Pluralistic: 31 Jul 2020

Originally published at:

Today's links

I'm being inducted into the Canadian SF/F hall of fame (permalink)

I just got an email asking if I could be free on August 15 for Canvention, the annual Canadian national science fiction convention, because I am being inducted into the Canadian Science Fiction and Fantasy Association's Hall of Fame.

Needless to say, my answer was a very enthusiastic yes.

CSFFA administers Canada's Aurora Awards and the Hall of Fame, a juried prize that I am unbelievably stonked to be receiving.

This year's Canvention is

a) Online


b) Free

So if you have a hankering to see me in a deeply ferklempt state trying to express my gratitude, you can certainly do so on the 15th!

The list of previous inductees is pretty fantastic, and includes five of my most important mentors:

  • Judith Merrill
  • Lorna Toolis

  • Phyllis Gottleib

  • William Gibson

  • Spider Robinson

As well as many writers who were extraordinarily kind to me over the years, like Charles de Lint and Elizabeth Vonarburg and Tanya Huff.

It is stellar company to be in – joining some of my lifelong heroes. I could not be happier about this.

Mexico's copyright vs self-determination and national sovereignty (permalink)

I've written extensively about Mexico's new copyright law, which was copypasted straight out of the US's lawbooks without debate or consultation and is a catastrophic blow to human rights.

The law does senseless violence to the free expression rights of Mexican people, enabling both automated and deliberate censorship, as well as making it trivial to dox anyone by claiming copyright violations:

And its DRM rules are a nightmare for cybersecurity, fencing off devices that Mexicans entrust with their data and personal safety from independent security audits:

Today, I published two more articles analyzing the threats the new law poses to human rights in Mexico. The first is "Disability, Education, Repair and Health: How Mexico's Copyright Law Hurts Self-Determination in the Internet Age."

It explains how Mexico's new law will prevent people with disabilities from adapting their technology without permission from a distant manufacturer who may not care to have their products altered:

And how it undermines the Right to Repair, by allowing foreign firms to monopolize repairs and unilaterally decide when a product is "beyond repair" and must be replaced, which has major implications for agriculture and public health:

And finally, how the rules on takedown, filters and DRM interfere with education, allowing for the arbitrary removal of curricular materials from the net and prohibiting educators from bypassing digital locks to integrate works into their teaching.

Nominally, the new Mexican law protects these activities, but as I explain, these protections are a fiction – in 22 years, no one in the USA has been able to invoke them, because of all the conditions they impose.

In a second article, "Mexico's New Copyright Law Undermines Mexico's National Sovereignty, Continuing Generations of Unfair 'Fair Trade Deals' Between the USA and Latin America," I connect the new law to generations of economic colonialism.

Mexico's new copyright law didn't get rushed through Congress in a vacuum: it was passed as part of the USMCA, Donald Trump's replacement for NAFTA.

Like so many trade deal-based laws, this new system doesn't create an even footing between trade partners, but rather imposes a permanent, structural disadvantage on Mexican businesses and the Mexican people.

Under this law, Mexican firms will be bound by terms far more onerous than those of their Canadian and US counterparts, such as automated copyright filters, which cost millions to install and subject Mexicans' communications to censorship from black-box algorithms.

Mexico's new DRM laws do not contain even the minimal (wholly inadequate) safeguards in the US or Canadian systems, nor to do they have the 22 years' worth of exemptions US films can rely on.

Meanwhile, the USA is likely to abandon this law, as we are suing the US government to overturn it:

Along with the DRM rules, Mexico has brought in a harsh and unremitting "notice and takedown" system tailor-made for abuse, which will allow companies to remove warnings about product defects and dox their critics.

Mexico's Congress didn't rush this law through without public debate because they knew we'd love it and didn't want to spoil the surprise.

Like every dirty trade deal, this was heavily lobbied and passed without scrutiny because its backers knew it couldn't withstand scrutiny.

Mexico's National Commission for Human Rights has until TOMORROW to open an investigation into this law. If they do, they can overturn it. If you are in Mexico or are Mexican, here is a petition you can fill in:

Self-bricking medical device (permalink)

Adam, a reader, wrote to me to say, "My wife just bought a medical-treatment device called Exogen. It's not cheap. It purportedly uses ultrasound to promote bone healing.

"We're both skeptical about it, and all the studies that validate it were paid for by Exogen, but when you've got a persistent health problem, you don't want to leave any stones unturned, and this seems unlikely to be actively harmful."

Speaking as someone with untreatable, degenerative, chronic pain, boy do I understand where he's coming from. And here's what happened:

"Before she paid retail, we thought of buying one off eBay. Surely all the people who have used these in the past would want to unload them and recoup some of their money.

"After reading the manual, we think we know why they weren't for sale: the device bricks itself after 343 uses–which is slightly longer than the course of treatment her doctor prescribed.

"You can call the company to have it unbricked if your doctor prescribes a longer treatment."

Don't take his word for it. Read the manual.

This is pure confiscation. Remember, this isn't a product that's offered at a discount for people who opt out of reselling it – it's an expensive med-tech item sold to desperate people with serious maladies.

Imagine if you couldn't resell your car – we're heading there. Textbook monopolies have killed the used textbook market. It's part of an overall program to shift wealth from the public to corporations, and risk from corporations to us.

Apple's internal Right to Repair fight (permalink)

Someone leaked internal Apple email exchanges about Right to Repair to Ifixit; they reveal "internal debate, rife with uncertainty" – employees who have deep misgivings about dooming their work-product to become e-waste.

Of particular interest is the internal debate after Apple (surprisingly) published two excellent service manuals, which an Ifixit writer queried them on, asking if it was intentional.

An Apple spox wrote to the internal PR team: "Iit’s pretty clear things are happening in a vacuum and there is not an overall strategy…

"Plus, with one hand we are making these changes and the other is actively fighting Right to Repair legislation moving in 20 states without real coordination for how updated policies could be used to leverage our position."

It looks like the service manual release was motivated by a desire to attain EPEAT green certification. As Ifixit points out, "these manuals have been online for a year. Has any harm come from it? Have lawsuits sprung out of the woodwork? We certainly haven’t heard of any."

Apple is publishing "environmental progress reports" that stress the company's commitment to repair and say "reuse is our first choice" – entirely new messages from the company.

As Ifixit points out: "Apple has an opportunity to push—nay, lead—the entire industry in a better direction. Durable, repairable, long-lasting products could be the norm."

(Image: Jcaravanos, CC BY-SA, modified)

Challenge questions suck (permalink)

You know that thing that companies do when you set up an online account, asking you to name your favorite food and your high-school mascot as a way to recover your password later, or verify your identity if something sus is going on?

They're called "challenge questions" and they don't work.

That's the conclusion a group of Google security researchers and my EFF colleague Joseph Bonneau reached through a set of careful – and devastating – experiments.

Not only are the answers to these questions pretty easy for attackers to guess or research (your mother's maiden name is a matter of public record and your favorite food is "pizza"), but actual users really struggle to remember their answers.

Topline findings:

  • "37% admitted to providing fake answers in an attempt to make them 'harder to guess' although on aggregate this behavior had the opposite effect"
  • "40% of users were unable to recall their answers when needed."

  • "Questions that are potentially the most secure (e.g what is your firstphone number) are also the ones with the worst memorability."

  • "It appears next to impossible to find secret questions that are both secure and memorable."

I treat these questions as secondary passwords and use password generators to come up with strong, long passwords for them, managing them in a password manager (so much for memorable). Even this has an unexpected failure mode!

My small credit union's site requires you to come up with several of these questions at signup time: favorite movie, high school mascot, etc. You can answer from a list, or you can fill in our own. I did the latter, giving answers like "OWX~kMy!'(T;DkLwmBjrDs."

What I didn't know was that the challenge questions are presented as multiple choice! So here's how it looks:


[ ] BIRD
[ ] FISH
[ ] DOG
[ ] PIG
[ ] OWX~kMy!'(T;DkLwmBjrDs
[ ] CAT
[ ] FOX

So much for my high-security, hard-to-guess alternative.

This day in history (permalink)

#15yrsago Apple to add Trusted Computing to the new kernel?

#5yrsago TSA Behavioral Detection Program's awful newsletter mocks travellers' worries

#5yrsago Ex-Google diversity boss promised "UK's 1st women's history museum," built a Jack the Ripper "museum"

#5yrsago German prosecutors give spies a walk, but investigate journalists for "treason"

#1yrago Hong Kong protesters use lasers to blind security cameras

#1yrago Summing up the Democrats' debate: Colbert's scorching monologue

Colophon (permalink)

Today's top sources: Four Short Links (

Currently writing:

  • My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Yesterday's progress: 536 words (43909 total).

Currently reading: The Deficit Myth, Stephanie Kelton

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 11)

Upcoming appearances:

Latest book:

Upcoming books:

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commerically, provided that you attribute it to me, Cory Doctorow, and include a link to

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Newsletter (no ads, tracking, or data-collection):

Mastodon (no ads, tracking, or data-collection):

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

This topic was automatically closed after 15 days. New replies are no longer allowed.