Pluralistic: 10 Sep 2020

Originally published at: Pluralistic: 10 Sep 2020 – Pluralistic: Daily links from Cory Doctorow


Today's links



Inaudible (permalink)

Today in The Bookseller – the UK's trade magazine for the bookselling industry – I published "Inaudible," in which I unpack my reason for foregoing hundreds of thousands of dollars by refusing to allow Audible to put DRM on my audiobooks.

https://www.thebookseller.com/blogs/inaudible-1218859

DRM isn't hard to break (just google "break audible drm" if you don't believe me!) but it IS a felony to traffick in tools that break DRM. That means that the DRM that Amazon forces on creators and publishers in the name of "protecting" them does nothing of the sort.

But it does lock their works to Amazon's platform…forever.

Labor economists talk about "chickenization" in markets where there is a "monopsony" – that is, where a single seller controls access to the market.

The phrase comes from the US poultry industry, where three monopolistic companies have divided up the country so that (nominally independent) chicken farmers have only one processor who'll buy their birds.

Big Chicken uses this advantage to squeeze suppliers: chicken farmers are told what kind of coop to build, which chicks to buy, what feed to use, which medicines to dose, even when the lights go on and off.

Some farmers are unwitting subjects in experiments – Purdue might decide to test the effect of a different feeding regime and order a farmer to apply it.

When this is done, the farmer sells their birds to the monopolist, who unilaterally names a price: the monopolists use their extensive data-gathering to titrate the money-drip so farmers have just enough to continue for another year, but not enough to get ahead.

Farmers who complain – especially to regulators and lawmakers – are shut out of the market…permanently. One farmer went into the coop-maintenance business and the meat packers told suppliers that if they hired him, they'd be blackballed, too.

It's no wonder that farmers are one of the worst-off groups in the US for "deaths of despair" (suicide and overdose).

Amazon's use of DRM is a key component in its campaign to chickenize publishing, of course.

But it's not just publishers and writers who suffer here – readers get a raw deal from DRM, too.

Recall that in 2009, Amazon remotely deleted purchased copies of 1984 from readers' Kindles, due to a complaint from the Orwell estate (you can't make this up!)

In 2019, Microsoft decided to get out of the ebook business and "deactivated" every book they'd ever sold, rendering them unreadable.

Both companies offered refunds, but come on.

From my editorial: "I was a bookseller for years and once I sold you a book, it was yours. Nothing – not a claim from the useless professional descendants of a long-dead writer nor the callous indifference of tech execs in a Redmond boardroom – could compel me to come over to your house and take the books back. And if I did, it would not be okay, not even (and I can't stress this enough) if I gave you your money back."

Bookselling and books are older than DRM (hell, they're older than copyright!). Publishers, booksellers and readers have a (literally) ancient compact. The idea that tech monopolists get to wave a lawyer's pen and declare it null and void is, frankly, bullshit.

It's unacceptable. So I don't accept it. And that's why I produced my own audiobook and am selling it direct, first through the Kickstarter campaign for presales, and then through all the retailers except Audible.

Today, "Audible exclusive" means "a book you can only get on Audible." I want to sell so many audiobooks that publishers see a viable path to boycotting Audible, too, so that "Audible exclusive" means "for sale everywhere EXCEPT Audible."

I'm well on the way! My Kickstarter is about to hit the $100K mark after 48 hours. You can help me demonstrate the viability of an anti-monopoly way of doing audiobooks by backing it (and if you already have, THANK YOU!)

https://www.kickstarter.com/projects/doctorow/attack-surface-audiobook-for-the-third-little-brother-book



The rise and rise of one of NYPD's dirtiest cops (permalink)

In response to the June BLM uprising, the NY state legislature revoked Bill 50a, which shielded police misconduct records from public scrutiny.

https://pluralistic.net/2020/06/12/digital-feudalism/#hiding-in-plain-sight

A police union lawsuit blocked the publication of these long-secret records, but it came after Propublica had assembled a searchable database of those dirty secrets, and they escaped the injunction:

https://pluralistic.net/2020/07/27/ip/#nypd-who

Thanks to that fast action, we are now seeing inside the sordid, violent, corrupt world of the multibillion-dollar private paramilitary that is the NYPD.

Today, Propublica and The City jointly published the tale of Christopher McCormack , "one of the NYPD's highest-ranking officers," whose promotions came despite repeated, substantiated complaints of racist violence and abuse."

https://www.propublica.org/article/over-a-dozen-black-and-latino-men-accused-a-cop-of-humiliating-invasive-strip-searches-the-nypd-kept-promoting-him#979381

McCormack's nickname was "Red Rage." He rose through the ranks like "greased lightning." The city settled multiple lawsuits over his violent and illegal conduct. The NYPD put him in charge of a precinct.

His go-to tactic was strip searching Latinx and Black men in public: pulling down their pants and exposing their genitals, sticking his fingers in their anuses. As Matt Taibbi writes in his 2017 book "I Can't Breathe," NY cops called this "social rape."

https://boingboing.net/2017/12/15/eric-garner-rip.html

When McCormack socially raped a suspect, shoving his hand in their assholes on a public street, he was so violent that the man had to go to the hospital.

77 complaints were made against McCormack. No other high-ranking officer has so many.

A dozen of these were substantiated by the CCRB, a toothless agency that almost never substantiates civilian complaints. Only the most egregious, violent, public abuses are upheld. McCormack had 12 of 'em.

Black and Latinx officers who complained about McCormack (including one who made damning recordings of McCormack's racist rants) faced internal retaliation.

McCormack was promoted.



Georgia voter suppression, quantified (permalink)

Last October, Georgia's Secretary of State purged 313,243 citizens from the state's voter rolls. Greg Palast and ACLU of Georgia hired America's five leading address verification firms to analyze the purge, using 240 data-sources.

They found 63% of those purged were deleted in error and were being illegally deprived of their right to vote.

This analysis was done for every single name of the list, all 313k of them – not statistical sampling, but one-at-a-time verification.

https://www.acluga.org/sites/default/files/georgia_voter_roll_purge_errors_report.pdf

Tens of thousands of other citizens in the purge are also having their votes illegally suppressed – they moved addresses, but not counties, and yet their registration was cancelled in violation of the National Voter Registration Act.

One of the most significant elements of the Greg Palast Investigations Team's output is the section on "Bias" (p18), which finds that voter suppression targets voters who are younger, urban, and racialized.



Kids' smart-watches unsafe at any speed (permalink)

When it comes to the security defects in kids' smart watches: "Once is happenstance. Twice is coincidence. The third time it's enemy action." For years, these tracking-cuffs have been the locus of awful security scandals. Now it's happened again.

https://www.wired.com/story/kid-smartwatch-security-vulnerabilities/

Some background: in 2017, the Norwegian Consumer Council audited 4 brands of kids' smart watch and revealed that strangers could monitor children's movements and see where they've gone, covertly listen in on them, and steal their personal information.

The watches gathered copious amount of data and sent it, in the clear, to offshore servers. The watches incorporate cameras and the photos children take were also easily plundered by hackers.

https://fil.forbrukerradet.no/wp-content/uploads/2017/10/watchout-rapport-october-2017.pdf

A year later, Pen Test Partners audited the popular MiSafes watches for 3-12 year olds were also insecure, and could be used as covert listening and tracking devices, and even to alert attackers when a target child was nearby.

https://www.pentestpartners.com/security-blog/consumer-advice-kids-gps-tracker-watch-security/

Six months after that, Pen Test followed up to test the manufactuer's claims that they'd fixed these defects.

They hadn't.

https://www.pentestpartners.com/security-blog/gps-watch-issues-again/

After two years of this nonsense, the EU started to recall some of these watches.

https://www.zdnet.com/article/eu-orders-recall-of-childrens-smartwatch-over-severe-privacy-concerns/

But it's been a year since that happened, and guess what? The watches are still flaming garbage that you strap to your kids' wrists. Writing in Wired, Andy Greenberg reports on a Münster University of Applied Sciences paper analyzing the watches.

https://www.hb.fh-muenster.de/opus4/frontdoor/deliver/index/docId/12354/file/Saatjohann_et_al-2020-STALK.pdf

Tldr: the paper is called "STALK."

The watches could be attacked to

  • get kids' locations
  • send voice and text messages to children that appear to come from their parents
  • intercept communications between parents and children

  • as listening bugs

The manufacturers were informed of all this in April, and they didn't fix it.

It's not like these are subtle errors. The watches have no authentication, no encryption, and can be tracked with their SIMs' IMEIs.

The backend servers are vulnerable to SQL injections.

"When WIRED asked Schinzel if three years of security analyses gave him the confidence to put these smartwatches on his own children, he answered without hesitation: 'Definitely not.'"

(Image: Cryteria, CC BY, modified)



This day in history (permalink)

#15yrsago Anti-trusted-computing video https://www.lafkon.net/tc/

#15yrsago Super Mario Brothers implemented in Javascript http://janis.or.jp/users/segabito/JavaScriptMaryo.html

#5yrsago Ashley Madison's passwords were badly encrypted, 15 million+ passwords headed for the Web https://arstechnica.com/information-technology/2015/09/ashley-madison-password-crack-could-spell-trouble-across-the-internet/https://www.nytimes.com/2015/09/10/us/politics/new-justice-dept-rules-aimed-at-prosecuting-corporate-executives.html

#5yrsago Government-run egg board waged high-price, secret PSYOPS war on vegan egg-replacement https://www.theguardian.com/business/2015/sep/06/usda-american-egg-board-paid-bloggers-hampton-creek

#5yrsago Library offers Tor nodes; DHS tells them to stop https://www.propublica.org/article/library-support-anonymous-internet-browsing-effort-stops-after-dhs-email

#1yrago Why haven't cyberinsurers exerted more pressure on companies to be better at security? https://tylermoore.utulsa.edu/govins20.pdf

#1yrago Charles de Lint on Radicalized: "among my favorite things I've read so far this year" https://www.sfsite.com/fsf/2019/cdl1909.htm

#1yrago Juul gave marketing presentations to schoolchildren in the guise of "mental health/addiction" seminars https://arstechnica.com/science/2019/09/juul-gave-presentations-in-schools-to-kids-and-the-fda-is-fuming/

#1yrago Phoenix's police union has a secret deal with the department to purge dirty cops' disciplinary records https://www.azcentral.com/story/news/local/arizona-investigations/2019/08/23/phoenix-police-routinely-purges-officer-misconduct-discipline-records/1955828001/

#1yrago Everyone's investigating Google for antitrust violations…except California and Alabama https://www.businessinsider.com.au/california-and-alabama-arent-part-of-google-antitrust-investigation-2019-9

#1yrago America's life-expectancy income-gap widens precipitously https://www.washingtonpost.com/business/2019/09/09/poor-middle-class-americans-are-much-less-likely-survive-into-their-seventies-than-wealthy-federal-report-says/?noredirect=on#click=https://t.co/EafVii0BP6%22

#1yrago California to force NCAA to pay athletes https://www.nytimes.com/2019/09/09/sports/college-athlete-pay-california.html



Colophon (permalink)

Today's top sources: Boing Boing (https://boingboing.net/)

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 569 words (58897 total).

Currently reading: Gideon the Ninth, Tamsyn Muir

Latest podcast: Chapter 1 of Attack Surface, the third Little Brother novel https://craphound.com/podcast/2020/09/08/attack-surface-kickstarter-promo-excerpt/

Upcoming appearances:

Latest book:

Upcoming books:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

This topic was automatically closed after 15 days. New replies are no longer allowed.