I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me TORONTO on SUNDAY (Feb 23) at Another Story Books, and in NYC on WEDNESDAY (26 Feb) with JOHN HODGMAN. More tour dates here.
The commercial surveillance industry is almost totally unregulated. Data brokers, ad-tech, and everyone in between – they harvest, store, analyze, sell and rent every intimate, sensitive, potentially compromising fact about your life.
Late last year, I testified at a Consumer Finance Protection Bureau hearing about a proposed new rule to kill off data brokers, who are the lynchpin of the industry:
The other witnesses were fascinating – and chilling, There was a lawyer from the AARP who explained how data-brokers would let you target ads to categories like "seniors with dementia." Then there was someone from the Pentagon, discussing how anyone could do an ad-buy targeting "people enlisted in the armed forces who have gambling problems." Sure, I thought, and you don't even need these explicit categories: if you served an ad to "people 25-40 with Ivy League/Big Ten law or political science degrees within 5 miles of Congress," you could serve an ad with a malicious payload to every Congressional staffer.
Now, that's just the data brokers. The real action is in ad-tech, a sector dominated by two giant companies, Meta and Google. These companies claim that they are better than the unregulated data-broker cowboys at the bottom of the food-chain. They say they're responsible wielders of unregulated monopoly surveillance power. Reader, they are not.
Meta has been repeatedly caught offering ad-targeting like "depressed teenagers" (great for your next incel recruiting drive):
And Google? They just keep on getting caught with both hands in the creepy commercial surveillance cookie-jar. Today, Wired's Dell Cameron and Dhruv Mehrotra report on a way to use Google to target people with chronic illnesses, people in financial distress, and national security "decision makers":
Google doesn't offer these categories itself, they just allow data-brokers to assemble them and offer them for sale via Google. Just as it's possible to generate a target of "Congressional staffers" by using location and education data, it's possible to target people with chronic illnesses based on things like whether they regularly travel to clinics that treat HIV, asthma, chronic pain, etc.
Google claims that this violates their policies, and that they have best-of-breed technical measures to prevent this from happening, but when Wired asked how this data-broker was able to sell these audiences – including people in menopause, or with "chronic pain, fibromyalgia, psoriasis, arthritis, high cholesterol, and hypertension" – Google did not reply.
The data broker in the report also sold access to people based on which medications they took (including Ambien), people who abuse opioids or are recovering from opioid addiction, people with endocrine disorders, and "contractors with access to restricted US defense-related technologies."
It's easy to see how these categories could enable blackmail, spear-phishing, scams, malvertising, and many other crimes that threaten individuals, groups, and the nation as a whole. The US Office of Naval Intelligence has already published details of how "anonymous" people targeted by ads can be identified:
The most amazing part is how the 33,000 targeting segments came to public light: an activist just pretended to be an ad buyer, and the data-broker sent him the whole package, no questions asked. Johnny Ryan is a brilliant Irish privacy activist with the Irish Council for Civil Liberties. He created a fake data analytics website for a company that wasn't registered anywhere, then sent out a sales query to a brokerage (the brokerage isn't identified in the piece, to prevent bad actors from using it to attack targeted categories of people).
Foreign states, including China – a favorite boogeyman of the US national security establishment – can buy Google's data and target users based on Google ad-tech stack. In the past, Chinese spies have used malvertising – serving targeted ads loaded with malware – to attack their adversaries. Chinese firms spend billions every year to target ads to Americans:
Google and Meta have no meaningful checks to prevent anyone from establishing a shell company that buys and targets ads with their services, and the data-brokers that feed into those services are even less well-protected against fraud and other malicious act.
All of this is only possible because Congress has failed to act on privacy since 1988. That's the year that Congress passed the Video Privacy Protection Act, which bans video store clerks from telling the newspapers which VHS cassettes you have at home. That's also the last time Congress passed a federal consumer privacy law:
The legislative history of the VPPA is telling: it was passed after a newspaper published the leaked video-rental history of a far-right judge named Robert Bork, whom Reagan hoped to elevate to the Supreme Court. Bork failed his Senate confirmation hearings, but not because of his video rentals (he actually had pretty good taste in movies). Rather, it was because he was a Nixonite criminal and virulent loudmouth racist whose record was strewn with the most disgusting nonsense imaginable).
But the leak of Bork's video-rental history gave Congress the cold grue. His video rental history wasn't embarrassing, but it sure seemed like Congress had some stuff in its video-rental records that they didn't want voters finding out about. They beat all land-speed records in making it a crime to tell anyone what kind of movies they (and we) were watching.
And that was it. For 37 years, Congress has completely failed to pass another consumer privacy law. Which is how we got here – to this moment where you can target ads to suicidal teens, gambling addicted soldiers in Minuteman silos, grannies with Alzheimer's, and every Congressional staffer on the Hill.
Some people think the problem with mass surveillance is a kind of machine-driven, automated mind-control ray. They believe the self-aggrandizing claims of tech bros to have finally perfected the elusive mind-control ray, using big data and machine learning.
But you don't need to accept these outlandish claims – which come from Big Tech's sales literature, wherein they boast to potential advertisers that surveillance ads are devastatingly effective – to understand how and why this is harmful. If you're struggling with opioid addiction and I target an ad to you for a fake cure or rehab center, I haven't brainwashed you – I've just tricked you. We don't have to believe in mind-control to believe that targeted lies can cause unlimited harms.
And those harms are indeed grave. Stein's Law predicts that "anything that can't go on forever eventually stops." Congress's failure on privacy has put us all at risk – including Congress. It's only a matter of time until the commercial surveillance industry is responsible for a massive leak, targeted phishing campaign, or a ghastly national security incident involving Congress. Perhaps then we will get action.
In the meantime, the coalition of people whose problems can be blamed on the failure to update privacy law continues to grow. That coalition includes protesters whose identities were served up to cops, teenagers who were tracked to out-of-state abortion clinics, people of color who were discriminated against in hiring and lending, and anyone who's been harassed with deepfake porn:
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality
Anya is LIVE right now
FREE
Free to watch • No registration required • HD streaming
hi, i love your blog! how are you doing? i hope everything is well!! i was wondering if you could rec some lengthy namjin fics? thanks in advance!
Thank you, I’m doing good! Sure can:
Namjin + Long Fics
i'm meeting the real you (hidden in the storm) by cherryblossombomb (Rapper AU, One-shot, 28K, E, Namjoon’s used to rough one night stands, he’s not used to someone taking care of him)
honestly, i get really nervous when you hold my hand by ywnamjoon (Texting AU, 6 Chapters, 15K, T, Jin only confesses to Joon when he’s drunk via text)
Fanboy AU by vppa (Series of 3 Works, College AU, 12K, the rest of the boys ‘ship’ Jin and Joon, crack)
Summary: AU where your soulmate’s first words to you will be tattooed on your wrist when you meet.
Which freakin sucks, because Jungkook’s forearm will now forever read “Hey baby, if you were a booger, I’d pick you first.”
What the fuck, universe.
Info: 9k | General | Soulmates AU, Crack
*You must have an ao3 account to be able to read this fic.
Sneak Peek: “Your daddy must be a drug dealer, cause you’re dope.”
Jungkook blinks in disbelief, and in his peripherals he can see Jimin smacking his forehead with a groan. Face devoid of blood, the customer hurriedly pulls up the sleeve of his shirt and sighs in relief when he finds his skin unblemished, taking a quick glance at Taehyung before backing quickly out of the café.
“Oh my god Tae, stop it, you’re embarrassing yourself,” Jimin mutters, head in his hands.
“Pfft, he wasn’t even that cute anyway,” Taehyung retorts, nose pointed haughtily to the sky as he skulks back to the counter.
He glances at Jungkook, whose shoulders are shaking in silent laughter, and turns back to the menu before doing a double-take. His previous pout warps into a devilish smirk and he leans his elbow against the counter, chin in hand and confident gaze boring holes into his next victim, who tries to fight the blush creeping up his neck.
The cashier opens his mouth. Jeon Jungkook he is about to introduce, when -
“Hey baby, if you were a booger, I’d pick you first.”
Jungkook nearly chuckles at the ridiculousness until he sees Jimin’s jaw drop and Taehyung’s eyebrows shoot sky-high in fascination. An ominous sensation creeps up his spine.
I'm on a tour with my new book, the international bestseller Enshittification: catch me next in Miami, Burbank, Lisbon! Full schedule here.
While "tech exceptionalism" can be a grave sin (as with the "move fast and break things" ethos that wrecked so much of our world, especially its labor markets), there are ways in which tech is truly exceptional, in the sense of bringing forth capabilities and affordances that have never existed before, in all of human history.
One obvious way in which tech is exceptional: its flexibility. Digital computers are "Turing-complete, universal von Neumann machines," which means that they are engines capable of computing every valid program. They are truly general purpose. We have many other general purpose machines, of course, but they are simple things, like wheels. Computers are unique in that they are both complex and universal, and every computer can run every program. Just as we don't know how to make knives that only cut in beneficial ways, we also don't know how to make computers that only run desirable programs.
Every computer can run every program, including ones that the user doesn't want (viruses), or that the manufacturer doesn't want (ad-blockers). No one knows how to make a computer that is almost Turing-complete. There's no such thing as "Turing-complete minus one." We can't make a computer that only runs the programs the manufacturer has authorized – all we can do is criminalize the act modifying your own computer to do what you tell it to, even if the manufacturer objects:
I've devoted a lot of my life to exploring the policy implications of this amazing fact, but that's not the only amazing, exceptional thing about technology. There's at least one other way in which modern digital technology has produced something that is genuinely, civilizationally novel: encryption.
Encryption – scrambling data so that it can only be read by its intended recipient – is an age-old project for both the authorities (who used ciphers to keep their secrets safe since the time of the Caesars) and for those who would overthrow them (revolutionary movements have always used codes to protect themselves from the authorities they sought to dethrone).
But WWII ushered in a new era, in which encryption (and attempts to break it) went digital, as Alan Turing and the codebreakers of Bletchley Park turned themselves to a computer-aided mathematics of scrambling and descrambling. In the decades that followed, a modern form of encryption emerged, one that was powerful beyond the wildest dreams of the Caesars and their revolutionary adversaries.
Modern, computerized encryption can scramble data to the point where it is literally unscramblable by an unauthorized party. In the eyeblink moment between you pressing the camera button on your phone and the resulting image being saved to its mass storage, the bits that make up that image are scrambled so thoroughly that even if every hydrogen atom in the universe were made into a computer, and even if all those computers were put to work guessing at the key, we would run out of time and universe before we ran out of keys.
Even futuristic, experimental technologies like quantum computing that may revolutionize codebreaking are also revolutionizing scrambling itself:
https://signal.org/blog/pqxdh/
The history of encryption is seriously fraught. Until the early 1990s, the NSA classed working encryption as a munition and banned civilian access to a whole branch of mathematics. It wasn't until Cindy Cohn – then a lawyer for the Electronic Frontier Foundation, now its executive director – convinced a court that the First Amendment protected the right to publish computer code, that we were all able to gain access to this essential technology, which today safeguards your messages, files, banking transactions, and the software updates for your car's brakes, your pacemaker, and the informatics on airplanes. Cohn has announced her retirement from EFF in 2026, and while she will be sorely missed, we do have her memoir, Privacy's Defender, to look forward to:
The legalization of encryption was a starting gun for the internet itself, as true information security entered the picture and pervaded every part of service design. Every security crisis, every scandal (e.g. Snowden), jolted the effort to encrypt the internet forward, and in this way, much of the internet lurched into a state we can call "encrypted by default."
But even as this privacy-preserving technology was perfected and made ubiquitous, something weird and contradictory happened: mass surveillance also took off online. The ad-tech industry – and its handmaidens, the data-broker industry – rigged the game so that our private activities were only encrypted in such a way as to defend their privacy, but not ours. Our data is encrypted in transit to the servers we interact with, and when it is at rest on those servers' mass storage devices, but it is not encrypted in a way that prevents companies from data-mining it, or decrypting it and selling it on or giving it away or combining it with surveillance data purchased or traded from others.
This isn't an inevitability: it's a choice. The ubiquity of surveillance in the age of encryption is a policy choice. The reason companies don't encrypt our data so that they can't use it against us is because they don't have to. Congress hasn't updated American consumer privacy law since 1988, when they passed a law that prohibits video store clerks from disclosing our VHS rentals:
Why hasn't Congress updated our privacy rights since Die Hard was in theaters? Because American cops and spies love commercial internet surveillance. Tech companies and data brokers are a source of fine-grained, off-the-books, warrantless surveillance data that the American state is totally dependent on. There is no difference between "commercial surveillance" and "government surveillance" – they are a fused symbiote and neither could survive without the other:
Governments have hated encryption since the Clinton era, and have been attempting to subvert it since computers came in beige boxes and modems screamed in agony every time you tried to look at the internet:
It's no mystery why we don't have federal bans on facial recognition – if we did, ICE wouldn't be able to nonconsensually, warrantlessly steal your face and store it for 15 years (at least):
Why did the EU allow Ireland to facilitate mass surveillance for a decade after the GDPR's passage? Because European authorities also hate encryption and say that it is a "totally erroneous perception that it is everyone's civil liberty to communicate on encrypted messaging services":
The internet could be the most privacy-preserving communications medium in history. Instead, it has ushered in an era of nightmarish surveillance. This isn't a technology problem. It's a policy problem. Criminals spy on us online because our governments wanted to spy on us online, so they let corporations spy on us online.
Imagine what the internet would look like today if, in its early regulatory moments, our elected representatives had demanded privacy, rather than trying to ban it. Sure, some corporations would have spied on us anyway, and criminals would have done their best to compromise our privacy, but criminals and rogue firms wouldn't have been able to attract capital to engage in conduct that was likely to give rise to massive fines and criminal prosecutions for violating the privacy laws Congress never bothered to write for us.
Think of it this way: sure, there are e-commerce sites that are just scams, that take your money and never ship you goods. Those sites don't have IPOs, they're not listed on stock exchanges, and they get shut down or blocked. They exist in the shadows, not in the light. Imagine if that was the kind of commercial surveillance industry we'd gotten: marginal, shadowy, illegal, forever on the run. There would still have been some bad privacy invasions, but these would have been crimes, not Harvard Business Review case-studies:
(And before you email me about that one time Paypal closed your account and kept your money or Ebay wouldn't give you a refund, sure, that's right, those things suck, and the companies should face penalties for them, but their business model isn't stealing money from their customers; but Google and Meta and Apple's business model is 100% stealing data from their customers.)
Instead of treating data theft the way we treat monetary theft, we're now increasingly treating monetary theft like data theft. The legislative formalization of cryptocurrency will now allow companies to steal your money with the same blissful lack of consequence as Google faced for stealing your private information:
https://www.citationneeded.news/issue-89/
We're rounding the corner on a decade since the beginning of the fight against Big Tech, and the efforts to cut it down to size. These keep foundering on the political economy of crushing an all-powerful monopolist – namely, that it is all-powerful.
Breakups, taxes and fines are all forms of redistribution, which seek to address the harms of monopoly after the monopoly has been formed. The failure to make privacy protections as inviolable as financial protections is a missed opportunity for predistribution. Bans on data collection, mining, and sale would have prevented these monopolies from forming in the first place. Predistribution is far more effective than redistribution:
It's amazing to realize that the privacy-invading internet has somehow beaten the encrypted internet. It's crazy that the only entity that will promise to encrypt your data beyond the reach of a data broker, an ad-tech giant, or a government is a ransomware criminal, who will also encrypt your data beyond your reach:
It didn't have to be this way. This wasn't a technology failure. It wasn't a commercial failure. It was a policy failure. Since the 1990s, whenever push came to shove, governments decided that they would rather preserve their ability to spy on us than keep us safe from private spying.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
✓ Live Streaming✓ Interactive Chat✓ Private Shows✓ HD Quality
Anya is LIVE right now
FREE
Free to watch • No registration required • HD streaming
Relationships: Kim Seokjin/Min Yoongi/Kim Taehyung
Status: Completed
Chapters: 1/1 (3130 words)
Tags: Canonverse
Summary:
“So a little birdie told me that Jin-hyung is going to have a kiss scene in the new MV,” Taehyung sings, rocking back and forth on his toes in glee, “and I’m going to be his co-star!”
Jungkook spits out his cereal. Yoongi breaks the chopsticks in his grip. Taehyung makes kissy lips at Seokjin’s face, and Seokjin reminds himself that Taehyung is never to be trusted ever again.
