The Googler Uprising was a string of employee actions within Google over a series of issues related to ethics and business practices, starting with the company’s AI project for US military drones, then its secretive work on a censored/surveilling search tool for use in China; then the $80m payout to Android founder Andy Rubin after he was accused of multiple sexual assaults.
Tens of thousands of Google employees participated in the uprising, including 20,000 who walked off the job in February. The activist Google employees moved from victory to victory, including the ouster of a a transphobic, racist, xenophobic ideologue who had been appointed to Google’s “AI Ethics” board.
Two key organizers, Meredith Whittaker and Claire Stapleton, publicly accused the company of targeting them for retaliation in April (to enormous internal uproar).
Now, Whittaker has resigned (on the thirteenth anniversary of her employement with Google), along with Celie O’Neil-Hart, who had been global head of trust and transparency marketing at YouTube Ads, and Google News Labs’ Erica Anderson.
In Whittaker’s farewell note to her colleagues, she calls on them to “unionize — in a way that works,” “protect conscientious objectors and whistleblowers,” “demand to know what you’re working on, and how it’s used” and “build solidarity with those beyond the company.” She says that Google’s entry into “new markets” like “healthcare, fossil fuels, city development and governance, transportation, and beyond…is gaining significant and largely unchecked power to impact our world (including in profoundly dangerous ways, such as accelerating the extraction of fossil fuels and the deployment of surveillance technology).”
Whittaker will devote her work to AI Now, the group she co-founded to build and promulgate critical, ethical frameworks for AI research. I wish her the best.
Whittaker is a friend and colleague of mine, and I volunteer on the advisory board for Simply Secure, a nonprofit she founded.
We are all going to die.
SHA 256 is an algorithm that takes a digital input of any length and returns a string of 256 bits (typically converted to 64 hexadecimal digits). It’s a one-way algorithm, which means there’s no known way to practically retrieve the input from the output. As far as anyone knows, there has never been an instance of two different inputs having the same output, which means the hash of an input is a reliable unique digital fingerprint.
In this 6-minute video, Matthew Weathers explains why SHA 256 is “useful for digital signatures, cryptography, authentication, and is a central part of the Bitcoin protocol.”
Never ever turn off your phone: rethinking security culture in the era of big data analysis.
Back in the 80′s if you were a pissed off anarchist that wanted to burn down a building, you probably checked your home for listening devices and made a plan. If you were the same kind of pissed off anarchist in the late 90′s, you turned off your phone and encrypted your online traffic. In the 2020′s we’re gonna have to change our strategies once again. Intelligence gathering has adapted and so we must adapt too.
To get a head start at this, let’s look at how big data analysis is being used. To do this, we’ll need to talk about 3 things: metadata, patterns and networks. Those sound boring and complicated but I’m not a techy and I won’t bore you with tech language, I’ll keep it as easy as I can.
Metadata: In the context of online activity, ‘content’ means ‘the message you send’ and ‘metadata’ means ‘everything other than the content’. So, for example, if you send your friend a text about lunch, the content might be “Let’s go out for lunch” and the metadata might be “Message send at 01/04/2018 11.32 from phone 0478239055 to phone 079726823 using Signal”.
This information is registered by your phone even if the app encrypts your actual message. Your metadata is very badly protected by technology and very badly protected by the law. No matter which country you are in, most of your metadata if freely available to intelligence agencies regardless of whether you are a suspect in anything.
Patterns: Whether you realize it or not, your metadata has a pattern. If you have a daily job you might have a very consistent pattern, if you do not your pattern might be more flexible but you have a pattern. If someone wanted to know the rhythm of your day, they could very easily do so because your pattern is in the metadata.
For example: Maybe you use the wifi at your favourite bar on most Sunday nights until about midnight, you wake up around 10 AM and check your Signal, you use your public transport card to get to class every Monday afternoon and you spend on average 1 hour on Tumblr twice a day. All this is part of your pattern.
Networks: You have online networks. Your facebook friends, the people in your phone adress book, the dropbox you share with coworkers, everyone who bought online tickets to the same punk band you attended, the people using the same wifi points as you. Take your networks, combine them with other people’s networks, and clusters reveal themselves. Your work community, your family, your activist scene, etc.
If you are in an anarchist community that will probably be abundantly clear from all your minor network connections like going to the same band and knowing the same people as other anarchists. Even if you never liked an anarchist facebook page or pressed ‘going’ on an anarchist facebook event, your network is hard to hide.
Now, let’s say you commit a crime,
the kind that would result in some serious research. Let’s say that on Sunday night 3 AM, you are your friends go out and burn down a nazi’s house. It’s obvious that anarchists did it but there are no other clues. You use traditional style security culture: you burn your notes, you are careful not to communicate about your plans near technology and you do not leave physical traces.
But because you commited the crime that night, your metadata will vary strongly from your usual rhythm: you stay at your usual bar until 2 AM to wait for your friends, you do not wake up at 10 AM in the morning so you do not check your Signal or Tumblr until 1 PM. You do not go to class. Your metadata pattern is very different from your usual pattern. The metadata patterns of your friends are different too. If one of you is clumsy, they might generate a super suspicious metadata signal like a phone being switched off at 2.30 AM and activated at 4AM. You wouldn’t be the first.
If I wanted to solve this crime using data analysis, what I would do is:
- let a piece of software run a pattern analysis of the local anarchist scene to generate the 300 people most connected to the anarchist scene.
- let a second piece of software analyse the metadata patterns of those 300 people over the last months and identify the biggest metadata variations around Sunday night as well as very suspicious metadata activity
- Illiminate pattern variations with an obvious cause or an obvious alibi (people who are on vacation, people who are in the hospital, people who lost their job, etc).
- Do indepth research into the ones that remain.
Which is how, out of a massive amount of people that I couldn’t possible all listen to at the same time, I could quickly identify a few to monitor closely. This is how I could find and catch you.
So, now what?
If traditional security culture doesn’t protect us as well as it used to, how do we adapt? Well, I don’t have all the answers but for a start, I’d say: know your network + know your pattern.
In the case of the crime above: leave the bar at midnight, return home and put your phone on your bedside table. Check the apps you check before going to bed and set your alarm to 10AM. Return to the bar without your phone. Commit the crime. Wake up at 10AM and check your Signal. Drag yourself to class or ask a comrade to make the trip with your travel card and do not use technology in your home while the comrade is taking your travel card to class. Stick to your pattern. Never ever turn off your phone.
You might also be able to manipulate your network but that seems much harder to do. Not having a smartphone and dropping out of all social activity online is a big commitment. Knowing your data pattern and making sure your data pattern doesn’t look out of the ordinary? Much less commitment.
Some of the old rules will still apply: don’t talk about a crime around devices with microphones, don’t brag after a succesful action, etc. Other rules, like ‘turn off your phone when planning an illegal act’ need to change because their metada looks too out of the ordinary. No one switches off their phone anymore. We look suspicious as fuck when we do.
This is just one idea on how we could update our security culture. There are probably other people with other, better ideas about updating our security culture. If we start the conversation, we may get somewhere.
Finally: we need to keep adapting.
As technology changes, more information is becoming available, including data we have very little control over. Smart-tv’s and ads in public spaces that listen to every word we say and the tone of our voice when we say it are examples. Data analysis projects are currently using license plate reading software on security footage to map the travel patterns of cars. A lot suggests they may soon be ready to do the same with face recognition, at which point the presence of our face in public space becomes part of our metadata. More information means more accurate data analysis. Our metadata may soon be too vast annd too complex to completely map and mirror. Which means we will need to adapt our counter measures if you want to hide something.
How do we keep it all under the radar? I don’t know. But let’s try to figure this shit out. These are some first thoughts about what security culture should look like in the age of modern big data analysis and I’d be very happy for any insights from comrades that have some thoughts on this.
Also: feel free to distribute and rework these words without credit.
You can work silence into patterns though. Like, say for example you go on your computer to do stuff for hours- or read stuff, or do homework. Start turning off your phone randomly. It will just look like you’re developing habits. Or heck, make your phone die in a place without a wall plug.
Also periodically go through permissions, delete apps that use voice permissions that shouldn’t, download apps to force permissions.
To be honest, I think if you turned off your phone regularily you would stick out because the only people who do that are activists. Your own pattern would be consistent but it’d be so different from the general population that it would raise eyebrows. So it is bothmore effective and less work to simply leave your phone on but make sure it is not with you when you plan and do actions.
The FBI has been known to use “blackout” periods as signs of when to try and associate criminal activity (for an actual reference, I remember they used it in the Isreal Keys murders). It’s way easier to rely on your pattern and replicate it than to try and create a blackout habit with no pattern, not to mention you’re really just opening up the potential for them to associate you with other crimes related to your other blackout patterns if you end up going that route.
cyberpunk resistance organization /
but this is FUCKING IMPORTANT
A thing to note though here is that while altering your patterns could raise suspicions, talking about potential crimes around a listening device ACTIVELY gives the pigs CONCRETE evidence. If you do organizing, they know you do organizing. Just make a habit of having phones off/away for even the most innocuous shit. When/if they eventually start being able to get convictions on suspicion alone itll be time to just fully reassess how security culture works, but for now its more important to not have concrete evidence of what youre actually saying at (whatever) than maintaining consistent data patterns.
That said, if you are going to turn your phone off to talk abt stuff TAKE THE BATTERY OUT, as microphones can be accessed remotely even when the phone is “off.” If you cant take out the battery, take the dog for a walk and leave your phone at home.
Letting your phone battery just… drain when youre out and about every now and then is probably a good precaution moving forward but honestly AVOIDING GIVING EVIDENCE is way more vital than whether you raise suspicion.
Customers at Joe Nicchi’s ice-cream truck have increasingly had the same demand: give us your ice-cream for free.
CVT Soft Serve, a popular truck in Los Angeles, has started to receive weekly requests from self-proclaimed Instagram “influencers” who promise to post a photo of Nicchi’s ice-cream – if they don’t have to pay. Nicchi has always said no, but this week he found an unusual way to profit off of the influencers: he publicly told them to go away.
Nicchi went viral after posting a sign that said “influencers pay double”, writing on Instagram that he would “never give you a free ice-cream in exchange for a post”. The image, tagged #InfluencersAreGross, spread around the globe, and now Nicchi says his business is booming, attracting fans across southern California who share his disdain of influencers.
“We’re the anti-influencer influencers,” he told the Guardian on Wednesday. “It’s weird … but I think it’s really fun. I hope it inspires small businesses to hold their own and tell people to fuck off.”
Some brands and businesses now rely on Instagram “stars” to advertise their products and services, giving away free meals and hotel stays to people who post positively about the experience. The phenomenon has become so pervasive that some Instagrammers can easily scam companies. One Instagram influencer recently staged a “surprise” wedding engagement but had actually sent an itinerary to marketers months prior. It’s so trendy to be an influencer that some people have taken to pretending their content is sponsored when it’s not.
Nicchi understands the importance of promotion. He’s a working actor in LA, who started CVT Soft Serve in 2014 as a way to supplement his income.
“This is a money-making thing. I can’t give away my ice-cream for free,” he said, noting that he had paid for his first truck with his salary from shooting a commercial.
The soft serve at CVT (which stands for his three flavor offerings: chocolate, vanilla, or twist) and his vintage-looking truck are very Instagrammable. Influencers quickly noticed. In his first year, he got a small handful of influencer offers, typically people emailing suggesting promotional deals in exchange for free ice-cream.
“They love using the word ‘exposure’. It’s so ridiculous,” he said.
But the frequency of the requests began to escalate – and became more uncomfortable as they started happening in person, said Nicchi: “The most painful thing for me is when they approach me at the truck.”
It never made sense to him: “Are you out of your mind? This is four dollars. But obviously they wouldn’t be asking if people weren’t saying yes.”
At times, the requests were particularly offensive. He said an assistant to a famous actor – a woman on a television show who he declined to name – recently asked if he would donate ice-cream to the cast and crew. In exchange, the actor offered to take a photo at his truck.
His response: “As much as I’d love to do that, I don’t think my kid’s school accepts celebrity photos as a form of tuition payment.”
The assistant responded with a nasty and vaguely threatening message, he said, along the lines of: “I should be careful with my words … This is a very small town.”
Nicchi eventually became so tired of influencers that he put up his anti-influencer sign at the truck, making clear that people who requested a free cone would get the opposite – they’d have to pay $8 instead of $4. A customer took a photo and posted it to Reddit, which then went viral.
He said he had since gotten interview requests and news coverage from across the world, and he is loving it. The number of customers doubled overnight, and he has earned thousands of new followers on Instagram.
“There’s something so redeeming about outing influencers,” he said, adding that many small businesses have written to him thanking him for speaking up. “I hope that more people do not allow likes and comments and followers to hold weight in the business. I want people to go to a restaurant because the food and service is fantastic.”
Brittany Hennessy, an author who has written about influencers, said companies with marketing budgets can benefit from working with social media personalities, and that a giveaway can pay off. But a small food truck may not a good fit, she said: “People will try and get anything for free … No real influencer would ask for a four-dollar ice-cream.”
While Nicchi is happy to promote his own business on social media, he said he didn’t want to depend on the platform. “If Instagram went away tomorrow, our truck would still survive. I don’t know that your ‘influencer’ business would.”
Nicchi offered to let the Guardian try his ice-cream, under one condition: that the reporter pay for the cone.
If you think your V is for Vendetta mask will hide your identity, think again. The Pentagon has a laser device that “can pick up on a unique cardiac signature from 200 meters away, even through clothes,” reports MIT Technology Review.
Microsoft has a DRM-locked ebook store that isn’t making enough money, so they’re shutting it down and taking away every book that every one of its customers acquired effective July 1.
Customers will receive refunds.
This puts the difference between DRM-locked media and unencumbered media into sharp contrast. I have bought a lot of MP3s over the years, thousands of them, and many of the retailers I purchased from are long gone, but I still have the MP3s. Likewise, I have bought many books from long-defunct booksellers and even defunct publishers, but I still own those books.
When I was a bookseller, nothing I could do would result in your losing the book that I sold you. If I regretted selling you a book, I didn’t get to break into your house and steal it, even if I left you a cash refund for the price you paid.
People sometimes treat me like my decision not to sell my books through Amazon’s Audible is irrational (Audible will not let writers or publisher opt to sell their books without DRM), but if you think Amazon is immune to this kind of shenanigans, you are sadly mistaken. My books matter a lot to me. I just paid $8,000 to have a container full of books shipped from a storage locker in the UK to our home in LA so I can be closer to them. The idea that the books I buy can be relegated to some kind of fucking software license is the most grotesque and awful thing I can imagine: if the publishing industry deliberately set out to destroy any sense of intrinsic, civilization-supporting value in literary works, they could not have done a better job.
If you’ve got an ereader and want to actually own your books, I heartily recommend using cailbre to scrape the DRM off and so you can backup the files.
How to use cailbre to remove DRM:
Seconding calibre as a brilliant tool for ebook management in general.
calibre is good
and it’s free and open source software!
Cailbre helped me properly access ebooks my dad bought for me ages ago whose encryption keys had been outmoded and were no longer available for my new laptop’s os! Nearly 15 of the books he’d given me I hadn’t even had a chance to read before then, but the free copy of cailbre I got online had all of the old, outdated encryption program keys!!
10/10, It’s good software!
All my ebooks have been de-DRMed and backed up. I don’t trust Amazon either
‘1) Calibre plugin neither support Kindle for PC/Mac version 1.25 (and higher version) nor Kindle firmware 5.10.2 (and higher version). Amazon uses new KFX format which causes calibre dedrm plugin unable to decrypt kindle files any more. 2) Kindle rented books are not provided to be decrypted.’
You can get round the KFX isue by getting the KFX plugin: You Can Now Strip DRM from Amazon’s Kindle KFX Format
I did it last week. You just need the latest DeDRM version
Choosing to live as far from cities as I can, as often as I can, I spend a lot of time on the cusp of sanity trying to do my online job, keep up with the news, and keep in touch with the people I care about over a cellular connection that stays attached to my carrier’s network by a thread. On rainy days, or the frequent times when the gods have had enough of my bullshit, I can’t connect at all, forcing me to put my life on hold. It’s a part of choosing to live in the country! As mad as I’ve gotten at my lousy connection speeds in the past, I don’t think I’ve ever wanted to connect to YouTube badly enough that I was willing to dig 15 miles of trenches to make it happen — but that’s exactly what the residents of a small village in Wales did.
Michaelston-y-Fedw, located between Cardiff and Newport in the United Kingdom, has a population of around 300 people. They were all putting up with shitty internet, with speeds as slow as 4Mbps. It was possible to pay for high-speed broadband service in Michaelston-y-Fedw — someone is always willing to take your money — but the infrastructure to pipe the bandwidth into the village didn’t exist. Sick of their internet connectivity being caught in the late 1990s, some of the villagers got to drinking, which led to talking and, after a bit more drinking, resulted in a plan: They’d sort the mess out themselves.
From The Guardian:
A community interest company was set up and grants secured from the Welsh government but to keep the costs to householders down it was decided that as much work as possible would be done by villagers themselves.
Local farm workers have been hired to help dig, but villagers have done much of the work, including excavating trenches from the boundaries of their properties to the external wall where the fibre enters their homes.
Thanks to the villagers’ efforts, 90% of their community will be able to enjoy broadband connection speeds of up to 1,000 Mbps by the fall.
The project is a wonderful example of how even just a few individuals getting together for a common cause can change the world for the better.
I’m building out the sort of “plan-in-a-can” that I’d mass produce for liberal non-profits, like the People’s Climate March of 2015. I know it’s a bad idea to show a fool a job half-done, but with the clock ticking, I’m throwing up what I’ve got started and hope that if it gets traction, it won’t get the inevitable stupid commentary i’ve come to expect #onhere.
Nonetheless, comments are allowed for now, so pórtense bien (behave).
Inside you’ll find:
- some background on why Google should be booted from pride and how they’re complicit in fascism
- some goals to increase pressure on Google and its partners
- what success of these goals could look like
- a link to more thorough contact info for staff and board members of SF Pride, including LinkedIns, Instagrams, personal websites, Twitters, even a more direct email
Some things I’m adding later on:
- email/message templates customized for the various contacts. it’s useless to just pop off at them without some coordinated messaging, and if some of us decide to just pop off and pop off too aggressively, they’ll start shutting down their accounts so again, be f*cking careful
- additional contacts from the board of SF Pride (they all work for private/other companies and I’d bet google/alphabet is in there somewhere)
- contacts for other SF/Bay Area orgs that are participating in pride (SF LGBT Center, for ex., has a google employee in their board)
- contacts for grand marshals and other prominent participants
Botnik Strategies, LLC is not actually an LLC, but it is committed to offering all the services of a boutique PR firm to The People… or at least those services that one committed but unpaid and otherwise unemployed volunteer could possibly provide.