enforcement is profound and would have far-reaching implications for telecoms, entertainment, pharma, accounting, logistics, energy, transport, aviation, etc.
But while all these industries got concentrated through the same methods – predatory acquisitions, mergers to monopoly, vertical monopolies – they aren't all the same. What kind of industry they are MATTERS.
Tech has two unique characteristics:
First, it is foundational. Our ability to demand better policy and to collaborate to hold policymakers to account depends on tech. We're not going to organize a global movement by wheatpasting posters on telephone poles.
And second, tech means computers, and computers are "universal" in a way other industries' products are not. Computers can interoperate with each other in ways that, say, cars or can-openers or beers cannot.
That interoperability has been the source of enormous dynamism and a check against concentration in the history of tech: what companies thought of as walled gardens that exploited "network effects" became feeding pens for new market entrants.
https://www.eff.org/deeplinks/2019/10/adversarial-interoperability
Whether that's Static Controls – a tiny Taiwanese company that refilled IBM Lexmark's toner cartridges and got to piggyback on the vast market IBM had developed, growing so large that they ACQUIRED Lexmark or…
Apple, which defeated Microsoft's office dominance by creating Iwork, reverse-engineering the Office file-formats so that Mac users didn't need to convince their colleagues to switch OSes, they could just share documents with them.
The same tech companies that rose to dominance through this Competitive Compatibility are now its worst enemies, lobbying against Right to Repair, building products around DRM, and claiming their terms of service have the force of law under CFAA.
Restoring the right of new market entrants to make stuff that plugs into the existing dominant products and services would go a LONG way to restoring dynamism to tech, to making companies' survival reliant on pleasing users, rather then dominating markets.
And while the Congressional report doesn't give interop the centrality it deserves, it DOES mention it and discuss its importance.
This day in history (permalink)
#15yrsago Bill Gates shouts at Sony CEO that his crappy DRM is less crappy https://memex.craphound.com/2005/10/07/bill-gates-shouts-at-sony-ceo-that-his-crappy-drm-is-less-crappy/
#10yrsago High-tech thrift-store book-picking with a networked barcode scanner https://memex.craphound.com/2010/10/07/high-tech-thrift-store-book-picking-with-a-networked-barcode-scanner/ https://slate.com/culture/2010/10/confessions-of-a-used-book-salesman.html
#10yrsago Meet the US copyright lawyers planning a denial-of-service attack on the US courts https://arstechnica.com/tech-policy/2010/10/us-anti-p2p-law-firms-sue-more-in-2010-than-riaa-ever-did/
#10yrsago Scott Westerfeld’s Behemoth: return to the steampunk WWI of Leviathan https://memex.craphound.com/2010/10/07/scott-westerfelds-behemoth-return-to-the-steampunk-wwi-of-leviathan/
#5yrsago HOWTO make a realistic brain-cake for your zombie parties https://www.youtube.com/watch?v=0ctE_Rf6NFg
#5yrsago Algorithmic guilt: defendants must be able to inspect source code in forensic devices https://slate.com/technology/2015/10/defendants-should-be-able-to-inspect-software-code-used-in-forensics.html
#5yrsago NYPD steal black woman banker’s BMW, commit her when she asks for it back https://web.archive.org/web/20150916234751/https://www.alternet.org/civil-liberties/shes-banker-owns-bmw-and-obama-follows-her-twitter-ny-cops-still-threw-innocent/
#1yrago America’s rotten ISPs object to encrypted DNS, argue that losing the ability to spy on your traffic puts them at a competitive disadvantage https://arstechnica.com/tech-policy/2019/09/isps-worry-a-new-chrome-feature-will-stop-them-from-spying-on-you/
#1yrago New York’s WBAI Pacifica Radio affiliate has shut down, orphaning 2600’s Off the Hook, the Hour of the Wolf, and many other beloved mainstays https://twitter.com/2600/status/1181226400122130432
#1yrago The weak spots that let journalists expose the finances of looters, organized criminals and oligarchs https://gijn.org/2019/10/07/how-to-dig-into-businesses-that-prop-up-criminal-networks/
#1yrago Hong Kong protesters deploy a brick-throwing bamboo siege engine https://twitter.com/hkfp/status/1180842014239158272
Colophon (permalink)
Today's top sources:
Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 511 words (69618 total).
Currently reading: Harrow the Ninth, Tamsyn Muir
Latest podcast: Someone Comes to Town, Someone Leaves Town (part 17) https://craphound.com/podcast/2020/10/05/someone-comes-to-town-someone-leaves-town-part-17/
Upcoming appearances:
- 3 Big Ideas To Fix the Internet, Oct 7, https://www.nycmedialab.org/upcoming-events/summit2020
-
Wired Nextfest Italia, Oct 10, https://nextfest2020-milano.wired.it/speaker/cory-doctorow/
-
The Attack Surface Lectures: 8 nights of bookstore-hosted events in which I and a massive group of entertaining and knowledgeable experts discourse on my latest novel's themes, Oct 13-22 https://read.macmillan.com/torforge/cory-doctorow-virtual-lecture-series/
Recent appearances:
- Disney's Haunted Mansion (Nelda Live)
https://www.youtube.com/watch?v=3n40LtnbAZg -
Digital Rights, Surveillance Capitalism & Interoperable Socks (MMT Podcast)
https://pileusmmt.libsyn.com/68-cory-doctorow-digital-rights-surveillance-capitalism-interoperable-socks -
If Big Tech Is Toxic, How Do We Build Something Better? (panel)
https://blog.archive.org/2020/09/24/dweb-panel-if-big-tech-is-toxic-how-do-we-build-something-better/
Latest book:
- "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59
-
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p1562/_Poesy_the_Monster_Slayer.html.
Upcoming books:
- "Attack Surface": The third Little Brother book, Oct 20, 2020. https://us.macmillan.com/books/9781250757531
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla