#data protection

Having to hand over all of your private personal information to corporations to "verify your age"

To be clear, I have no problem verifying my identity. I already did. Etsy already has a copy of my government ID and my tax ID. The problem is that now they want me to give my ID to them again, and they're using Persona for the process.

Persona was in the news recently because it's the company Discord was going to use, until all the pushback. The pushback came because Persona a) left their collected data in a publicly-viewable database and b) turned out to be collecting wayyyy more data than they said they were and passing it onto the US government (source).

Discord since went back on that. Etsy is pushing forward. I asked them, and no, there is no way to verify myself and keep selling on there without giving my data to Persona. Unlike Discord users, most sellers don't seem to care, or just accept it as "the cost of doing business". I don't. I can't believe how easily people are giving up their privacy and, yes, their personal freedoms. "They can have my data, I have nothing to hide" - the point is that nobody is entitled to your data. They are taking your data, and selling it, and getting rich off it, and you don't see a cent of that money. Why? What gives them the right? How are you okay with someone simply taking your stuff and selling it? It's yours.

(Also, you have nothing to hide until someone decides that you are hiding something because they don't like the look of you or because you said something they didn't like. Going by history, that's how that tends to work.)

Top looks in the ShopShifty store this week:

This petition only has around 5000 signatures ATM. If you're in the UK, please consider signing and emailing your MP (a representative in the UK I think) about it. If not please reblog. Tag your moots. Talk about it. This negatively impacts everyone, sets precedent for this kind of legislation to be made in your country, and is overall a huge L for cybersecurity.

Tags:

I'm on a tour with my new book, the international bestseller Enshittification: catch me next in Miami, Burbank, Lisbon! Full schedule here.

While "tech exceptionalism" can be a grave sin (as with the "move fast and break things" ethos that wrecked so much of our world, especially its labor markets), there are ways in which tech is truly exceptional, in the sense of bringing forth capabilities and affordances that have never existed before, in all of human history.

One obvious way in which tech is exceptional: its flexibility. Digital computers are "Turing-complete, universal von Neumann machines," which means that they are engines capable of computing every valid program. They are truly general purpose. We have many other general purpose machines, of course, but they are simple things, like wheels. Computers are unique in that they are both complex and universal, and every computer can run every program. Just as we don't know how to make knives that only cut in beneficial ways, we also don't know how to make computers that only run desirable programs.

Every computer can run every program, including ones that the user doesn't want (viruses), or that the manufacturer doesn't want (ad-blockers). No one knows how to make a computer that is almost Turing-complete. There's no such thing as "Turing-complete minus one." We can't make a computer that only runs the programs the manufacturer has authorized – all we can do is criminalize the act modifying your own computer to do what you tell it to, even if the manufacturer objects:

https://memex.craphound.com/2012/01/10/lockdown-the-coming-war-on-general-purpose-computing/

I've devoted a lot of my life to exploring the policy implications of this amazing fact, but that's not the only amazing, exceptional thing about technology. There's at least one other way in which modern digital technology has produced something that is genuinely, civilizationally novel: encryption.

Encryption – scrambling data so that it can only be read by its intended recipient – is an age-old project for both the authorities (who used ciphers to keep their secrets safe since the time of the Caesars) and for those who would overthrow them (revolutionary movements have always used codes to protect themselves from the authorities they sought to dethrone).

But WWII ushered in a new era, in which encryption (and attempts to break it) went digital, as Alan Turing and the codebreakers of Bletchley Park turned themselves to a computer-aided mathematics of scrambling and descrambling. In the decades that followed, a modern form of encryption emerged, one that was powerful beyond the wildest dreams of the Caesars and their revolutionary adversaries.

Modern, computerized encryption can scramble data to the point where it is literally unscramblable by an unauthorized party. In the eyeblink moment between you pressing the camera button on your phone and the resulting image being saved to its mass storage, the bits that make up that image are scrambled so thoroughly that even if every hydrogen atom in the universe were made into a computer, and even if all those computers were put to work guessing at the key, we would run out of time and universe before we ran out of keys.

Even futuristic, experimental technologies like quantum computing that may revolutionize codebreaking are also revolutionizing scrambling itself:

https://signal.org/blog/pqxdh/

The history of encryption is seriously fraught. Until the early 1990s, the NSA classed working encryption as a munition and banned civilian access to a whole branch of mathematics. It wasn't until Cindy Cohn – then a lawyer for the Electronic Frontier Foundation, now its executive director – convinced a court that the First Amendment protected the right to publish computer code, that we were all able to gain access to this essential technology, which today safeguards your messages, files, banking transactions, and the software updates for your car's brakes, your pacemaker, and the informatics on airplanes. Cohn has announced her retirement from EFF in 2026, and while she will be sorely missed, we do have her memoir, Privacy's Defender, to look forward to:

https://mitpress.mit.edu/9780262051248/privacys-defender/

The legalization of encryption was a starting gun for the internet itself, as true information security entered the picture and pervaded every part of service design. Every security crisis, every scandal (e.g. Snowden), jolted the effort to encrypt the internet forward, and in this way, much of the internet lurched into a state we can call "encrypted by default."

But even as this privacy-preserving technology was perfected and made ubiquitous, something weird and contradictory happened: mass surveillance also took off online. The ad-tech industry – and its handmaidens, the data-broker industry – rigged the game so that our private activities were only encrypted in such a way as to defend their privacy, but not ours. Our data is encrypted in transit to the servers we interact with, and when it is at rest on those servers' mass storage devices, but it is not encrypted in a way that prevents companies from data-mining it, or decrypting it and selling it on or giving it away or combining it with surveillance data purchased or traded from others.