goodseentumblin

Specifically, the law makes it "unlawful for a person to use or distribute a common pricing algorithm if the person coerces another person to set or adopt a recommended price or commercial term recommended by the common pricing algorithm for the same or similar products or services."

As Matt Stoller writes, this may seem like small potatoes, but it's actually a huge ideological victory, and marks a major new milestone in the long fight to slay the political ideology that welcomes oligarchy:

https://www.thebignewsletter.com/p/how-to-overturn-an-oligarchy

Stoller recounts the history of this pro-oligarch movement, and describes how it began by rejecting earlier Supreme Court decisions that banned price coercion – like when a cartel forces its members to adopt higher prices. The Chicago School – the faction of economists who took over the world in the Reagan years – rejected any kind of politics that took account of the role that power played in the economy. They insisted that if workers accepted a starvation wage, it was because they had a "revealed preference" for going hungry – and not because they needed a union to force their bosses to pay them enough to live on.

The Chicago School replaced this kind of power-centric analysis with something they called "efficiency":

If you were coerced by a dominant supplier, but an economist showed there was no loss of output, then that was just vigorous competition. Gradually, the notion that the antitrust laws protect business from economic violence fell away. The result is an economy of coercion machines, from Amazon to pharmacy benefit managers to RealPage.

The mere existence of a law – in 2025, nearly half a century into the neoliberal era – that mentions "coercion" marks a profoud shift in ideology, a recovery of the idea that we are always under threat of "a conspiracy against the public…some contrivance to raise prices."

In a way, this just proves how right Trump is: the American way of life really is under threat from the radical Marxist ideology…of Adam Smith.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/10/09/pricewars/#adam-smith-communist

Specifically, the law makes it "unlawful for a person to use or distribute a common pricing algorithm if the person coerces another person to set or adopt a recommended price or commercial term recommended by the common pricing algorithm for the same or similar products or services."

As Matt Stoller writes, this may seem like small potatoes, but it's actually a huge ideological victory, and marks a major new milestone in the long fight to slay the political ideology that welcomes oligarchy:

https://www.thebignewsletter.com/p/how-to-overturn-an-oligarchy

Stoller recounts the history of this pro-oligarch movement, and describes how it began by rejecting earlier Supreme Court decisions that banned price coercion – like when a cartel forces its members to adopt higher prices. The Chicago School – the faction of economists who took over the world in the Reagan years – rejected any kind of politics that took account of the role that power played in the economy. They insisted that if workers accepted a starvation wage, it was because they had a "revealed preference" for going hungry – and not because they needed a union to force their bosses to pay them enough to live on.

The Chicago School replaced this kind of power-centric analysis with something they called "efficiency":

If you were coerced by a dominant supplier, but an economist showed there was no loss of output, then that was just vigorous competition. Gradually, the notion that the antitrust laws protect business from economic violence fell away. The result is an economy of coercion machines, from Amazon to pharmacy benefit managers to RealPage.

The mere existence of a law – in 2025, nearly half a century into the neoliberal era – that mentions "coercion" marks a profoud shift in ideology, a recovery of the idea that we are always under threat of "a conspiracy against the public…some contrivance to raise prices."

In a way, this just proves how right Trump is: the American way of life really is under threat from the radical Marxist ideology…of Adam Smith.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/10/09/pricewars/#adam-smith-communist

Take "age verification," the latest social contagion sweeping through authoritarian governments around the world. In the name of keeping kids from seeing stuff that's not kid-friendly online (a perfectly reasonable goal), governments are demanding that tech companies somehow deduce the ages of their users and block them from seeing adult materials. Some age verification proponents claim that it's possible to verify a user's age without creating as massive privacy catastrophe that reveals the browsing habits of every internet user, of every age. These people are wrong:

https://pluralistic.net/2025/08/14/bellovin/#wont-someone-think-of-the-cryptographers

The only way to verify that a user is a child is to verify the user, which means performing extraordinarily invasive checks on every internet user, and storing the results of those checks, and, inevitable, leaking the result of those checks.

The Big Tech companies are delighted by this. Google and Meta have both offered to do a kind of digital phrenology on their users to determine their ages. After all, they spy on us so much that they can probably make a good guess about our ages. And if they guess wrong, well, no biggie, they'll just block all the edge cases and force users to provide them with even more sensitive data.

But the future-proof, federated, decentralized services can't do age verification. Oh, sure, some of the servers in these federations can verify their users' age, and they might have to, because you can always find that single throat to choke for the people running the main Mastodon and Bluesky servers. But you can use Mastodon and Bluesky without using those servers – and they can't stop you.

This is something that the Turkish dictator Recep Tayyip Erdoğan discovered last spring, whe he ordered Bluesky to block information about his political rivals. All Bluesky can do in these cases is flag some messages as "banned in Turkiye" and then turn on the "block banned in Turkiye posts" filter for Turkish accounts. Those users can just turn that filter off, or avail themselves of a third-party client that doesn't auto-subscribe them to "block banned content" filters:

https://gizmodo.com/bluesky-just-bowed-to-censorship-demands-in-turkey-but-theres-a-loophole-2000593628

That's what it means for a service to be a protocol, not a platform. It means you can't demand to speak to the manager of the protocol if you don't like how someone is using it. It means there isn't a single throat to choke:

https://knightcolumbia.org/content/protocols-not-platforms-a-technological-approach-to-free-speech

Today, the new, future-proof federated services are trying to figure out how to comply with age verification orders. Bluesky has announced that it will age verify UK users:

https://www.theverge.com/news/704468/bluesky-age-verification-uk-online-safety-act

But you don't have to interact with the Bluesky servers to use Bluesky. While Bluesky was (very) slow off the mark to enable the tooling that would allow anyone to talk to anyone else using Atproto (the underlying protocol) without Bluesky's permission, that day has arrived now. There are now Bluesky (the service) implementations that are entirely separated from the authority of Bluesky (the company), most notably Blacksky, created by and for Black social media users who lived through Musk's enshittification of Black Twitter and won't get fooled again:

https://www.techdirt.com/2025/08/27/techdirt-podcast-episode-428-blacksky-demonstrates-the-promise-of-open-social-media-protocols/

Meanwhile, Mastodon (the organization) has said that it doesn't have "the means" to comply with age verification rules in Mississippi:

https://techcrunch.com/2025/08/29/mastodon-says-it-doesnt-have-the-means-to-comply-with-age-verification-laws/

The Mastodon server operated by the Mastodon organization has a policy barring under-16s from getting an account there. But there are many, many Mastodon servers (including, you'll recall, Truth Social) and they are all technically capable of talking with one another. Even if Mastodon (the organization) implemented some kind of invasive age verification on its server, other organizations – so distant from Mississippi as to be beyond legal retribution – could sign up users of any age, at its discretion.

One wrinkle here is whether there is an "enforcement nexus" between one of these independent Mastodon or Bluesky servers and a government seeking to impose age verification or other censorship policies. If you're running one of these servers, you wanna be sure your throat is out of choking range of these governments:

https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/

The easiest way to do this is to not have any personnel or assets in territories controlled by governments seeking to impose censorship requirements. Large corporations whose investors made a bet on global domination find this tradeoff difficult to make. They want to open sales offices in every country.

But co-ops, individual tinkerers and small businesses typically don't have assets or personnel in a lot of countries or states, and avoiding the censorious ones doesn't pose much of a challenge.

The other enforcement nexus to worry about isn't enforcement against a server's operators, but rather, enforcement against its data. Territories with national firewalls (or heavily concentrated ISPs who represent a tractable number of chokeable throats) can block noncompliant servers from their users (who might or might not avail themselves of VPNs to evade thse blocks).

There aren't many national firewalls, and enumerating all the noncompliant servers in the Fediverse is a big chore for their operators (less so for all the noncompliant Atmostphere servers, because there's just not that many of those – yet). On the other hand, the mobile device duopoly of Google and Apple represent a pair of trivially chokeable throats that can be used to extinguish any app that displease a country's censors (all the more reason to make everything web-first and treat apps as unreliable adjuncts to core web functionality).

But there's one more potential chokepoint: to the extent that the Bluesky (the service) or Mastodon (the service) maintain some nexus of control over users, even users on independent servers, they could come under pressure to terminate users that displease governments. Now, Mastodon has no such control over users, and if it tried to exert that control (for example, by pressuring an independent server to terminate their users' access), they could be sued for tortious interference with contract.

Unfortunately, Bluesky has chosen to insulate itself from that hedge against being the chokeable throat that is used as a means to exerting pressure on independent servers in the Atmosphere. Bluesky's Terms of Service trap all of its users in a "binding arbitration" waiver that forces them to surrender their right to sue. That means that if Bluesky were to threaten Blacksky in a bid to force it to do age verification or engage in some other form of censorship, anyone involved with Blacksky who ever created a Bluesky account would be unable to use to courts to defend themselves:

https://pluralistic.net/2025/08/15/dogs-breakfast/#by-clicking-this-you-agree-on-behalf-of-your-employer-to-release-me-from-all-obligations-and-waivers-arising-from-any-and-all-NON-NEGOTIATED-agreements

(However, if you set up a Bluesky server without ever joining Bluesky (the service) and clicking through its ToS, you're golden.)

Of course, none of this matters to Maga – but it should. Decentralized systems with no readily chokeable throats are good for people with disfavored views, and that includes a lot of the Maga movement. Remember, Trump's agenda is incredibly unpopular:

https://navigatorresearch.org/wp-content/uploads/2025/04/Navigator-Topline-F04.07.25.pdf

Someday, Maga is going to find that their enemies have found the right throat to choke to silence them. But Maga's useful idiots just keep on stepping on this rake – these are the same self-owning fools who opposed municipal fiber and thus ensured that if just a handful of giant ISPs decided to deplatform you, you'd disappear from the internet:

https://pluralistic.net/2022/12/15/useful-idiotsuseful-idiots/#unrequited-love

Bluesky users were furious when JD Vance joined the service. Maga culture warriors were furious when Bluesky users called for his account to be terminated. Both groups are nuts. If Bluesky lives up to its promise – if it becomes an unchokeable, future-proof, decentralized social media protocol, and not merely a platform, then there's no way to kick JD Vance off Bluesky (the service). All you can do is demand that Bluesky (the server) cut off his account, whereupon he will immediately decamp to another server where he is more welcome, and still able to communicate with any Bluesky user who wants to hear from him.

Progressives should want this, because it's far more likely that Bluesky will be pressured to terminate users for failing to be insufficiently demonstrative in their anguish over the Charlie Kirk shooting than it is that Bluesky will be pressured to terminate the Vice President of the USA. But Conservatives should want this too – because if they're really worried about "deplatforming" and "Big Tech censorship," then they should be trying to create a new internet where deplatforming and Big Tech censorship are impossible – not an internet where they decide who gets deplatformed and censored.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

Tech bosses are fundamentally at war with the idea that our digital devices contain "general purpose computers." The general-purposeness of computers – the fact that they are all Turing-complete, universal von Neumann machines – has created tech bosses' fortunes, but now that these fortunes have been attained, the tech sector would like to abolish that general-purposeness; specifically, they would like to make it impossible to run programs that erode their profits or frustrate their attempts at rent-seeking.

This has been a growing trend in computing since the mid-2000s, when tech bosses realized that the "digital rights management" that the entertainment industry had fallen in love with could provide even bigger dividends for tech companies themselves.

Since the Napster era, media companies have demanded that tech platforms figure out how to limit the use and copying of media files after they were delivered to our computers. They believed that there was some practical way to make a computer that would refuse to take orders from its owner, such that you could (for example) "stream" a movie to a user without that being a "download." The truth, of course is that all streams are downloads, because the only way to cause my screen to display a video file that is on your server is for your server to send that file to my computer.

"Streaming" is a consensus hallucination, and when a company claims to be giving you a "stream" that's not a "download," they really mean that they believe that the program that's rendering the file on your screen doesn't have a "save as" button.

But of course, even if the program doesn't have a "save as" button, someone could easily make a "save as" plugin that adds that functionality to your streaming program. So "streaming" isn't just "a video playback program without a 'save as' button," it's also "a video playback program that no one can add a 'save as' button to."

At the turn of the millennium, tech companies selling this stuff hoodwinked media companies by claiming that they used technical means to prevent someone from adding the "save as" button after the fact. But tech companies knew that there was no technical means to prevent this, because computers are general purpose, and can run every program, which means that every 10-foot fence you build around a program immediately summons up an 11-foot ladder.

When a tech company says "it's impossible to change the programs and devices we ship to our users," they mean, "it's illegal to change the programs and devices we ship to our users." That's thanks to a cluster of laws we colloquially call "IP law"; a label we apply to any law that lets a firm exert control on the conduct of users, critics and competitors:

https://locusmag.com/2020/09/cory-doctorow-ip/

Law, not technology, is the true battlefield in the War on General Purpose Computing, a subject I've been raising the alarm about for decades now:

https://memex.craphound.com/2012/01/10/lockdown-the-coming-war-on-general-purpose-computing/

When I say that this is a legal fight and not a technical one, I mean that, but for the legal restrictions on reverse-engineering and "adversarial interoperability," none of these extractive tactics would be viable. Every time a company enshittified its products, it would create an opportunity for a rival to swoop in, disenshittify the enshittification, and steal your customers out from under you.

The fact that there's no technical way to enforce these restrictions means that the companies that benefit from them have to pitch their arguments to lawmakers, not customers. If you have something that works, you use it in your sales pitch, like Signal, whose actual, working security is a big part of its appeal to users.

If you have something that doesn't work, you use it in your lobbying pitch, like Apple, who justify their 30% ripoff app tax – which they can only charge because it's a felony to reverse-engineer your iPhone so you can use a different app store – by telling lawmakers that locking down their platform is essential to the security and privacy of iPhone owners:

https://pluralistic.net/2024/01/12/youre-holding-it-wrong/#if-dishwashers-were-iphones

Apple and Google have a dupology over mobile computing. Both companies use legal tactics to lock users into getting their apps from the companies' own app stores, where they take 30 cents out of every dollar you spend, and where it's against the rules to include any payment methods other than Google/Apple's own payment systems.

This is a massive racket. It lets the companies extract hundreds of billions of dollars in rents. This drives up costs for their users and drives down profits for their suppliers. It lets the duoply structure the entire mobile economy, acting as de facto market regulators. For example, the fact that Apple/Google exempt Uber and Lyft from the 30% app tax means that they – and they alone – can provide competitive ride-hailing services.

But though both companies extract the 30% app tax, they use very different mechanisms to maintain their lock on their users and on app makers. Apple uses digital locks, which lets it invoke IP law to criminalize anyone who reverse-engineers its systems and provides an easy way to install a better app store.

Google, on the other hand, uses a wide variety of contractual tactics to maintain its control, arm-twisting Android device makers and carriers into bundling its app store with every device, often with a locked bootloader that prevents users from adding new app stores after they pay for their devices.

But despite this, Google has always claimed that Android is the "open" alternative to the Apple "ecosystem," principally on the strength that you can "sideload" an app. "Sideload" is a weird euphemism that the mobile duopoly came up with; it means "installing software without our permission," which we used to just call "installing software" (because you don't need a manufacturer's permission to install software on your computer).

Now, Google has pulled a Darth Vader, changing the deal after the fact. They've announced that henceforth, you will only be able to sideload apps that come from developers who pay to be validated by Google and certified as good eggs. This has got people really angry, and justifiably so.

Last week, the repair hero Louis Rossmann posted a scorching video excoriating Google for the change:

https://www.youtube.com/watch?v=QBEKlIV_70E

In the video, Rossmann – who is now running an anti-enshittification group called Fulu – reminds us that our mobile devices aren't phones, they're computers and urges us not to use the term "sideloading," because that's conceding that there's something about the fact that this computer can fit in your pocket that means that you shouldn't be able to, you know, just install software.

Rossmann thinks that this is a cash grab, and he's right – partially. He thinks that this is a way for Google to make money from forcing developers to join its certification program.

But that's just small potatoes. The real cash grab is the hundreds of billions of dollars that Google stands to lose if we switch to third-party app stores and choke off the app tax.

That is an issue that is very much on Google's mind right now, because Google lost a brutal antitrust case brought by Epic Games, makers of Fortnite:

https://pluralistic.net/2023/12/12/im-feeling-lucky/#hugger-mugger

Epic's suit contended that Google had violated antitrust law by creating exclusivity deal with carriers and device makers that locked Android users into Google's app store, which meant that Epic had to surrender 30% of its mobile earnings to Google.

Google lost that case – badly. It turns out that judges don't like it when you deliberately destroy evidence:

https://www.legaldive.com/news/deleted-messages-google-antitrust-case-epic-games-deliberate-spoliation-donato/702306/

They say that when you find yourself in a hole, you should stop digging, but Google can't put down the shovel. After the court ordered Google to open up its app store, the company just ignored the order, which is a thing that judges hate even more than destroying evidence:

https://www.justice.gov/atr/case/epic-games-inc-v-google-llc

So it was that last month, Google found itself with just two weeks to comply with the open app store order, or else:

https://www.theverge.com/news/717440/google-epic-open-play-store-emergency-stay

Google was ordered to make it possible to install new app stores as apps, so you could go into Google Play, search for a different app store, and, with a single click, install it on your phone, and switch to getting your apps from that store, rather than Google's.

That's what's behind Google's new ban on "sideloading": this is a form of malicious compliance with the court orders stemming from its losses to Epic Games. In fact, it's not even malicious compliance – it's malicious noncompliance, a move that so obviously fails to satisfy the court order that I think it's only a matter of time until Google gets hit with fines so large that they'll actually affect Google's operations.

In the meantime, Google's story that this move is motivated by security it obviously bullshit. First of all, the argument that preventing users from installing software of their choosing is the only way to safeguard their privacy and security is bullshit when Apple uses it, and it's bullshit when Google trots it out:

https://www.eff.org/document/letter-bruce-schneier-senate-judiciary-regarding-app-store-security

But even if you stipulate that Google is doing this to keep you safe, the story falls apart. After all, Google isn't certifying apps, they're certifying developers. This implies that the company can somehow predict whether a developer will do something malicious in the future.

This is obviously wrong. Indeed, Google itself is proof that this doesn't work: the fact that a company has a "don't be evil" motto at its outset is no guarantee that it won't turn evil in the future.

There's a long track record of merchants behaving in innocuous and beneficial ways to amass reputation capital, before blitzing the people who trust them with depraved criminality. This is a well-understood problem with reputation scores, dating back to the early days of eBay, when crooked sellers invented the tactic of listing and delivering a series of low-value items in order to amass a high reputation score, only to post a bunch of high-ticket scams, like dozens laptops at $1,000 each, which are never delivered, even as the seller walks away with tens of thousands of dollars.

More recently, we've seen this in supply chain attacks on open source software, where malicious actors spend a long time serving as helpful contributors, pushing out a string of minor, high-quality patches before one day pushing a backdoor or a ransomware package into widely used code:

https://arstechnica.com/security/2025/07/open-source-repositories-are-seeing-a-rash-of-supply-chain-attacks/

So the idea that Google can improve Android's safety by certifying developers, rather than code, is obvious bullshit. No, this is just a pretext, a way to avoid complying with the court order in Epic and milking a few more billions of dollars in app taxes.

Google is no friend of the general purpose computer. They keep coming up with ways to invoke the law to punish people who install code that makes their Android devices serve their owners' interests, at the expense of Google's shareholders. It was just a couple years ago that we had to bully Google out of a plan to lock down browsers so they'd be as enshittified as apps, something Google sold as "feature parity":

https://pluralistic.net/2023/08/02/self-incrimination/

Epic Games didn't just sue Google, either. They also sued Apple – but Apple won, because it didn't destroy evidence and make the judge angry at it. But Apple didn't walk away unscathed – they were also ordered to loosen up control over their App Store, and they also failed to do so, with the effect that last spring, a federal judge threatened to imprison Apple executives:

https://pluralistic.net/2025/05/01/its-not-the-crime/#its-the-coverup

Neither Apple nor Google would exist without the modern miracle that is the general purpose computer. Both companies want to make sure no one else ever reaps the benefit of the Turing complete, universal von Neumann machine. Both companies are capable of coming up with endless narratives about how Turing completeness is incompatible with your privacy and security.

But it's Google and Apple that stand in the way of our security and privacy. Though they may sometimes protects us against externam threats, neither Google nor Apple will ever protect us from their own predatory instincts.

Click here to pre-order my next book, ENSHITTIFICATION: WHY EVERYTHING SUDDENLY GOT WORSE AND WHAT TO DO ABOUT IT

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/09/01/fulu/#i-am-altering-the-deal

Image: Ashwin Kumar (modified) https://commons.wikimedia.org/wiki/File:Samsung_Galaxy_S2_shattered_screen.jpg

I used to walk around with a hundred phone numbers in my head, now I remember two, maybe three on a good day. Which is fine! Sure, remembering those phone numbers wasn't cognitively useless. I cultivated all kinds of clever mnemonics based on the spatial relationships of the phone buttons, their alphabetical equivalents, the tones they made, and the arithmetic relationships between sequential digits, all of which constituted a kind of cognitive workout. But after the Great Telephone Number Forgettering, I retasked all that cognitive capacity to memorizing and thinking about stuff that's much less arbitrary and far more consequential than phone numbers.

Whenever we adopt a cognitive prosthesis, there's always someone who overweights the value of the old system of unassisted thinking, while ignoring the cool things we can do with the free capacity we get from replacing our fallible and scarce meat-thinkers with something reproducible and external. No one is immune to this: Socrates thought that reading would make us all stupid because we'd lose the discipline of memorizing all works of literature (ironically, we only know that Socrates thought this because Plato wrote it down):

https://wondermark.com/socrates-vs-writing/

Versions of this continue to play out. When I was a kid, there was a moral panic that pocket calculators would make us all innumerate (an argument advanced by people who know so little about mathematics that they think it's the same thing as arithmetic). Now I keep hearing about millennials who can't read an analog clock, a skill that has as much objective utility as knowing how to interpret a slide-rule or convert from Francs to Lire to Deutschemarks. Not actually useless, but entirely bound to a specific time and place and a mere historical curiosity at some later date.

So I love cognitive prostheses. As a perennially disoriented man with innately poor spatial reasoning and consequently no ability to parse a map, I fucking love living in the age of turn-by-turn GPS directions.

If you wanna know how I write 2-3 books per year, blame the cognitive prosthesis of blogging, which forces me to apply rigor to the notes I take, and rewards me with a searchable database of everything I've ever found important, while stimulating a constant mnemonic rejuggling of all those thoughts that crystallizes into an endless stream of novel synthetic insights and road-tested ways to express them:

https://pluralistic.net/2021/05/09/the-memex-method/

My blogging is self-hosted, and for good reason. An asset that important to my personal and professional life is too precious to entrust to any kind of third party service, especially in light of the collapse of discipline that prevents firms from enshittifying. Remember, the enshittifier's motto is "If your customer is too happy, you're leaving money on the table." My digital, networked online notebook makes me very happy indeed, which means that if it were under the control of an enshittotropic colony organism like Google or Apple or Microsoft or Meta, it would only be a matter of time until some dominant faction decided to see how much they could extract from me by holding it to ransom or making it worse.

It's not practical for everyone to self-host everything. I'm blessed with a lot of technical knowledge and the incredible talents and generosity of a brilliant sysadmin, the wonderful Ken Snider, who makes it all go for me. I've known Ken for 20+ years and the man is no enshittifier. But most of us don't have a Ken in our lives, and even fewer of us are Ken, and so perforce, most of us end up externalizing large parts of our brains to networked services run by companies that would enshittify you without a second thought.

Trusting these companies with so much of your life can be catastrophic, because they are manifestly too big to care, which is why you can't get a customer service rep to save your life (and why they're turning over their vestigial customer service functions to chatbots, AKA "the Idgaf Gambit").

Take the case of "Mike," a software developer whose infant son developed a UTI during the covid lockdowns. On advice from his pediatrician, Mike took a picture of his son's infected penis with his Android phone and sent it to the doctor using a secure telemedicine app, forgetting that his Android device would also automatically sync all his photos to Google's cloud. Google automatically scans all these photos, and it flagged this one as child sexual abuse material (AKA "child pornography"), which resulted in the termination of all of Mike's Google services.

In an instant, Mike lost every family photo he'd taken since his son's birth, every saved email, all of his business and tax records in his Google Drive, his phone number (he was a Google Fi subscriber), his authenticator app, and his email address itself. Google handed his search history and many other sensitive records they held on him to the San Francisco Police Department, who concluded that everything was fine. But the cops couldn't tell Mike any of this because he had no phone and no email, and, lacking these, could not recover any of his online accounts. Eventually, an SFPD detective had to ring Mike's doorbell to tell him he was cleared of any wrongdoing. Despite this, Mike never got his accounts or data back:

https://locusmag.com/2024/07/cory-doctorow-unpersoned/

This is an accidental lobotimization of your outboard brain – it's what happens when a company that's too big to care drops one of its procedures on your head and crushes it like a grape. But there is an important sense in which these companies do care: they care whether you hate them more than you value the data and connections and utility they control. They care about this because if you're too happy, they're leaving money on the table.

That's where Ardoline and Lenzo's work comes in. They both document the ways in which we turn these online services into cognitive prostheses, and then investigate how the enshittification of these services ends up making us stupider, by taking away the stuff that helps us think. They're drawing a line between platform decay and cognitive decay.

The authors look at examples like the enshittification of Google Search, a product that Google has deliberately and irretrievably enshittified:

https://pluralistic.net/2024/04/24/naming-names/#prabhakar-raghavan

The web is a giant cognitive prosthesis, and early web tools put a lot of emphasis on things like bookmark management and local caching, so that the knowledge and cognition you externalized to the web were under your control. But Google Search was so goddamned magic – before they cynically destroyed it – that a lot of us switched from "not remembering things because you have a bookmark that takes you to a website that remembers it for you" to "not remembering things and not remembering where to find them, and just typing queries into Google." The collapse of Google into a giant pile of shit is like giving every web user a traumatic brain injury.

It's a good paper, but I think the situation is actually more dire than the paper makes it out to be, thanks to the AI bubble –

Wait! I'm not actually going to talk about what AI can do (which is a combination of a small set of boring useful things, a bunch of novelties, and a long list of things that AI can't do but is being used to do anyway). I'm talking about the financial fraud that AI serves.

Tech companies must be perceived as growing, because when a company is growing, it is valued far more highly than a company is once it has "matured." This is called the "price to earnings ratio" – the number of dollars investors are willing to pay for the company compared to the number of dollars a company is bringing in. So long as a company is growing, the PE ratio is very high, and this helps the company to actually grow. That's because the shares in growing companies are highly liquid, and can be traded for equity in other companies and/or the labor of key employees, meaning that growth companies can almost always outbid their mature counterparts when it comes to expanding through acquisition and hiring. That means that while a company is growing, its PE ratio can help it keep growing.

But here's the corollary: when a growth company stops growing, its shares are suddenly and violently revalued as though they were shares in a mature company, which tanks the personal net worth of the company's top managers and key employees (whose portfolios are stuffed with their employer's now-plummeting stock). Worse: in order to retain those employees and hire more (or to acquire key companies), the no-longer-growing company has to pay with cash, which is much harder to get than its own shares. Even worse: they have to bid against growing companies.

A growth company is like an airplane that has two modes: climbing and nose-diving, and while it's easy to go from climbing to crashing, it's much harder to go the other way. Ironically, the moment at which a company's growth is most likely to stall is right after its greatest triumph: after a company conquers its market, it has nowhere else to go. Google's got a 90% Search market-share – how can it possibly grow Search?

It can't (just like Meta can't really grow social, and Microsoft can't grow office suites, etc), so it has to convince Wall Street that it has a shot at conquering some other market that the street perceives as unimaginably vast and thus capable of keeping the growth engine going. Tech has pulled a lot of sweaty tricks to create this impression, inflating bubbles like "pivot to video" and "metaverse" and "cryptocurrency," and now it's AI.

The problem is that AI just isn't very popular. People go out of their way to avoid AI products:

https://www.tandfonline.com/doi/full/10.1080/19368623.2024.2368040

For an AI-driven growth story to work, tech companies have to produce a stream of charts depicting lines that go up and to the right, reflecting some carefully chosen set of metrics demonstrating AI's increasing popularity. One way to produce these increasing trend-lines on demand is to replace all the most commonly used parts of a service that you love and rely on with buttons that summon an AI. This is the "fatfinger AI economy," a set of trendlines produced by bombarding people who graze their screens with a stray fingertip with a bunch of AI bullshit, so you can claim that your users are "engaging" with AI:

https://pluralistic.net/2025/05/02/kpis-off/#principal-agentic-ai-problem

It's a form of "twiddling" – changing how a service works on a per-user, per-interaction basis in order to shift value from the user to the company:

https://pluralistic.net/2023/02/19/twiddler/

Twiddling represents the big cognitive hazard from enshittification during the AI bubble: the parts of your UI that matter most to you are the parts that you use as vital cognitive prostheses. A product team whose KPI is "get users to tap on an AI button" is going to use the fine-grained data they have on your technological activities to preferentially target these UI elements that you rely on with AI boobytraps. You are too happy, so they are leaving money on the table, and they're coming for it.

This is a form of "attention rent": the companies are taxing your muscle-memory, forcing you to produce deceptive usage statistics at the price of either diverting your cognition from completing a task to hunt around for the button that banishes the AI and lets you get back to what you were doing; or to simply abandon that cognitive prosthesis:

https://pluralistic.net/2023/11/03/subprime-attention-rent-crisis/#euthanize-rentiers

It's true "engagement-hacking": not performing acts of dopamine manipulation; but rather, spying on your habitual usage of a digital tool in order to swap buttons around in order to get you to make a number go up. It's exploiting the fact that you engage with something useful and good to make it less useful and worse, because if you're too happy, some enshittifier is leaving money on the table.

Support me this summer in the Clarion Write-A-Thon and help raise money for the Clarion Science Fiction and Fantasy Writers' Workshop! This summer, I'm writing The Reverse-Centaur's Guide to AI, a short book for Farrar, Straus and Giroux that explains how to be an effective AI critic.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/07/28/twiddlehazard/#outboard-brains-considered-harmful

Image: Stephen Drake (modified) https://commons.wikimedia.org/wiki/File:Analog_Test_Array_modular_synth_by_sduck409.jpg

Or Venmo, which, by default, lets anyone see what payments you've sent and received (researchers have a field day just filtering the Venmo firehose for emojis associated with drug buys like "pills" and "little trees"):

https://www.nytimes.com/2023/08/09/technology/personaltech/venmo-privacy-oversharing.html

Then there was the time that Etsy decided that it would publish a feed of everything you bought, never once considering that maybe the users buying gigantic handmade dildos shaped like lovecraftian tentacles might not want to advertise their purchase history:

https://arstechnica.com/information-technology/2011/03/etsy-users-irked-after-buyers-purchases-exposed-to-the-world/

But the most persistent, egregious and consequential sinner here is Facebook (naturally). In 2007, Facebook opted its 20,000,000 users into a new system called "Beacon" that published a public feed of every page you looked at on sites that partnered with Facebook:

https://en.wikipedia.org/wiki/Facebook_Beacon

Facebook didn't just publish this – they also lied about it. Then they admitted it and promised to stop, but that was also a lie. They ended up paying $9.5m to settle a lawsuit brought by some of their users, and created a "Digital Trust Foundation" which they funded with another $6.5m. Mark Zuckerberg published a solemn apology and promised that he'd learned his lesson.

Apparently, Zuck is a slow learner.

Depending on which "submit" button you click, Meta's AI chatbot publishes a feed of all the prompts you feed it:

https://techcrunch.com/2025/06/12/the-meta-ai-app-is-a-privacy-disaster/

Users are clearly hitting this button without understanding that this means that their intimate, compromising queries are being published in a public feed. Techcrunch's Amanda Silberling trawled the feed and found:

"An audio recording of a man in a Southern accent asking, 'Hey, Meta, why do some farts stink more than other farts?'"

"people ask[ing] for help with tax evasion"

"[whether family members would be arrested for their proximity to white-collar crimes"

"how to write a character reference letter for an employee facing legal troubles, with that person’s first and last name included."

While the security researcher Rachel Tobac found "people’s home addresses and sensitive court details, among other private information":

https://twitter.com/racheltobac/status/1933006223109959820

There's no warning about the privacy settings for your AI prompts, and if you use Meta's AI to log in to Meta services like Instagram, it publishes your Instagram search queries as well, including "big booty women."

As Silberling writes, the only saving grace here is that almost no one is using Meta's AI app. The company has only racked up a paltry 6.5m downloads, across its ~3 billion users, after spending tens of billions of dollars developing the app and its underlying technology.

The AI bubble is overdue for a pop:

https://www.wheresyoured.at/measures/

When it does, it will leave behind some kind of residue – cheaper, spin-out, standalone models that will perform many useful functions:

https://locusmag.com/2023/12/commentary-cory-doctorow-what-kind-of-bubble-is-ai/

Those standalone models were released as toys by the companies pumping tens of billions into the unsustainable "foundation models," who bet that – despite the worst unit economics of any technology in living memory – these tools would someday become economically viable, capturing a winner-take-all market with trillions of upside. That bet remains a longshot, but the littler "toy" models are beating everyone's expectations by wide margins, with no end in sight:

https://www.nature.com/articles/d41586-025-00259-0

I can easily believe that one enduring use-case for chatbots is as a kind of enhanced diary-cum-therapist. Journalling is a well-regarded therapeutic tactic:

https://www.charliehealth.com/post/cbt-journaling

And the invention of chatbots was instantly followed by ardent fans who found that the benefits of writing out their thoughts were magnified by even primitive responses:

https://en.wikipedia.org/wiki/ELIZA_effect

Which shouldn't surprise us. After all, divination tools, from the I Ching to tarot to Brian Eno and Peter Schmidt's Oblique Strategies deck have been with us for thousands of years: even random responses can make us better thinkers:

https://en.wikipedia.org/wiki/Oblique_Strategies

I make daily, extensive use of my own weird form of random divination:

https://pluralistic.net/2022/07/31/divination/

The use of chatbots as therapists is not without its risks. Chatbots can – and do – lead vulnerable people into extensive, dangerous, delusional, life-destroying ratholes:

https://www.rollingstone.com/culture/culture-features/ai-spiritual-delusions-destroying-human-relationships-1235330175/

But that's a (disturbing and tragic) minority. A journal that responds to your thoughts with bland, probing prompts would doubtless help many people with their own private reflections. The keyword here, though, is private. Zuckerberg's insatiable, all-annihilating drive to expose our private activities as an attention-harvesting spectacle is poisoning the well, and he's far from alone. The entire AI chatbot sector is so surveillance-crazed that anyone who uses an AI chatbot as a therapist needs their head examined:

https://pluralistic.net/2025/04/01/doctor-robo-blabbermouth/#fool-me-once-etc-etc

AI bosses are the latest and worst offenders in a long and bloody lineage of privacy-hating tech bros. No one should ever, ever, ever trust them with any private or sensitive information. Take Sam Altman, a man whose products routinely barf up the most ghastly privacy invasions imaginable, a completely foreseeable consequence of his totally indiscriminate scraping for training data.

Altman has proposed that conversations with chatbots should be protected with a new kind of "privilege" akin to attorney-client privilege and related forms, such as doctor-patient and confessor-penitent privilege:

https://venturebeat.com/ai/sam-altman-calls-for-ai-privilege-as-openai-clarifies-court-order-to-retain-temporary-and-deleted-chatgpt-sessions/

I'm all for adding new privacy protections for the things we key or speak into information-retrieval services of all types. But Altman is (deliberately) omitting a key aspect of all forms of privilege: they immediately vanish the instant a third party is brought into the conversation. The things you tell your lawyer are priviiliged, unless you discuss them with anyone else, in which case, the privilege disappears.

And of course, all of Altman's products harvest all of our information. Altman is the untrusted third party in every conversation everyone has with one of his chatbots. He is the eternal Carol, forever eavesdropping on Alice and Bob:

https://en.wikipedia.org/wiki/Alice_and_Bob

Altman isn't proposing that chatbots acquire a privilege, in other words – he's proposing that he should acquire this privilege. That he (and he alone) should be able to mine your queries for new training data and other surveillance bounties.

This is like when Zuckerberg directed his lawyers to destroy NYU's "Ad Observer" project, which scraped Facebook to track the spread of paid political misinformation. Zuckerberg denied that this was being done to evade accountability, insisting (with a miraculously straight face) that it was in service to protecting Facebook users' (nonexistent) privacy:

https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck

We get it, Sam and Zuck – you love privacy.

We just wish you'd share.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog: