Everything In Between

If your project so much as pretends to have a profit motive, I will tell you to go fuck yourself and your project.

Archive for the ‘Business & E-Commerce’ Category

‘Being homeless is better than working for Amazon’

leave a comment

This is an extremely familiar story. For those of you who have been following me for a while and think I’m unique. Look at this. I’m not. We are living without jobs. You can do it, too. And if enough of us opt out of employment, we will finally, FINALLY, have a chance of ending the slavery on which capitalism still relies.

Some choice excerpts to which I can relate personally, bolded for emphasis, but Nichole Gracely’s full piece is worth a read:

I am homeless. My worst days now are better than my best days working at Amazon.

[…]

Superb performance did not guarantee job security. ISS is the temp agency that provides warehouse labor for Amazon and they are at the center of the SCOTUS case Integrity Staffing Solutions vs. Busk. ISS could simply deactivate a worker’s badge and they would suddenly be out of work. They treated us like beggars because we needed their jobs. Even worse, more than two years later, all I see is: Jeff Bezos is hiring.

I have never felt more alone than when I was working there. I worked in isolation and lived under constant surveillance. Amazon could mandate overtime and I would have to comply with any schedule change they deemed necessary, and if there was not any work, they would send us home early without pay. I started to fall behind on my bills.

At some point, I lost all fear. I had already been through hell. I protested Amazon. The gag order was lifted and I was free to speak. I spent my last days in a lovely apartment constructing arguments on discussion boards, writing articles and talking to reporters. That was 2012 and Amazon’s labor and business practices were only beginning to fall under scrutiny. I walked away from Amazon’s warehouse and didn’t have any other source of income lined up.

I cashed in on my excellent credit, took out cards, and used them to pay rent and buy food because it would be six months before I could receive my first unemployment compensation check.

I received $200 a week for the following six months and I haven’t had any source of regular income since those benefits lapsed. I sold everything in my apartment and left Pennsylvania as fast as I could. I didn’t know how to ask for help. I didn’t even know that I qualified for food stamps.

I furthered my Amazon protest while homeless in Seattle. When the Hachette dispute flared up, I “flew a sign,” street parlance for panhandling with a piece of cardboard: “I was an order picker at amazon.com. Earned degrees. Been published. Now, I’m homeless, writing and doing this. Anything helps.”

I have made more money per word with my signs than I will probably ever earn writing, and I make more money per hour than I will probably ever be paid for my work. People give me money and offer well wishes and I walk away with a restored faith in humanity.

[…]

I couldn’t afford to be working poor and now I’m chronically homeless. My homelessness isn’t really a mystery. I simply could not afford to keep a roof over my head and asking my family was not an option. I’ve met other intelligent, hard-working homeless people. Many put in years of service before becoming disabled and summarily tossed outside without any money. We’re expected to be dumb. We didn’t choose homelessness.

[…]

I did not simply perish when I lost all sources of income and could no longer afford to pay the bills. A survival instinct that I didn’t even know I possessed manifested itself. I learned to live without money and without a home. I worked at REI in Eugene, Oregon back in 2002 and I know how to live outside. I refuse to live within oppressive walls. I stopped worrying myself with terrifying numbers. They aren’t even real any more.

[…]

I’ve camped and protested for the right to construct modern-day Hoovervilles. I slept on cardboard and concrete throughout Seattle’s rainiest March on record. Camped on DOT land off Interstates. Rubber tramped then leather tramped, carrying sleeping bag, tarp, and a change of clothes, not knowing where I was going to sleep for the night, hiding so I could get some rest.

My wallet does not contain a single bill. I need glasses. I need winter clothes. I need cash and an opportunity. Anything! I’ve applied for jobs, both professional and with physical labor. Taken my MA off my resume so I don’t look overqualified. I’ve tried everything. Maybe it’s because I protested Amazon; maybe it’s because my credit is wrecked. Maybe it’s because I used homeless services as addresses. Maybe it’s because there really aren’t many jobs available.

The homeless and cash-starved are merely kept alive while nothing changes. In actuality, austerity measures are felt on the ground and essential social services are woefully inadequate. We’ve woken up outside on most days and often walked miles before breakfast with a pack on my back.

[…]

My heart has expanded and I have learned that the American people are much better than our political and economic systems. I have been the recipient, and giver, of acts of kindness that I never before knew were possible.

Anyone who bemoans the weakening of Americans should look at the hardy homeless. It takes tremendous strength to get through a day. I’m stronger, healthier and happier than ever. There’s more respect for a homeless woman out on the streets than there is in a warehouse for Amazon workers.

For those of you not already familiar with my own story, here are some of my blog posts about it, both personal and political:

TL;DR: This is a brilliantly written and extremely hard-hitting personal account of employer abuses. The only problem with Nichole Gracely’s article is that she ultimately advocates employment. Unfortunately, employment is itself a form of abuse.

Written by Meitar

December 1st, 2014 at 1:32 pm

Your Consent Is Not Being Violated By Accident

leave a comment

unquietpirate:

When you start looking for examples of nonconsensual culture in technology, you find them absolutely everywhere.

- Deb Chachra, Age of Non-Consent

About a month ago, someone sent me this lovely rant and asked me to publish it anonymously. I’ve been sitting on it mostly because I got wrapped up in other things. But I was reminded of it tonight when I read Deb Chachra’s “Age of Non-Consent” and Betsy Haibel’s “The Fantasy and Abuse of the Manipulable User”.

Both of the above pieces draw links between rape culture and issues of consent in software design. I recommend them both, particularly the Haibel piece, for incisive and disturbing analysis of the details of how the Stacks intentionally build software to violate their users’ consent — and what a major problem this is given technology’s influence on culture as a whole.

This coercion is picked up on and amplified by the platforms themselves – when someone I know tried to delete his Facebook account, it tried to guilt him out of it by showing him a picture of his mother and asking him if he really wanted to make it harder to stay in touch with her.

I’ve been in meetings where co-workers have described operant conditioning techniques to the higher-ups, in those words – talking about Skinner boxes and rat pellets and everything. I’ve been in meetings where those higher-ups metaphorically drooled like Pavlov’s dogs. The heart of abuse is a fantasy of power and control – and what fantasy is more compelling to a certain kind of business mind than that of a placidly manipulable customer?

- Betsy Haibel, The Fantasy and Abuse of the Manipulable User

However, where these otherwise terrific articles don’t go far enough is in explicitly acknowledging that the people who are most responsible for perpetuating rape culture and the people writing consent-violating software are the same people. It’s no coincidence that Facebook doesn’t care about your consent, because most of the people who work at Facebook wouldn’t think twice about getting you drunk and “taking advantage” of you at a party, or of defending a friend who did.

So, while both of the above authors optimistically implore high-level developers and other elite tech workers to adopt an ethic of “enthusiastic consent” when it comes to software design — as if the majority of workers in that sphere understand what that is or would even care if they did — my angry and extremely on-point friend below has another solution:

There has been much gnashing of teeth recently about how blatantly people’s privacy is violated by software like the new Facebook messenger app. These articles or editorials will rage about “companies like facebook” and often have a picture of Mark Zuckerberg’s punchable face just so people know who to have rage at.  One imagines Zuckerberg, possibly at the same table as the director of the NSA, maybe a CIA agent, and maybe the ghost of Steve Jobs all conspiring to violate your privacy and make hardware you bought do what they want against your will. The villain in these stories is either the CEO of some company or “the corporation” as a faceless monster.     

But what’s really going on here?  What we have, overwhelmingly, is a lot of technology being built which ignores the consent of the user.  A app which no one wants is forced on everyone, things which clearly everyone will hate are put in vague terms of service which essentially say that the service provider can do anything they want any time they want and there is nothing you can do about it.  How did this happen?  

Meanwhile, if you follow technology media and especially feminist technology media you see constant stories about what a festering shithole of sexism the technology industry is.  These articles are generally along the lines of a narrative about female engineers trying to be at conferences or trade shows and facing constant harassing of just about every kind from their overwhelmingly male peers.  They are constantly being touched, catcalled, and generally treated like shit, obviously against their will. Articles will talk about how this needs to be addressed in order to improve the quality of life for women in tech as well as to bring more women into tech.  As tech insider media, they meanwhile generally ignore the role of the user in all this.

What I find disappointing here, and is the point of this article, is that these are all the same shit heads, and that this is no accident.  Is it an accident that the same men who think it’s ok to grab ass at a technical conference are writing software that deliberately and blatantly ignores the consent of the user all the time?  No.  Because software is simply one of the worst industries in the history of technology.  I think it would be hard to find any industry in the history of technological capitalism that has held itself to such low standards and shown such consistent contempt for the user or for quality of their product.  

It is time for people in the public at large to stop seeing companies like Facebook as either a monolithic inhuman monster, or the personal fiefdom of some monstrous oligarch like Zuckerberg, but rather like just a big group of horrible people doing horrible work.  It’s time for the tech backlash within the industry to wake up to just how fucked the rest of us are by this, and for the rest of us to wake up to just how fucked this industry is from the inside.  

It’s time to smash Silicon Valley.

Yes, to all of this. My personal experiences of working in the software industry validates every word of this. It is why I left.

Written by Meitar

September 15th, 2014 at 2:36 pm

Get on your knees and thank the Silicon Valley elites for your chance to serve them.

leave a comment

In his article, “The Sharing Economy Isn’t About Trust, It’s About Desperation,” Kevin Roose highlights some tragic facts about what Silicon Valley touts as their latest and greatest so-called innovation:

A huge precondition for the sharing economy has been a depressed labor market, in which lots of people are trying to fill holes in their income by monetizing their stuff and their labor in creative ways. In many cases, people join the sharing economy because they’ve recently lost a full-time job and are piecing together income from several part-time gigs to replace it. In a few cases, it’s because the pricing structure of the sharing economy made their old jobs less profitable. (Like full-time taxi drivers who have switched to Lyft or Uber.) In almost every case, what compels people to open up their homes and cars to complete strangers is money, not trust.

To understand why the sharing economy is thriving now, it’s worth taking a look at how many full-time jobs have been replaced by part-time jobs since the recession of 2008:

Graph shows that during the recession of 2008, the number of full-time employed persons dropped from 122,000 (in thousands of persons) to well below 112,000, while part-time employed persons rose from 24,000 (in thousands of persons) to nearly 28,000.

More telling is what’s happened to real wages, which have fallen for middle- and low-income people since the recession:

Graph shows that from the time period of year 2000 to 2012, hourly income in salaried positions remained largely stagnant or declined by 5% for everyone except the 95th percentile of employed persons.

Add to this the fact that 3.7 million Americans are long-term unemployed (meaning they haven’t had a job in the last six months), and the rise of the sharing economy makes total sense. When wages fall and full-time jobs are hard to get, workers seek out flexible part-time gigs to sustain themselves while they look for something better.

This isn’t “sharing.” At best, it’s bartering. Which is, of course, exactly why Silicon Valley shitwads call it “sharing,” in the same way Facebook calls them your “friends.” Slavery is freedom, citizens.

Every time I see a story like this, I get pissed off that they’ll mention AirB&B, the monetized bed-and-breakfast service, but not CouchSurfing, the free hospitality exchange network that existed for years and years before AirB&B was ever first conceived. Wikipedia describes a “hospitality service” as:

centrally organized social networks of individuals, generally travelers, who offer or seek accommodation without monetary exchange. These services generally connect users via the internet.

Of course, there’s a reason why AirB&B is mentioned ad infinitum in media outlets while CouchSurfing struggles to get the same kind of attention.

There’s another layer to the story, here. Quite simply, the “sharing economy” isn’t a good thing because it’s still an economy, and economies are inherently trust-removing technologies.

After all, it is in the interests of rich Silicon Valley elites to advance a rhetoric whose premise is that unemployed people should “get a job (or a gig)” so they can take care of themselves, rather than enacting an ethos that says we should all stop having jobs so that we can spend more time taking care of each other.

It’s an ideology of eternal serfdom. An ideology that not even people who are rightfully skeptical seem willing to question.

(via)

Written by Meitar

April 27th, 2014 at 4:42 pm

I quit, Because Capitalism

7 comments

One lazy Saturday morning in New York City not so long ago, I woke up hungry. I knew there was a great little bistro with delicious coffee and a $4 scrambled eggs breakfast special not far from where I was staying, so I figured I’d go eat there. I remembered the place because the last time I’d been there, on a weekday shortly after noon, it was empty, quiet, and the wait staff seemed to enjoy my company as I chilled in the back corner for several hours.

But as I approached the restaurant on this mid-day weekend, it was overflowing with people, and a hurried anxiousness was oozing from every smile the busy wait staff offered their customers. Augh, I thought to myself. It’s the weekend.

“I hate capitalism,” I said, invoking that now-clichéd phrase so many disaffected youth cite whenever, in many of the older generations’ eyes, they are “being lazy.” “And fuck the 9-5 workday,” I said. “And FUCK WORK!”

Who the fuck are you to say “fuck work”?

First of all, it’s important for me to mention near the start of this story—so this seems as good a place as any—that I’m a person with a sizeable chunk of class privilege. And yet, the reason for that may not be what you expect. Let me explain.

My parents are immigrants to America, first arriving in New York City in the early 1980’s with little more than the clothes on their backs and some savings in their pockets. In their own ways, both are artists. My mother is an art teacher and my father is a graphic designer.

By the time I was born, my father was working 70-hour-plus weeks for micromanaging bosses and my mother took a second teaching job to make sure our family could make ends meet. I didn’t grow up in squalor, but I didn’t grow up in splendor, either. When my brother was born, our studio apartment in the back of the first floor of an “inner-city” neighborhood was even more cramped.

I grew up hating my religious day school, hating god, and hating not just homework, but all work. However, I also grew up loving books, my parents, and any activity whatsoever that I could learn something doing. My favorite video game was SimEarth because it taught me about how a planet’s weather impacts the ability of lifeforms to survive and evolve. That’s why my favorite movie was “Jurassic Park.” For my birthday one year, a classmate gifted me with the Jurassic Park soundtrack on CD, and it served as my introduction to scores of John Williams soundtracks I’d later pirate off Napster, even before seeing their associated film.

My second favorite video game was SimTower, because it taught me about capitalism. SimTower, for those whose only familiarity with the “Sim” series of games is the “SimCity” classic, is a game where you play a real estate tycoon who’s purchased a plot of land and is trying to build a skyscraper. It’s basically SimCity-in-a-building. You place shops, elevators, stairways, fire escapes, and more in various places on the high-rise you build, floor by floor, all with the goal of watching your bottom-line soar.

Most people will never own a skyscraper. Hell, most people on Earth will never even walk into the lobby of one. But for a struggling child in a struggling family, getting to play a real estate tycoon was a helluva lot more fun than getting browbeaten into being at religious school at 8:15 in the morning to stand for 60 minutes of prayer I didn’t even believe in and then spend half the rest of my day in Bible class, day in and day out.

By the time I was 12 and in fourth grade, I’d had numerous different knowledge-fetishes, including archaeology, astronomy, and genetics. At that point, my newest obsession was biology. When our “science class” consisted of going to the park and outlining leaves with crayons, I was reading books like “Muscular Dystrophy,” and “Your Brain.”

But I digress. The point is that, eventually and with much familial infighting, I dropped out of school. Shortly thereafter, I began getting interested in computers and by the time I was finishing my teenage years I had moved out of my parents’ apartment into my own place in New York City’s West Village, and was running my own web design and development business with a focus on website accessibility for people with disabilities. And, to everyone’s amazement, I was actually breaking even.

One thing lead to another and within a few years I was a highly-sought after technology consultant who, during my heyday, spent my days sitting across from the Chief Technology Officer of a Fortune 100 company that no longer exists because they helped cause the financial crisis of 2008. I was 23 years old. I wore suits to work. I made boatloads of money. And I hated it.

If you ever want to avoid questions like, “Why did you drop out of school?” slip the fact that your desk was next to the desk of a CTO of a major multinational bank early in every conversation. Trust me, I speak from experience on this one.

What this all means in practice is that I’m no longer lower- or “lower-middle-class.” I’m solidly middle-class now. I know this is true because the first year I made more money in 6 months than my parents annual salaries combined, two things happened. First, they stopped pestering me about dropping out of school. And second, my taxes quadrupled.

But it also means, in a capitalist society dependent on technology to facilitate every major and minor function of its ongoing machinations, I’ll never be “poor.” Because even if I have no money—and there have been times in my life like that—I will always have the ability to access money in what is to many people an astonishingly short amount of time.

That’s class privilege. Class privilege is not what one spends one’s money on. Class privilege is not a number in one’s bank account. Class privilege is one’s ability to lose all one’s money and then get it back—and easily!—because when you have class privilege, you don’t even have to care about money, budgets, or personal finances. I’m pretty sure I have a 401K from those years in corporate jobs somewhere in my name, but I have no idea where and I don’t even need to know. That’s class privilege.

I’m not class-privileged because I come from a rich family. (I don’t.) I’m not class-privileged because I graduated from a fancy school. (I didn’t.) I’m class privileged because, in today’s Information Age, I’m a magical creature who can talk to computer systems and make them do what you want.

I’m employable. Or, put more crudely: I’m sellable. My service offering? Robot taskmaster. Overseer not only of machines, but of people-who-work-with-machines, too. When I was a highly-paid data center automation technician, my entire job function was to set up computer systems in such a way as to obsolete the jobs of scores of lower-level computer operators and system administrators. (Yeah, I know, it’s gross.)

Of course, if you know anything about me (and if you don’t, let me tell you), you know that I don’t currently have a “job.” I’m a “digital troubadour,” or the information age’s equivalent of a wandering minstrel. These days, I live on the streets, sleep under overpasses and on generous people’s couches, and my primary source of earned income is donations from, yes, people like you. People who read my writings, like this one, watch my advocacy videos, and send me electronic donations, or put money on my café gift cards to keep me caffeinated and fed. (And I’ll always take the opportunity, like now, to say: hey, thank you for that. So, hey, thank you for that.)

But recently, I got a job. I didn’t even last the month, because it reminded me of all the reasons why I really, truly, hate capitalism. Here’s what happened.

A “dream job” is just a different kind of nightmare.

Every so often, I’m asked if I’m available for a tech gig. Most gigs are just flat-out horrible. “Contract-to-perm” so-called “opportunities” to work on some mindless, meaningless, Machiavellian monetary “loyalty discount” system or another. A new social network project struggling to launch that needs a “rockstar” web developer. I ignore them all, because fuck you and your stupid idea.

All except one: a project my ex-partner Emma was working on, called the Gender Spectrum Lounge. She’d asked me, repeatedly over the course of years, if I had time to work on this project. They already had a developer but, frankly, he was horrible. So in late April, I finally said yes.

I had four main motivations for agreeing to the project. First, I was looking for a new project to work on, something technical and relatively low-key but that still offered a fun time to hack on some code. Second, I’ve been familiar with Gender Spectrum as an organization for years and I always liked their stated goals. Third, I wanted to get a car, because I’m really tired of hitchhiking and relying on the shitty public transit options in America. And fourth, I really missed working with Emma.

“You don’t understand,” Emma would tell me time and time again. “This project is over budget, it’s late, it doesn’t work the way we’ve asked. It seems like every time our developer makes a change, something else breaks. We go months without hearing from him. It’s a nightmare.”

The Gender Spectrum Lounge doesn’t even have complex project goals. It’s supposed to be a community who are supportive of gender variant people, or are genderqueer themselves. Gender Spectrum as an organization works largely on educational outreach and support programs for youth. The Lounge’s whole point was to have an online space where age-based groups could overlap in facilitated ways to allow for various kinds of interaction, such as between younger teens and young adults. I rarely see projects like this explicitly address cross-generational solidarity, and this project hit many of the things that are important to me personally, such as youth advocacy and mentorship.

Beyond all that, and despite its major technical issues, the Gender Spectrum Lounge seemed to be directly benefiting the lives of its participants. Emma shared some posts from the forums with me. A mother wrote about how hard it was to deal with the school district on behalf of her child’s discomfort with binarily-gendered bathrooms. Another mother consoled her, then cheered her on, telling her she was an amazing parent and doing the right thing. A youth described self-image concerns and another youth responded telling them they were beautiful. It was heartwarming. Reading some of the postings literally made my eyes water.

Even if I wasn’t going to get to participate in that directly (and I shouldn’t, it’s not my space), I knew I’d never get close to anything like that in the corrupt world of corporate IT. Burn the banks. Jail the CEOs. They are unmitigated evil, and I’m so fucking over being part of their disgusting globalized deception.

The Gender Spectrum Lounge was different in size, scope, and purpose from the big banks, but it was exactly the same as every other company that has to deal with technology. They hired technicians who don’t care, who half-assedly delivered an incredibly insecure and shitty result, all while overcharging for it. In Gender Spectrum’s case, not even the defaults in the, free, open source forum software they were using as the site’s platform were functioning properly because the developer had fucked it up so bad.

The developer they’d hired took totally free software that worked out-of-the-box, broke it, delivered the broken free thing months late, and charged them for it. And here’s what you gotta understand: that’s not rare. That’s the norm. After I left the Fortune 100 world I went back to doing freelance gigs, and for the next several years, I made money exclusively off “clean-up” jobs. These were gigs where I was hired for the sole and explicit purpose of fixing something a previous technical hire broke or failed to deliver. You might be amazed how well that pays.

That pattern of taking something that works by default, breaking it due to sheer ignorance, malice, or self-serving greed, and then charging for the fuck-up, is how every single for-profit exchange works when you have a builder who knows more about the thing they are selling than the person they are selling to.

It’s Capitalism 101. People seem to intuitively understand this with, for example, cars and mechanics. You know you’re gonna get screwed over if you don’t know the first thing about cars and you go to a mechanic who’s not your friend. This happens in the tech world, too. Only the tech world is a bazillion times worse because the gap in understanding is so much greater. And this pattern doesn’t just exist between individuals, but entire systems. Did you know that sending text messages costs the telcos nothing, but they’re still the most expensive part of many mobile phone contracts?

But I digress, again.

I went to work on the project. I restored some of the basic out-of-the-box functionality the original developer had broke. I built a development environment so that Gender Spectrum could have a place to make and test changes before deploying them to their users. I packaged some of their customizations into plug-ins that they could turn on or off without interrupting the rest of the system. And I did all this as part of necessary, preliminary arrangements (like using a code versioning system) in order to make it easier, faster, and more reliable to make future changes and for other developers to pick up and run with. It’s like Abraham Lincoln once said, “If you give me six hours to chop down a tree, I will spend the first four sharpening my axe.”

For instance, one thing Gender Spectrum needed to customize was the interface text of the software they were using. As you’d expect, every system unnecessarily defaults to binary gender pronouns; it will use “he,” and “she,” but not “zie,” or even the grammatically correct singular “they.” (Why? Because Sexism, but that’s another whole blog—which you should read, since I’ve already written it.)

So, naturally, organizations like Gender Spectrum hire someone to change the system’s use of pronouns because they can’t go around claiming to be gender-inclusive if their website is constantly misgendering their users. And naturally, because they hire developers who almost certainly don’t actually give a fuck about them, they never make the change in a way that’s repeatable, or sharable with any other organization. Rather than using the software’s built-in language customization features, the developer that Gender Spectrum hired changed the default language files, meaning that if Gender Spectrum were to ever update their website’s system software, the changes would have to be made all over again. It’s like getting double taxed.

Many organizations want to be gender-inclusive, but rather than one organization that uses phpBB, and one organization that runs off Drupal, and one organization that uses Joomla, or whatever, writing one gender neutral language pack that every single other organization that uses the same system software can use, each organization hires a shitty developer to make the same change to their one site only. This is fantastic for greedy capitalist scum like most web developers, but it’s horrendous for everyone else. And these developers can get away with it because nobody else knows what they’re doing, and the orgs don’t have access to other people who give a fuck, and they’re all small non-profits supporting marginalized peoples anyway so they just get screwed over, over and over again.

Why? Because Capitalism. Capitalism trains us not to give a fuck about human beings or human lives.

The ironic thing is if a group like Gender Spectrum comes to me and says, “We’d like not to have to deal with this gender neutral pronoun thing repeatedly. Can you write something that will solve this problem and distribute your solution to the Internet for free so we can use it?” I would’ve jumped for joy and probably would have enjoyed doing it with them.

I still would. (So, contact them and ask about the “en_us_x_gnp” language pack I wrote for phpBB3. And if you use phpBB3 and want to use gender neutral pronouns on your boards, let me know and I’ll help you get that set up. No charge.)

On “quotes,” “estimates,” and other bullshit

When I started the project with Gender Spectrum, I was asked for a quote. Here’s the thing: I don’t give quotes. Every quote you ever get from a developer is going to be straight-up bullshit, just some number they pulled out of their ass. Especially when you’re a freelancer, you have to get really good at pulling bullshit out of your ass.

Quotes and estimates are bullshit because nobody knows what’s going to come up out of the code. This is doubly true for “nightmare” projects where the premise of the work is “things are fucked up and we don’t know what’s wrong or how to fix it!” At that point, any reasonable estimates would be so broad as to be meaningless in the first place.

Since I wouldn’t give a quote, or a project estimate, I was asked to track my hours. Here’s the thing: I don’t track my hours, either. I don’t track my hours because I don’t work in hour, or even in minute, chunks. I do multiple things simultaneously. As any person who performs creative tasks like writing or painting or even having sex with a lover or with oneself will tell you, “hours” are a meaningless unit of measurement for such things. Do I charge for the hour where I took a walk and thought about the structure of the project’s codebase? How about the half hour I spent reading the internationalization and localization API of the system’s software?

Tracking hours is a distraction from actually doing the work. Tracking hours is additional hours of (busy)work. Tracking hours is an interruption. Charging “hourly” consistently makes the project longer, makes my work less good, and annoys the fuck out of me.

So when I was asked for a quote, I countered: “One thing I want from this project is a car. Don’t pay me anything other than a car, if you have to think of it as paying me something in the first place. If you agree to help me get a car, that’ll help me fix your website.”

Asking for help getting a car instead of asking for money for working on the website seemed like an obvious win for everybody. It was quite literally the best possible deal. I didn’t even want a fancy car. A hardy Honda Civic or trusty Toyota Camry would be fine for me. A couple thousand dollars, tops, plus help taking care of the bureaucratic red-tape of insurance and registration. The whole thing would’ve cost Gender Spectrum a few thousand dollars, including the stipend for whatever intern was assigned to help me out. In contrast, tracking my hours for the project at $125 per hour (my standard going rate, which is highly competitive with the $120 per hour their previous freelance developer charged them) would’ve easily put them over the $6,000 mark within the first two weeks of my employ.

Emma thought the car thing was a good idea, too. But the idea didn’t go over so well with her boss at Gender Spectrum. Her boss wanted to have a meeting with me, some vagueness about making sure I could “commit” to the project, and in the meantime Emma convinced me to just charge under an hourly rate agreement, which we both knew would net me more than enough money to buy a car. Using that money, I could then hire her to help me do the stressful logistics pieces for figuring out how to actually get this car.

This seemed like a good idea, with one major problem. The whole point of having a car was so that I would have enough stability and time to do the project in the first place. Remember how I’m sleeping under overpasses and on generous people’s couches? That actually takes a lot of time to make possible. Every day, I spend anywhere between 2 and 5 hours setting up different couchsurfing arrangements, orienting myself in physical space with different travel options, learning public transit routes or just fucking walking with my pack on the streets of whatever city I happen to be in. Not to mention the emotional and social energy it takes for an introvert like me to interact with the people who generously host me. After a few weeks of hopping from one person’s couch to another, sometimes all I want to do is curl up in a corner and not talk to anybody ever again. None of these are situations in which I can sit down and focus on writing code.

Having a car would mean a helluva lot more freedom to plop my ass down at a coffeeshop and just hack on some code. Having to work for money to get a car was a Catch-22. However, as circumstances had it, I lucked out and found myself with an opportunity to have a stable housing situation for the month of May, exactly when the Gender Spectrum project was due to spin up. So, I agreed to the hour-tracking fiasco.

I arrived at my stable housing situation. May 1st came and went. I began tracking hours. Within a week, I’d racked up an invoice for Gender Spectrum in the $3,000 range. And that’s when we needed to “have a meeting.” Another week came and went. We didn’t have a meeting because the boss was busy. And what was the meeting about anyway? The answer I got was more vagueness about being sure I could “commit” to the project.

This delay was a problem, because time was a factor, because I didn’t yet have a car. Throughout this delay, I made clear to Emma that I don’t “commit” to stuff. It’s ridiculous and insulting to be asked to “commit” to work if you know that it’s just as much a mirage to commit to work as it is to commit to paying for work. It’s all just a fucking agreement. Asking me to commit to work is no different than me asking you to commit to paying for the work. Haven’t we already worked that out?

So being asked whether or not I’d commit to a project I was already actively working on raised, in me, the following question: are you going to pay me for working on a project you already said you’d hire me to do?

This should be fucking obvious, but since it isn’t to capitalists, which is most people I’ve ever had the displeasure of interacting with, I apparently have to repeat it: agreements don’t mean shit without trust. Nothing, not even your punitive legal system of contract law, can give an agreement value without trust. You can strong-arm people into doing what you want if you have enough power over their environment to get them to servilely accept whatever increasingly shitty circumstances you’re putting them in, but that’s not trust, and it’s not an agreement. There is no such thing as freedom of choice in a “free market” where the only choices are employment or starvation. That’s not a choice, that’s a threat.

I don’t take well to being threatened, and that’s not some kind of moral fucking failing on my part. And being threatened was exactly what was happening. All the vagueness about “committing” to a project was certainly not reassuring, and I’ve been around the block enough to understand when business-speak is a facade on a fundamentally untrustworthy relationship.

Sure enough, that’s exactly what happened in our meeting, which we finally held in mid-May. Long before we spoke, I had communicated to Emma, who had told me she’d communicated to her boss, that I don’t commit indefinitely to future work. We had already drafted a Scope Of Work, another one of those business-y documents, useful for clarifying what work needs to be done but terribly inane when treated like a contract. I had already delivered a few of the line items and I had no intention of asking Gender Spectrum to pay me any monies until the scope of work was completed in full.

So why were we having this meeting? Lisa, the Gender Spectrum executive director, spoke to me about how she didn’t want high developer turnover. Everything she said to me made clear she didn’t know what the fuck she was talking about from a technology perspective. This is no surprise, of course, coming from someone whose other full-time job is the VP of Marketing at Genedata AG, Inc.

Fucking marketing professionals. Do humanity a favor and kill yourselves.

I tried to make it clear that developer turnover is a problem when you have shit developers who do crappy work that they don’t document or tell anyone about. It’s actually not a problem when you take knowledge transfer into account and actually include documentation as part of the scope of work—which we did. I thought the whole point of being hired was to empower them, not to make them dependant on me. I was beginning to deliver something that made developer turnover irrelevant. But if they didn’t trust me to do that, having a meeting about my feelings about commitments was, itself, irrelevant.

The meeting lasted an hour. I tried to reiterate my complete and total unwillingness to commit to any relationship with Gender Spectrum beyond the Scope of Work already laid out. It fell on deaf ears. Over and over again, I’d say something like, “I won’t be able to guarantee any work outside of the Scope of Work,” or “I’m not in a position where I can actually commit to working past the agreements I’ve already confirmed with Emma,” but nothing seemed to get through that thick marketer’s skull of hers.

An hour into the meeting, we were finally starting to wind down. Then I hear Lisa say, again, “Well, it sounds like, maymay, you need to think about it and tell us if you can commit to working with us for longer.”

And I just lost it.

“Lisa, I’m going to need to interject something here. Listen, I’ve been very clear with Emma for weeks and I’ve been very clear in this phone call that I’m not going to commit to an indefinite project with Gender Spectrum. There is nothing more I need to think about here. As I’ve been saying, I know exactly where I stand. We’ve been talking about this in circles for an hour. I have other things I need to do with my day. Unless there’s anything else someone on this call wants to tell me, I’m going to go.”

There was a short silence. “No, I think that’s everything,” I heard Emma say. “Lisa?”

“No, nothing else.” Lisa said.

“Great. Lisa, it was very nice to meet you,” I lied through my teeth. “Have a good day.” I hung up.

A couple days went by with no word from Gender Spectrum. By now, the end of the month I’d set aside specifically to work on tech projects was fast approaching. I was sick and tired of waiting on Gender Spectrum, so I got involved with the re-launch of the “I Am Bradley Manning” photo petition website I’d helped launch two years ago. You might have seen a news cycle about the celebrity Public Service Announcement video we made. You might have surfed on over to iam.BradleyManning.org when you saw it linked on your Facebook or Twitter. Well, now you know, I helped make that.

I didn’t work on it for money. I worked on it because I wanted to.

A couple days after the phone meeting, Emma told me Lisa thought the meeting was “kind of refreshing.” It was too late, though. Every single time Emma pinged me about Gender Spectrum over chat, we’d end up getting into a fight about it, or the project, or the meeting, or how little time I had left in the month to focus on code. I told her I’d gotten involved with the Bradley Manning Support Network’s new social media project. Hey, it was a techie project, and I had specifically set myself up with time to code this month, so I thought I should use that time to code this month. I told her I’d still do Gender Spectrum stuff but that I’d only do it until the end of May, and I’d only give it fifty percent of my attention, tops.

Emma said that was fine. She also said Lisa tentatively agreed to a pared-down Scope of Work, but would hire someone else after the fact, and didn’t want me to continue to work with them afterwards.

There was no longer any reason I should work specifically with the Gender Spectrum people, and therefore there was no reason I should work for them, either. Gender Spectrum showed themselves to be exactly the sort of people I don’t like and can’t communicate with. Any agreement I made with them would’ve been meaningless because I don’t want to work with people like that. The whole fucking point of refusing to sign contracts or make meaningless commitments is to avoid getting tied to some commitment I wasn’t going to keep. Agreeing to such things only constrains me, not them. I charge for work done, not work I will do. And I won’t commit to work I will do. I do work I want to do, and if I get additional benefits like financial compensation out of that, all’s the better for me.

The emotional and personal cost of interacting with this stupid system was high, and the “payoff” was non-existent.

What Lisa actually wanted out of our meeting was some kind of proof that I’m a trustworthy person to work with, but that’s not how trust works. You don’t make friends by passively-aggressively making people promise to be your friend. And yet that’s what employer/employee relationships are all about: coercively making people pretend to be friends, under the threat of starvation due to losing access to money. Bosses like to do this thing where they pretend that they’re not really your boss, just your friend and colleague with a different position in the company than you have.

Fuck that shit. The best bosses I’ve ever had knew they were my boss and didn’t try to sweep the fact of that being a non-consensual power relationship under the rug. I’m privileged enough to be able to lead a lifestyle that means I don’t have to do employer/employee relationships anymore—I hate having relationships where I voluntarily give up my agency for the sole purpose of getting taken advantage of—and I’m smart enough to usually figure out when I’m being asked to have one of those.

Money is a technology that destroys trust. Its entire purpose is to short-circuit human relationships in order to insert itself as a middleman. It makes everybody spend more money, at more emotional cost, for things that make them angry at each other. I love Emma. But every conversation we had turned into a fight. I am not exaggerating when I say that’s capitalism’s fault.

So, after the meeting, I quit. Not immediately, although I should have. And after Emma and I talked about it over chat, we realized that I should have quit the instant Lisa rejected my initial offer for helping me get a car as a way to collaborate on helping fix Gender Spectrum’s website. I have this blind spot because I love Emma where I believe she won’t hurt me. She wants to protect me. But because I’m a human, I’m irrational, and thus I somehow believed getting involved in an abusive relationship with capitalism was going to be fine just because Emma didn’t want to hurt me. In hindsight, it’s obvious that was a stupid mistake, because Emma and I had put ourselves into a situation in which she was effectively forced to try and hurt me, because it’s her job, and if she didn’t do her job, she couldn’t keep paying rent.

Here’s the thing. Capitalism doesn’t just harm people by bludgeoning us with money. It harms us by getting us to bludgeon each other and ourselves with money.

Epilogue

When I did finally communicate to Gender Spectrum that I’d quit, I did so by sending Lisa the following resignation letter:

Lisa,

Effective immediately, I will no longer be working on Gender Spectrum projects.

The work I have completed to date for Gender Spectrum includes fixing various bugs, removing obstacles to maintenance and future updates, and creating a development environment for Gender Spectrum to use in future development tasks. I tracked a total of 26.25 hours on this work. My hourly rate is $125.00 per hour.

You can choose whether or not to compensate me for my work. If you choose to compensate me for all or part of my work, make a cheque in the amount of your choosing payable to Meitar Moscovitz and send it addressed to me at:

> [ADDRESS REDACTED]

Sincerely,
-Meitar Moscovitz
Personal: http://maymay.net
Professional: http://MeitarMoscovitz.com

I know this sounds like an awkward resignation letter, but I actually spent almost a week carefully composing it. I didn’t want it to sound like an invoice, not because I think charging money for one’s time or labor is some unforgivable sin no one should ever do, but because doing that is unhealthy for me. Capitalism isn’t just bad in some objective sense of the word, it’s concretely harmful to the human life I care most about: mine.

Also, while drafting this piece, I got another email from a recruiter. I realized I’ll just keep getting emails from recruiters, and capitalism will still be there, like an abusive ex-partner, constantly trying to seduce me into bed with it again. For my own health and safety, I need some way to actively shield myself from getting job offers.

So, I’m starting a long-overdue revamp to my LinkedIn profile, which is where I assume these devil-spawn come from. Under the heading titled “Advice for contacting [user name]:”, I’ve written:

DO:

  1. Have an interesting project. Make it ambitious. Ambitions are interesting. Everything else is boring.
  2. Treat me like a friend and collaborator (not an employee or a magical creature who can talk to computers).

DON’T:

  1. Offer to pay me. Seriously. If you offer me money, I will decline on principle.
  2. Be a recruiter. First, I don’t answer recruiters. Second, I don’t want the job.
  3. Support capitalism. I am an avowed anti-capitalist. Yes, really. If your project so much as pretends to have a capitalistic agenda, I will tell you to go fuck yourself, and your project.

This is just a quick, off-the-cuff edit, and I eventually want to change the rest of my “tech professional” web presence to match that sentiment. Thing is, I’ll always be excited about working on all kinds of cool projects. But I absolutely hate money, everything to do with it, and everything it stands for.

Written by Meitar

June 14th, 2013 at 2:23 pm

Cross-post: Edenfantasys’s unethical technology is a self-referential black hole

13 comments

This entry was originally published at my other blog. I’m cross-posting it here in order to make sure it gets copied to more servers, as some people have suggested I’ll face a cease and desist order for publishing it in the first place. Please help distribute this important information by freely copying and republishing this post under the conditions of my CC-BY-NC-ND license: provide me with attribution and a (real) back link, and you are free to republish an unaltered version of this post wherever you like. Thanks.

A few nights ago, I received an email from Editor of EdenFantasys’s SexIs Magazine, Judy Cole, asking me to modify this Kink On Tap brief I published that cites Lorna D. Keach’s writing. Judy asked me to “provide attribution and a link back to” SexIs Magazine. An ordinary enough request soon proved extraordinarily unethical when I discovered that EdenFantasys has invested a staggering amount of time and money to develop and implement a technology platform that actively denies others the courtesy of link reciprocity, a courtesy on which the ethical Internet is based.

While what they’re doing may not be illegal, EdenFantasys has proven itself to me to be an unethical and unworthy partner, in business or otherwise. Its actions are blatantly hypocritical, as I intend to show in detail in this post. Taking willful and self-serving advantage of those not technically savvy is a form of inexcusable oppression, and none of us should tolerate it from companies who purport to be well-intentioned resources for a community of sex-positive individuals.

For busy or non-technical readers, see the next section, Executive Summary, to quickly understand what EdenFantasys is doing, why it’s unethical, and how it affects you whether you’re a customer, a contributor, or a syndication partner. For the technical reader, the Technical Details section should provide ample evidence in the form of a walkthrough and sample code describing the unethical Search Engine Optimization (SEO) and Search Engine Marketing (SEM) techniques EdenFantasys, aka. Web Merchants, Inc., is engaged in. For anyone who wants to read further, I provide an Editorial section in which I share some thoughts about what you can do to help combat these practices and bring transparency and trust—not the sabotage of trust EdenFantasys enacts—to the market.

EXECUTIVE SUMMARY

Internet sex toy retailer Web Merchants, Inc., which bills itself as the “sex shop you can trust” and does business under the name EdenFantasys, has implemented technology on their websites that actively interferes with contributors’ content, intercepts outgoing links, and alters republished content so that links in the original work are redirected to themselves. Using techniques widely acknowledged as unethical by Internet professionals and that are arguably in violation of major search engines’ policies, EdenFantasys’s publishing platform has effectively outsourced the task of “link farming” (a questionable Search Engine Marketing [SEM] technique) to sites with which they have “an ongoing relationship,” such as AlterNet.org, other large news hubs, and individual bloggers’ blogs.

Articles published on EdenFantasys websites, such as the “community” website SexIs Magazine, contain HTML crafted to look like links, but aren’t. When visited by a typical human user, a program written in JavaScript and included as part of the web pages is automatically downloaded and intercepts clicks on these “link-like” elements, fetching their intended destination from the server and redirecting users there. Due to the careful and deliberate implementation, the browser’s status bar is made to appear as though the link is legitimate, and that a destination is provided as expected.

For non-human visitors, including automated search engine indexing programs such as Googlebot, the “link” remains non-functional, making the article a search engine’s dead-end or “orphan” page whose only functional links are those whose destination is EdenFantasys’s own web presence. This makes EdenFantasys’ website(s) a self-referential black hole that provides no reciprocity for contributors who author content, nor for any website ostensibly “linked” to from article content. At the same time, EdenFantasys editors actively solicit inbound links from individuals and organizations through “link exchanges” and incentive programs such as “awards” and “free” sex toys, as well as syndicating SexIs Magazine content such that the content is programmatically altered in order to create multiple (real) inbound links to EdenFantasys’s websites after republication on their partner’s media channels.

How EdenFantasys’s unethical practices have an impact on you

Regardless of who you are, EdenFantasys’s unethical practices have a negative impact on you and, indeed, on the Internet as a whole.

See for yourself: First, log out of any and all EdenFantasys websites or, preferably, use a different browser, or even a proxy service such as the Tor network for greater anonymity. Due to EdenFantasys’s technology, you cannot trust that what you are seeing on your screen is what someone else will see on theirs. Next, temporarily disable JavaScript (read instructions for your browser) and then try clicking on the links in SexIs Magazine articles. If clicking the intended off-site “links” doesn’t work, you know that your article’s links are being hidden from Google and that your content is being used for shady practices. In contrast, with JavaScript still disabled, navigate to another website (such as this blog), try clicking on the links, and note that the links still work as intended.

Here’s another verifiable example from the EdenFantasys site showing that many other parts of Web Merchants, Inc. pages, not merely SexIs Magazine, are affected as well: With JavaScript disabled, visit the EdenFantasys company page on Aslan Leather (note, for the sake of comparison, the link in this sentence will work, even with JavaScript off). Try clicking on the link in the “Contact Information” section in the lower-right hand column of the page (shown in the screenshot, below). This “link” should take you to the Aslan Leather homepage but in fact it does not. So much for that “link exchange.”

(Click to enlarge.)

  • If you’re an EdenFantasys employee, people will demand answers from you regarding the unethical practices of your (hopefully former) employer. While you are working for EdenFantasys, you’re seriously soiling your reputation in the eyes of ethical Internet professionals. Ignorance is no excuse for the lack of ethics on the programmers’ part, and it’s a shoddy one for everyone else; you should be aware of your company’s business practices because you represent them and they, in turn, represent you.
  • If you’re a partner or contributor (reviewer, affiliate, blogger), while you’re providing EdenFantasys with inbound links or writing articles for them and thereby propping them up higher in search results, EdenFantasys is not returning the favor to you (when they are supposed to be doing so). Moreover, they’re attaching your handle, pseudonym, or real name directly to all of their link farming (i.e., spamming) efforts. They look like they’re linking to you and they look like their content is syndicated fairly, but they’re actually playing dirty. They’re going the extra mile to ensure search engines like Google do not recognize the links in articles you write. They’re trying remarkably hard to make certain that all roads lead to EdenFantasys, but none lead outside of it; no matter what the “link,” search engines see it as stemming from and leading to EdenFantasys. The technically savvy executives of Web Merchants, Inc. are using you without giving you a fair return on your efforts. Moreover, EdenFantasys is doing this in a way that preys upon people’s lack of technical knowledge—potentially your own as well as your readership’s. Do you want to keep doing business with people like that?
  • If you’re a customer, you’re monetarily supporting a company that essentially amounts to a glorified yet subtle spammer. If you hate spam, you should hate the unethical practices that lead to spam’s perpetual reappearance, including the practices of companies like Web Merchants, Inc. EdenFantasys’s unethical practices may not be illegal, but they are unabashedly a hair’s width away from it, just like many spammers’. If you want to keep companies honest and transparent, if you really want a “sex shop you can trust,” this is relevant to you because EdenFantasys is not it. If you want to purchase from a retailer that truly strives to offer a welcoming, trustworthy community for those interested in sex positivity and sexuality, pay close attention and take action. For ideas about what you can do, please see the “What you can do” section, below.
  • If you’ve never heard about EdenFantasys before, but you care about a fair and equal-opportunity Internet, this is relevant to you because what EdenFantasys is doing takes advantage of non-tech-savvy people in order to slant the odds of winning the search engine game in their favor. They could have done this fairly, and I personally believe that they would have succeeded. Their sites are user-friendly, well-designed, and solidly implemented. However, they chose to behave maliciously by not providing credit where credit is due, failing to follow through on agreements with their own community members and contributors, and sneakily utilizing other publishers’ web presences to play a very sad zero-sum game that they need not have entered in the first place. In the Internet I want, nobody takes malicious advantage of those less skilled than they are because their own skill should speak for itself. Isn’t that the Internet and, indeed, the future you want, too?

TECHNICAL DETAILS

What follows is a technical exploration of the way the EdenFantasys technology works. It is my best-effort evaluation of the process in as much detail as I can manage within strict self-imposed time constraints. If any of this information is incorrect, I’d welcome any and all clarifications provided by the EdenFantasys CTO and technical team in an appropriately transparent, public, and ethical manner. (You’re welcome—nay, encouraged—to leave a comment.)

Although I’m unconvinced that EdenFantasys understands this, it is the case that honesty is the best policy—especially on the Internet, where everyone has the power of “View source.”

The “EF Framework” for obfuscating links

Article content written by contributors on SexIs Magazine pages is published after all links are replaced with a <span> element bearing the class of linklike and a unique id attribute value. This apparently happens across any and all content published by Web Merchants, Inc.’s content management system, but I’ll be focusing on Lorna D. Keach’s post entitled SexFeed:Anti-Porn Activists Now Targeting Female Porn Addicts for the sake of example.

These fake links look like this in HTML:

And according to Theresa Flynt, vice president of marketing for Hustler video, <span class="linklike" ID="EFLink_68034_fe64d2">female consumers make up 56% of video sales.</span>

This originally published HTML is what visitors without JavaScript enabled (and what search engine indexers) see when they access the page. Note that the <span> is not a real link, even though it is made to look like one. (See Figure 1; click it to enlarge.)

Figure 1:

In a typical user’s browser, when this page is loaded, a JavaScript program is executed that mutates these “linklike” elements into <a> elements, retaining the “linklike” class and the unique id attribute values. However, no value is provided in the href (link destination) attribute of the <a> element. See Figure 2.

Figure 2:

The JavaScript program is downloaded in two parts from the endpoint at http://cdn3.edenfantasys.com/Scripts/Handler/jsget.ashx. The first part, retrieved in this example by accessing the URI at http://cdn3.edenfantasys.com/Scripts/Handler/jsget.ashx?i=jq132_cnf_jdm12_cks_cm_ujsn_udm_stt_err_jsdm_stul_ael_lls_ganl_jqac_jtv_smg_assf_agrsh&v_14927484.12.0, loads the popular jQuery JavaScript framework as well as custom code called the “EF Framework”.

The EF Framework contains code called the DBLinkHandler, an object that parses the <span> “linklike” elements (called “pseudolinks” in the EF Framework code) and retrieves the real destination. The entirety of the DBLinkHandler object is shown in code listing 1, below. Note the code contains a function called handle that performs the mutation of the <span> “linklike” elements (seen primarily on lines 8 through 16) and, based on the prefix of each elements’ id attribute value, two key functions (BuildUrlForElement and GetUrlByUrlID, whose signatures are on lines 48 and 68, respectively) interact to set up the browser navigation after responding to clicks on the fake links.

var DBLinkHandler = {
    pseudoLinkPrefix: "EFLink_",
    generatedAHrefPrefix: "ArtLink_",
    targetBlankClass: "target_blank",
    jsLinksCssLinkLikeClass: "linklike",
    handle: function () {
        var pseudolinksSpans = $("span[id^='" + DBLinkHandler.pseudoLinkPrefix + "']");
        pseudolinksSpans.each(function () {
            var psLink = $(this);
            var cssClass = $.trim(psLink.attr("class"));
            var target = "";
            var id = psLink.attr("id").replace(DBLinkHandler.pseudoLinkPrefix, DBLinkHandler.generatedAHrefPrefix);
            var href = $("<a></a>").attr({
                id: id,
                href: ""
            }).html(psLink.html());
            if (psLink.hasClass(DBLinkHandler.targetBlankClass)) {
                href.attr({
                    target: "_blank"
                });
                cssClass = $.trim(cssClass.replace(DBLinkHandler.targetBlankClass, ""))
            }
            if (cssClass != "") {
                href.attr({
                    "class": cssClass
                })
            }
            psLink.before(href).remove()
        });
        var pseudolinksAHrefs = $("a[id^='" + DBLinkHandler.generatedAHrefPrefix + "']");
        pseudolinksAHrefs.live("mouseup", function (event) {
            DBLinkHandler.ArtLinkClick(this)
        });
        pseudolinksSpans = $("span[id^='" + DBLinkHandler.pseudoLinkPrefix + "']");
        pseudolinksSpans.live("click", function (event) {
            if (event.button != 0) {
                return
            }
            var psLink = $(this);
            var url = DBLinkHandler.BuildUrlForElement(psLink, DBLinkHandler.pseudoLinkPrefix);
            if (!psLink.hasClass(DBLinkHandler.targetBlankClass)) {
                RedirectTo(url)
            } else {
                OpenNewWindow(url)
            }
        })
    },
    BuildUrlForElement: function (psLink, prefix) {
        var psLink = $(psLink);
        var sufix = psLink.attr("id").toString().substring(prefix.length);
        var id = (sufix.indexOf("_") != -1) ? sufix.substring(0, sufix.indexOf("_")) : sufix;
        var url = DBLinkHandler.GetUrlByUrlID(id);
        if (url == "") {
            url = EF.Constants.Links.Url
        }
        var end = sufix.substring(sufix.indexOf("_") + 1);
        var anchor = "";
        if (end.indexOf("_") != -1) {
            anchor = "#" + end.substring(0, end.lastIndexOf("_"))
        }
        url += anchor;
        return url
    },
    ArtLinkClick: function (psLink) {
        var url = DBLinkHandler.BuildUrlForElement(psLink, DBLinkHandler.generatedAHrefPrefix);
        $(psLink).attr("href", url)
    },
    GetUrlByUrlID: function (UrlID) {
        var url = "";
        UrlRequest = $.ajax({
            type: "POST",
            url: "/LinkLanguage/AjaxLinkHandling.aspx",
            dataType: "json",
            async: false,
            data: {
                urlid: UrlID
            },
            cache: false,
            success: function (data) {
                if (data.status == "Success") {
                    url = data.url;
                    return url
                }
            },
            error: function (xhtmlObj, status, error) {}
        });
        return url
    }
};

Once the mutation is performed and all the content “links” are in the state shown in Figure 2, above, an event listener has been bound to the anchors that captures a click event. This is done using prototypal extension, aka. classic prototypal inheritance, in another part of the code, the live function on line 2,280 of the (de-minimized) jsget.ashx program, as shown in code listing 2, here:

        live: function (G, F) {
            var E = o.event.proxy(F);
            E.guid += this.selector + G;
            o(document).bind(i(G, this.selector), this.selector, E);
            return this
        },

At this point, clicking on one of the “pseudolinks” triggers the EF Framework to call code set up by the GetUrlByUrlID function from within the DBLinkHandler object, initiating an XMLHttpRequest (XHR) connection to the AjaxLinkHandling.aspx server-side application. The request is an HTTP POST containing only one parameter, called urlid, and its value matches a substring from within the id value of the “pseudolinks.” In this example, the id attribute contains a value of EFLink_68034_fe64d2, which means that the unique ID POST’ed to the server is 68034. This is shown in Figure 3, below.

Figure 3:

The response from the server, shown in Figure 4, is also simple. If successful, the intended destination is retrieved by the GetUrlByUrlID object’s success function (on line 79 of Code Listing 1, above) and the user is redirected to that web address, as if the link was a real one all along. The real destination, in this case to CNN.com, is thereby only revealed after the XHR request returns a successful reply.

Figure 4:

All of this obfuscation effectively blinds machines such as the Googlebot who are not JavaScript-capable from seeing and following these links. It deliberately provides no increased Pagerank for the link destination (as a real link would normally do) despite being “linked to” from EdenFantasys’s SexIs Magazine article. While the intended destination in this example link was at CNN.com, it could just as easily have been—and is, in other examples—links to the blogs of EdenFantasys community members and, indeed, everyone else linked to from a SexIs Magazine article or potentially any website operated by Web Merchants, Inc. that makes use of this technology.

The EdenFantasys Outsourced Link-Farm

In addition to creating a self-referential black hole with no gracefully degrading outgoing links, EdenFantasys also actively performs link-stuffing through its syndicated content “relationships,” underhandedly creating an outsourced and distributed link-farm, just like a spammer. The difference is that this spammer (Web Merchants, Inc. aka EdenFantasys) is cleverly crowd-sourcing high-value, high-quality content from its own “community.”

Articles published at SexIs Magazine are syndicated in full to other large hub sites, such as AlterNet.org. Continuing with the above example post by Lorna D. Keach, Anti-Porn Activists Now Targeting Female Porn Addicts, we can see that this content was republished on AlterNet.org shortly after original publication through EdenFantasys’ website on May 3rd at http://www.alternet.org/story/146774/christian_anti-porn_activists_now_targeting_female_. However, a closer look at the HTML code of the republication shows that each and every link contained within the article points to the same destination: the same article published on SexIs Magazine, as shown in Figure 5.

Figure 5:

Naturally, these syndicated links provided to third-party sites by EdenFantasys are real and function as expected to both human visitors and to search engines indexing the content. The result is “natural,” high-value links to the EdenFantasys website from these third-party sites; EdenFantasys doesn’t merely scrounge pagerank from harvesting the sheer number of incoming links, but as each link’s anchor text is different, they are setting themselves up to match more keywords in search engine results, keywords that the original author likely did not intend to direct to them. Offering search engines the implication that EdenFantasys.com contains the content described in the anchor text, when in fact EdenFantasys merely acts as an intermediary to the information, is very shady, to say the least.

In addition to syndication, EdenFantasys employs human editors to do community outreach. These editors follow up with publishers, including individual bloggers (such as myself), and request that any references to published material provide attribution and a link back to us, to use the words of Judy Cole, Editor of SexIs Magazine in an email she sent to me (see below), and presumably many others. EdenFantasys has also been known to request “link exchanges,” and offer incentive programs that encouraged bloggers to add the EdenFantasys website to their blogroll or sidebar in order to help raise both parties search engine ranking, when in fact EdenFantasys is not actually providing reciprocity.

More information about EdenFantasys’s unethical practices, which are not limited to technical subterfuge, can be obtained via AAGBlog.com.

EDITORIAL

It is unsurprising that the distributed, subtle, and carefully crafted way EdenFantasys has managed to crowd-source links has (presumably) remained unpenalized by search engines like Google. It is similarly unsurprising that nontechnical users such as the contributors to SexIs Magazine would be unaware of these deceptive practices, or that they are complicit in promoting them.

This is no mistake on the part of EdenFantasys, nor is it a one-off occurrence. The amount of work necessary to implement the elaborate system I’ve described is also not even remotely feasible for a rogue programmer to accomplish, far less accomplish covertly. No, this is the result of a calculated and decidedly underhanded strategy that originated from the direction of top executives at Web Merchants, Inc. aka EdenFantasys.

It is unfortunate that technically privileged people would be so willing to take advantage of the technically uneducated, particularly under the guise of providing a trusted place for the community which they claim to serve. These practices are exactly the ones that “the sex shop you can trust” should in no way support, far less be actively engaged in. And yet, here is unmistakable evidence that EdenFantasys is doing literally everything it can not only to bolster its own web presence at the cost of others’, but to hide this fact from its understandably non-tech-savvy contributors.

On a personal note, I am angered that I would be contacted by the Editor of SexIs Magazine, and asked to properly “attribute” and provide a link to them when it is precisely that reciprocity which SexIs Magazine would clearly deny me (and everyone else) in return. It was this request originally received over email from Judy Cole, that sparked my investigation outlined above and enabled me to uncover this hypocrisy. The email I received from Judy Cole is republished, in full, here:

From: Judy Cole <luxuryholmes@gmail.com>
Subject: Repost mis-attributed
Date: May 17, 2010 2:42:00 PM PDT
To: kinkontap+viewermail@gmail.com
Cc: Laurel <laurelb@edenfantasys.com>

Hello Emma and maymay,

I am the Editor of the online adult magazine SexIs (http://www.edenfantasys.com/sexis/). You recently picked up and re-posted a story of ours by Lorna Keach that Alternet had already picked up:

http://kinkontap.com/?s=alternet

We were hoping that you might provide attribution and a link back to us, citing us as the original source (as is done on Alternet, with whom we have an ongoing relationship), should you pick up something of ours to re-post in the future.

If you would be interested in having us send you updates on stories that might be of interest, I would be happy to arrange for a member of our editorial staff to do so. (Like your site, by the way. TBK is one of our regular contributors.)

Thanks and Best Regards,

Judy Cole
Editor, SexIs

Judy’s email probably intended to reference the new Kink On Tap briefs that my co-host Emma and I publish, not a search result page on the Kink On Tap website. Specifically, she was talking about this brief: http://KinkOnTap.com/?p=676. I said as much in my reply to Judy:

Hi Judy,

The URL in your email doesn’t actually link to a post. We pick up many stories from AlterNet, as well as a number from SexIs, because we follow both those sources, among others. So, did you mean this following entry?

http://KinkOnTap.com/?p=676

If so, you should know that we write briefs as we find them and provide links to where we found them. We purposefully do not republish or re-post significant portions of stories and we limit our briefs to short summaries in deference to the source. In regards to the brief in question, we do provide attribution to Lorna Keach, and our publication process provides links automatically to, again, the source where we found the article. :) As I’m sure you understand, this is the nature of the Internet. Its distribution capability is remarkable, isn’t it?

Also, while we’d absolutely be thrilled to have you send us updates on stories that might be of interest, we would prefer that you do so in the same way the rest of our community does: by contributing to the community links feed. You can find detailed instructions for the many ways you can do that on our wiki:

http://wiki.kinkontap.com/wiki/Community_links_feed

Congratulations on the continued success of SexIs.

Cheers,
-maymay

At the time when I wrote the email replying to Judy, I was perturbed but could not put my finger on why. Her email upset me because she seemed to be suggesting that our briefs are wholesale “re-posts,” when in fact Emma and I have thoroughly discussed attribution policies and, as mentioned in my reply, settled on a number of practices including a length limit, automated back linking (yes, with real links, go see some Kink On Tap briefs for yourself), and clearly demarcating quotes from the source article in our editorializing to ensure we play fair. Clearly, my somewhat snarky reply betrays my annoyance.

In any event, this exchange prompted me to take a closer look at the Kink On Tap brief I wrote, at the original article, and at the cross-post on AlterNet.org. I never would have imagined that EdenFantasys’s technical subterfuge would be as pervasive as it has proven to be. It’s so deeply embedded in the EdenFantasys publishing platform that I’m willing to give Judy the benefit of the doubt regarding this hypocrisy because she doesn’t seem to understand the difference between a search query and a permalink (something any laymen blogger would grok). This is apparent from her reply to my response:

From: Judy Cole <luxuryholmes@gmail.com>
Subject: Re: Repost mis-attributed
Date: May 18, 2010 4:57:59 AM PDT
[…redundant email headers clipped…]

Funny, the URL in my email opens the same link as the one you sent me when I click on it.

Maybe if you pick up one of our stories in future, you could just say something like “so and so wrote for SexIs.” ?

As it stands, it looks as if Lorna wrote the piece for Alternet. Thanks.

Judy

That is the end of our email exchange, and will be for good, unless and until EdenFantasys changes its ways. I will from this point forward endeavor never to publish links to any web property that I know to be owned by Web Merchants, Inc., including EdenFantasys.com. I will also do my best to avoid citing any and all SexIs Magazine articles from here on out, and I encourage everyone who has an interest in seeing honesty on the Internet to follow my lead here.

As some of my friends are currently contributors to SexIs Magazine, I would like all of you to know that I sincerely hope you immediately sever all ties with any and all Web Merchants, Inc. properties, suppliers, and business partners, especially because you are friends and I think your work is too important to be sullied by such a disreputable company. Similarly, I hope you encourage your friends to do the same. I understand that the economy is rough and that some of you may have business contracts bearing legal penalties for breaking them, but I urge you to nevertheless consider looking at this as a cost-benefit analysis: the sooner you break up with EdenFantasys, the happier everyone on the Internet, including you, will be (and besides, you can loose just as much of your reputation, money, and pagerank while being happy as you can being sad).

What you can do

  • If you are an EdenFantasys reviewer, a SexIs Magazine contributor, or have any other arrangement with Web Merchants, Inc., write to Judy Cole and demand that content you produce for SexIs Magazine adheres to ethical Internet publication standards. Sever business ties with this company immediately upon receipt of any non-response, or any response that does not adequately address every concern raised in this blog post. (Feel free to leave comments on this post with technical questions, and I’ll do my best to help you sort out any l33t answers.)
  • EdenFantasys wants to stack the deck in Google. They do this by misusing your content and harvesting your links. To combat this effort, immediately remove any and all links to EdenFantasys websites and web presences from your websites. Furthermore, do not—I repeat—do not publish new links to EdenFantasys websites, not even in direct reference to this post. Instead, provide enough information, as I have done, so visitors to your blog posts can find their website themselves. In lieu of links to EdenFantasys, link to other bloggers’ posts about this issue. (Such posts will probably be mentioned in the comments section of this post.)
  • Boycott EdenFantasys: the technical prowess their website displays does provide a useful shopping experience for some people. However, that in no way obligates you to purchase from their website. If you enjoy using their interface, use it to get information about products you’re interested in, but then go buy those products elsewhere, perhaps from the manufacturers directly.
  • Watch for “improved” technical subterfuge from Web Merchants, Inc. As a professional web developer, I can identify several things EdenFantasys could do to make their unethical practices even harder to spot, and harder to stop. If you have any technical knowledge at all, even if you’re “just” a savvy blogger, you can keep a close watch on EdenFantasys and, if you notice anything that doesn’t sit well with you, speak up about it like I did. Get a professional programmer to look into things for you if you need help; yes, you can make a difference just by remaining vigilant as long as you share what you know and act honestly, and transparently.

If you have additional ideas or recommendations regarding how more people can help keep sex toy retailers honest, please suggest them in the comments.

Update: To report website spamming or any kind of fraud to Google, use the authenticated Spam Report tool.

Update: Google provides much more information about why the kinds of practices EdenFantasys is engaged in degrade the overall web experience for you and me. Read Cloaking, sneaky Javascript redirects, and doorway pages at the Google Webmaster Tools help site for additional SEO information. Using Google’s terminology, EdenFantasys’s unethical technology is a very skilled mix of social engineering and “sneaky JavaScript redirects.”

Crosspost: My impressions on the new “sex-positive social network” Blackbox Republic

leave a comment

This post was originally published on my other blog, a much more Not Safe For Work site, at maybemaimed.com. However, it turns out that blog is censored in various countries, such as Dubai. Gotta love Internet censorship. Sigh. Anyways, since I think the material there is interesting and technology-relevant, and in order to help people avoid Internet censorship, I’m cross-posting the contents here. Enjoy.


Social media. Internet publishing. Privacy. Three phrases that have seemed to be at tenacious odds with each other in a multitude of subtle and not-so-subtle ways. For people like me, who have progressive views about sexuality, these three things are constantly on our minds. How do we participate in the online revolution without being forced to “come out” about every sex act we enjoy, some of which are still illegal thanks to draconian restrictions on sexual freedom, even (and especially?) in America.

This month, a new social network called Blackbox Republic (BBR) is attempting to tackle this head-on and aims to create a place for, as Marshall Kirkpatrick put it, this particular large and unserved group of people. Although BBR is clearly a business, it’s a business whose creators have laudable intentions for positive social and cultural change. In that respect, and in many others, Blackbox Republic is worth a close look.

I was informed about the venture via Clarisse Thorn many months ago. I got in touch with BBR and signed up for a limited-offer “founder” account—basically a private beta. The founder account gave me free access to the features of the BlackboxRepublic.com website for what would normally be a $25 monthly subscription fee.

So, without further ado, here are my impressions about Blackbox Republic, and how its launch may be just what the Internet needs to get us moving in the right direction with regards to personal privacy, and mainstream awareness of the different needs of different people on the Internet.

Mainstream sex-positivity or a VIP room in cyberspace? Or both?

Over the past few months, Blackbox Republic has been building a marketing arsenal of anticipation and intrigue. Its creators are successful in non-sexuality-focused spheres of influence: Sam Lawrence is the respected former Chief Marketing Officer of Jive Software, Inc., and April Donato, has experience in community management. They also both jive (pun!) well with the sex-positive movement, discussing it at length in the early stages of their marketing efforts after de-cloaking the new company.

In an interview for Social Networking Watch, Sam Lawrence said,

[Sam Lawrence:] The co-founder [April Donato] and myself are part of [the sex-positive] community. Sex positive means that your sexuality is not an issue. You don’t have an issue with other people’s sexuality. You’re open to what other people are interested in and what their boundaries are, and you’re open with your own.

[…]

[Interviewer:] To what extent do you practice a sex-positive lifestyle?

[Sam Lawrence:] From the perspective of sex not being an issue, I think that love is generated by people being open enough about who they are as people to put all of themselves out on the table. As far as putting all of myself on the table, it’s something that I do every single day.

I have an enormous amount of respect for anyone able to so capably present themselves as authentically as Sam does. On the eve of KinkForAll New York City 2, I met Sam and April at one of their “founder meetups” and had the chance to talk to them face-to-face. Our conversation revolved around the importance of steadfastly holding true to one’s own desires and having appropriate places to express those things with appropriate communication tools. I really liked their emphasis on self-identification over labeling throughout our discussion.

I also really appreciated the way that Sam and April spoke about their target audience. Blackbox Republic will welcome everyone, but it’s not designed for everyone, and I think that’s a good thing. David Evans writing at Online Dating Post says,

BBR has room for everyone, but is not for everyone. Definitely catering to non-mainstream folks, it will soon feature a constellation of micro-communities, or groups, called Camps. BBR doesn’t tell people how to organize their camps; we’ll do it ourselves, thankyouverymuch.

So is Blackbox Republic a dating site, or a social network? Well, both, kind of. Part of BBR’s slogan includes, “Dates will happen. Sex will happen. It matters how you get there.” The implication, of course, being that the current suite of tools for finding love or play online—sites like Alt.com, OkCupid, and countless personals boards—focus too strongly on the end result, turning matchmaking into a meat market instead of the natural process of getting to know one another. The focus BBR is placing on each person’s “journey” is an extremely welcome paradigm shift in the online dating world.

Along with the welcome and (IMHO, painfully obviously better) new approach to online dating, however, Blackbox Republic faces some real challenges. For new users, the service costs a minimum of $5 a month to use (and $9 per month for new sign-ups starting in 2010), which gives access to basic features like a personal profile. For $25 a month, members get added features like the ability to list real-world meet-ups, send private messages, and partake in a virtual “gifting” economy (think LiveJournal’s “virtual gifts“).

For that reason, BBR has been called a “members-only club.” There are some legitimate differences of opinion as to whether this is a positive or a negative thing. In a press release over the summer, Blackbox Republic is reported as stating:

Blackbox Republic will be a members-only experience that will unite the sex-positive community and give them a personal, private and secure way to connect online and in person.

Writing for ZDNet, Oliver Marks likens Blackbox Republic’s approach to online dating to the fashionability of owning an Apple computer:

Think of Blackbox Republic as a fashionable online ‘members-only’ club where you might expect to meet people with similar interests to your own, and ideally the person of your dreams. […] Blackbox Republic is arguably an Apple product to Facebook’s Windows look & feel: a much more intimately crafted, fuller featured personal user interface which should appeal to Apple generation sensibilities.

Many pages on Blackbox Republic's website showcase fashionably dressed women.

Many pages on Blackbox Republic's website showcase fashionably dressed women.

Indeed, almost everything about Blackbox Republic’s marketing and design seems to me as though it’s positioning itself as the equivalent of the hip, new, and exclusive nightclub down the street. There are images of super-chic women in short skirts and tight pants all over the Blackbox Republic promotional pages—way more than there are pictures of men. I was (yet again) put-off by this over-prevalence of women in all advertising material.

This isn’t really a criticism of the site, but rather a statement of disappointment that the marketing gurus behind the effort seemed to me to have succumbed to overwhelming cultural pressure to sell their site with old-school sex appeal: women’s sex appeal, of course. How…traditional.

Not only is the Blackbox Republic intro video markedly gender-skewed, but somewhere along the line Sam and April decided to drop the “sex-positive” phraseology from their marketing:

[L]ike most startups, Blackbox decided it needed to change up. Observers were confused by the sex-positive label.

Oh well. I think this just goes to further showcase how much more social change we really need in our culture.

However, while the clubby, cliquey feel is totally my own subjective perception, there are other issues at play here, too. Most notably, as Clarisse Thorn and many others rightfully remind us very often, the sex-positive movement is overwhelmingly white, middle- to upper-class, college-educated, and privileged in a huge number of ways that many people often take for granted. Even without a for-pay social network, not everyone who wants to can participate in the great-sex-for-everyone party atmosphere of many sex-positive niches.

Will creating a “members-only club” of sex-positivity on the Internet really be a positive thing for “the movement”? Well, maybe. Although it has the potential to exclude lower-income people from the experience, who are sadly also often the people with the most pressing need for the kinds of privacy-related tools BBR offers (school teachers spring to mind!), one upside is that Blacbox Republic promises to pledge a portion of membership dues to a charity of the user’s choice.

It’s $25 a month and $5 of those community dues go to charity. One way to think about it is if you’re sex-positive, you can either spend money on expensive coffee every month or upgrade your social life and meet other sex-positive people like you.

Inescapably, the major selling point of any social network is, of course, the network! If your friends aren’t on Twitter, then you’re probably not going to find it useful. The same truth holds for Blackbox Republic: if the users you want to interact with aren’t there, I doubt you’re going to find the experience fruitful. Due to the membership fees and the socioeconomic realities of the sex-positive community, I’m concerned that BBR’s current business model is too exclusive, and as a result it will have a lot of trouble attracting the kind of diverse community its creators seem to be hoping for.

Yet, some others think differently (pun!). For instance, Dennis Howlett welcomes the for-pay model for a social network:

anyone can join provided they’re willing to pay the $25 a month (I like that he has a pay model from the get go. That sorts out the weirdos and hangers on from day one)

I wonder if adopting a free-mium approach might work better. Still, there are real-world limits to business. Everyone needs to make money, and I don’t think Blackbox Republic’s business model is inherently more exclusive than, say, purchasing access to porn. If anything, BBR’s got some real promise to inject much-needed financial awareness to the sexually insensitive corporate infrastructure of our society. Nevertheless, convincing people to join “the Republic” is going to be a hard sell.

Show me the features!

Let’s say you do decide to join. What do you get? Other than the sex-positive mindset, what’s the benefit?

Well, the bulk of the experience is what you’d expect. Profiles (called “personas”), messaging, user search capabilities (called “explore”), and so forth. A Twitter-like “activity stream” dominates the main page where you can post text, picture, or video status updates. Event listings fill the sidebar. (I’m not going to provide internal screenshots in deference to BBR’s strict confidentiality rules.)

While that’s fun, it’s nothing special. What makes Blackbox Republic different is flexibility, and privacy.

Goodbye drop-downs, hello sliders!

An innovative new interface acknowledges (most of) the diversity in human sexual experience and desire.

An innovative new interface acknowledges (most of) the diversity in human sexual experience and desire.

Blackbox Republic’s most visible feature is the way its interface allows you to flexibly self-identify various facets of yourself. Rather than give you static drop-down menus or radio buttons for things like your sexual orientation and relationship status, you’re presented with sliders you can change at will. Perhaps you’re feeling particularly same-sex attracted one day. Just move the “Orientation” slider towards the “Gay” end and away from the “Hetero” end. If that changes tomorrow, just move the slider back. Sho-weet!

BBR offers you 5 different sliders for your profile. In addition to the one for sexual orientation, you also get one for relationship “status” (ranging from attached to unattached, with Facebook’s famous “it’s complicated” neatly in the middle), whether you’re available for more partners or not, how comfortable you are with casual sexual activity, and how eagerly you’re looking to par-tay. I’m instantly reminded of FetLife‘s innovative, if dull-looking, mechanism for specifying multiple relationships. Blackbox Republic gives you similar flexibility as FetLife does but presented in a superb and far more intuitive interface.

All that said, one slider is conspicuously missing: the one for gender. The sliders are a very interesting idea and might just be the most innovative feature of the entire site. It speaks volumes about the sensitive and thoughtful mindset of the developers, and that’s why I’m so disappointed that the interface for self-identifying gender is relegated to the Sex 1.0 days of a single, binary option of “male” or “female.”

What gives? Are polyamorous people more welcome here than those who don’t fit the gender binary? I hope this is simply an omission that will be fixed as the service matures, since I couldn’t find any other reason why gender was absent from the sliders. For extra credit, I hope to see different profile options for “Sex” and “Gender,” two distinct concepts that frequently and incorrectly get used interchangeably. This would make it possible to represent complex gender presentations like additive gender on a social networking interface for the first time ever, and that’d totally be something to write home about!

Privacy and security

The other major selling point of Blackbox Republic is its careful attention to privacy. The entire offering, including its name, is predicated on letting users very carefully segment their information based on their privacy boundaries. I love some of the things BBR has done to enable this, and I can only imagine it’s going to get better from here.

Blackbox Republic’s Web of Trust

There are three levels of privacy, which (as far as I can figure out) map directly to the level of trust other members have gained within the Republic’s community. It works like a web of trust. New users are “un-vouched.” As they begin to interact with others on the site and, hopefully, make some friends, they should receive “vouches”—or votes of trust—from previously-vouched members. As a member, you get to control whether something you do, such as posting a status update, gets sent to the “public,” (i.e., the entire public-facing Internet), to all Blackbox Republic members (i.e, to both vouched and un-vouched members) or only to vouched members.

Additionally, privacy settings allow you to specify whether you want to allow un-vouched members to send you private messages, to follow your updates, to comment on your posts, or to see you in search results.

Unlike Facebook, which has very good privacy controls that almost nobody on Earth is aware of (thus negating the control’s usefulness), Blackbox Republic makes it a point to highlight their privacy controls at just about every sensical turn. Each of the settings I found defaults to the most private setting, not the most public, which is exactly the right move. I gotta say, I found turning off privacy settings instead of having to turn (or leave) them on to be a really empowering feeling.

You’re not a “friend,” you’re an acquaintance!

Moreover, the Blackbox Republic platform makes a native distinction between “friends” (again, like Facebook, or FetLife) and “followers” (like Twitter). When I friend someone, I’m connected to them in a way that I’m not if I just follow someone. I’m not yet certain what the practical distinction between “friending” and “following” are, other than the fact that your view of the people you’re connected with is segmented based on which button you clicked, but I think the distinction is a very appropriate and natural one to embed in the software.

This separation is probably the single most important innovation in the space of social networks as a medium of communication and collaboration that I can point at. I love that I can indicate without ambiguity which people I want to remain in constant communication with and which I simply want to watch from a distance. After all, aren’t at least some of your “friends” on Facebook really just “acquaintances” in reality? I think that for the first time ever in a social network, Blackbox Republic gets this feature right. Now, if only I could figure out what it actually does. :)

What? No on-the-wire encryption?!

With all that being said, there’s still at least one really frightening problem with Blacbox Republic’s careful attention to privacy: as far as I could tell, no part of my session is SSL/TLS encrypted!

Stunningly, for a site that sells privacy, not even Blackbox Republic's login form is on a secure page.

Stunningly, for a site that sells privacy, not even Blackbox Republic's login form is on a secure page.

The entire BlackboxRepublic.com website is served over HTTP, including the login form and—again, as far as I could tell—every page on the inside of the site. This means that it’s trivial for malicious people who don’t even have a Blackbox Republic subscription to intercept, eavesdrop, and modify my interaction with the site. They could watch—and save—private messages between me and one of my friends (or lovers!), for instance.

In Blackbox’s defense, I don’t know of any social network that protects you from this. FetLife is another example of a website that should seriously consider HTTPS-only pages, but as of this writing hasn’t implemented it. Therein lies one of the most frightening oversights in the entire social networking space: regardless of so-called privacy settings, everything you do on the vast majority of social networks, blogs, and other sites on the Internet are the equivalent of passing notes between friends in a classroom. Better hope that big bully who likes to steal your lunch money doesn’t open the note and read it himself while he’s passing along your login details!

The thing is, few other social networking sites place so strong a spotlight on user privacy and security. Since Blackbox Republic seems to be nobly and rightfully holding itself up to a new standard of privacy, I feel justified in pointing out this glaring omission in their service offering. Given everything else they’ve done so well, and how well-aligned the majority of their technical implementation seems to be with their philosophy, this omission came as a big surprise to me.

Until Blackbox Republic only serves HTTPS traffic for all private areas of their site, I can’t make a recommendation in good conscious that it’s the place to be for privacy-conscious people. But again, despite public opinion to the contrary, I’ve never been able to make that claim for FetLife either.

Conclusion

Blackbox Republic is one of the most interesting websites on the Internet today. Its privacy-conscious and sexually open approach to social networking and online dating deserves huge praise. Its technical implementation—although plagued with some glaring oversights for now—is to be seriously respected.

From a social change perspective, I think the site is a mixed bag. Its exclusivity arguably makes the insularity of the sexuality communities an even bigger problem than it already is. On the other hand, the market-value of that very same exclusivity, if steered toward a benevolent purpose, can end up benefiting philanthropic, non-profit, and other sex-positive endeavors that often struggle to find necessary financial support.

Moreover, Blackbox Republic’s internal gifting economy does seem to encourage a sort of altruistic nature among members. How that may or may not translate into increased support for non-commercial activists has yet to be seen. Nay-sayers should remember that this kind of thing simply hasn’t been done before and the net effect could be quite positive.

Having just launched, however, I don’t think Blackbox Republic should be touted as the go-to site for sex-positive people quite yet. Like other social networks, it needs to grow to become truly useful, and its subscription fee business model poses a serious obstacle to many people. I was fortunate to get in with a free “founder” account, but I have mixed feelings about encouraging my friends to join me knowing they—or someone nice enough to “gift” a limited-time subscription to them—will have to pay for the service.

Additionally, its focus on being, well, a black box and its commitment to not allow Google or other search engines to index its internal content simply doesn’t resonate that strongly with me.

Lawrence emphasizes that what members say in Blackbox Republic will stay private. There’s no danger of what they post inside becoming part of their “Google resume,” as he puts it. He says he would resist efforts from search engines to index content the way Facebook and Twitter allow. “The value proposition is this is the first private, large social network out there,” Lawrence says.

Put simply, and noting that I’m probably not the majority case here, I rely on my “Google résumé,” to use Sam’s words, to live the life I want. My lukewarm reaction to this isn’t a criticism of the goal, simply an observation that it turns out I’m not in the ideal target market for Blackbox Republic’s value proposition.

In other words, I think I’m “too out” for this site to be immediately useful to me. The fact that FetLife is not readily available to the public Internet is the single biggest reason why I don’t sign on to that site very often, and so I have the same reason not to spend all that much time behind the curtains of Blackbox Republic.

Nevertheless, many other people do. If you’re among the cross-section of the populace who’d like a sociosexual experience online and would also like to effectively outsource your social reputation management, if you will, but you feel that sites like Facebook just aren’t cutting it, then Blackbox Republic is definitely worth checking out.

If you do check it out, or even if you don’t, I’d love to know what you think in the comments. And if you’re definitely sold, consider signing up via my partner link. Full disclosure: signing up that way earns me a small commission. If you’d rather sign up but not give me a commission for the referral, just register from the front page.

Buy Web Development Books from SitePoint’s 5-for-1 Sale and Donate to Bushfire Relief

leave a comment

For those of you who don’t already know, I’ve been a blogger over at SitePoint for a few months now. Today, I’m even happier to be a participant in the SitePoint community because, for a limited time only, SitePoint is offering the sale of the century: buy 5 SitePoint books for the price of 1. Every last cent of the proceeds from the sale of these books will go towards relief efforts for the recent Victorian bushfires that have claimed over 300 lives and are among the worst fire disasters on record.

The books are full-color PDF downloads, and include some really awesome titles. These are precisely the kinds of books you want as PDFs, too, since you can search through them and always keep them with you while you’re coding and looking for inspiration or a reference (even when you’re without Internet access). I couldn’t help but pounce on this deal, and I’m now the proud owner of the following books, which have all received some pretty great reviews:

In just 3.5 hours, SitePoint has managed to raise over $15,000 AUD, according to employee Kevin Yank on Twitter. And that’s just on this side of the world. All my North hemisphere friends were asleep when this was announced, but not to worry. SitePoint’s sale will last until this Friday, so there’s plenty of time to take advantage of it.

Obviously, I think you should do so. Not only are you getting some really quality content and helping disaster victims at the same time, you’re also sending a loud and clear message that companies whose humanity outshines their accounting are the ones you’re going to support. I’m thrilled to see that SitePoint is one of these human companies, and ever more thrilled to be a part of it.

Written by Meitar

February 10th, 2009 at 8:06 am

SECURITY FAIL: Workamajig.com encourages users to email cleartext passwords

4 comments

Creative agency management tool company Workamajig.com is a sizable operation with an international client base. Their product used to be called “Creative Manager Pro” which I can only assume they changed because it wasn’t actually creative enough. Anyway, it turns out that Workamajig has what is without doubt the absolute worst error message I can possibly think of from a security standpoint.

The error, which is triggered on login regardless of whether or not the username and password you enter are correct (presumably because the issue occurs while trying to authenticate), displays the username and the password the user has entered in cleartext and then (as if that wasn’t bad enough) encourages the user to email this information to their support department!

Yes, we have made the company aware of the problem. No, they have not fixed it yet. Proof in the form of a screen capture from literally 10 minutes ago:

Workamajig.com login error echoes the entered password in cleartext and encourages the user to send this to their support via email.

Workamajig.com login error echoes the entered password in cleartext and encourages the user to send this to their support via email.

No, these are not real credentials, but an uninformed user may very well enter access credentials that are valid. Since this issue is not triggered by invalid credentials, that means valid login information for god knows how many Workamajig user accounts is very likely sitting in the SMTP logs of countless mail servers. Since in many countries these logs are federally mandated to be saved for at least two years, if I were a user of Workamajig I would seriously consider changing my account password ASAP, as well as changing any other account that I used the same password for!

I can’t be sure from this screen shot, but I sincerely hope that user’s passwords are passed around in the application as well as stored on disk as salted cryptographic hashes. Of course, after seeing this, I wouldn’t be shocked if that wasn’t the case. The good news is that the login screen to their application is only accessible with an SSL/TLS connection, which does prevent someone from snooping on the wire. Nevertheless, there are still many attack vectors that SSL/TLS doesn’t protect against if the rest of the application is not secure or, say, if you’re encouraged to bypass those protections by sending emails with sensitive data in order to request technical support.

Anyway, hopefully this gets fixed sooner rather than later. At the very least, don’t encourage users to email cleartext passwords. That is pretty much always a Very Bad Thing.

Update: It took only a couple of days for Workamajig to notice this blog post, which is great because it means I woke up to a forwarded email in my inbox in which a Workamajig representative said:

On the issue of showing the user id and password in an error message, [we] will be changing the way that error message is displayed. […] Just to clarify the user id and password is just on the screen of the user that is logged in, and that message to copy and paste is a standard messages and it is just intended for you to copy and paste the error message; you are not required to send the user id and password.

I haven’t encountered the same issue again (but then again I only tried to login to my account twice in between then and now), so I can’t verify that the error message really has changed but I’d give Workamajig the benefit of the doubt. If you’re using Workamajig and notice a change in the way this login error is handled before I do, leave a comment to let me know it’s really been changed.

Written by Meitar

October 22nd, 2008 at 3:29 am

YubiKey and OpenID: Two great tastes that taste better together

one comment

In some communities, this is sort of old news, however I’ve recently become aware of an exciting and affordable security product called the YubiKey, manufactured by Yubico. The YubiKey is a $35 USD one-time password second-factor authentication token that uses 128-bit AES encryption to provide identity verification. That’s a mouthful, but what it really means is this: using a YubiKey to log in to stuff makes your logins about as secure as a military installation. Here’s how.

When you log in to just about any Web site or Internet-enabled service, say Basecamp for example, you traditionally simply type in a user name and matching password. This is known as one-factor authentication because all you need to do to log in successfully is use a matching pair of user names and their passwords. Since the user name is not hidden, the only piece of the puzzle that’s providing any security is your password.

Now, a password is something you have to remember, so this factor is called "something you know." Of course, if someone else also knows your password, this means that person can log in pretending to be you. Thus enters the need for a second factor for authentication.

The YubiKey is a physical USB fob device with a unique ID. That is, each YubiKey in the world has its own ID, meaning that no two are identical. This implies that if you have a YubiKey with you, no one else can have that same YubiKey anywhere else in the universe. Thus, this gives you a second factor with which to authenticate yourself, specifically it’s "something you have."

When you combine something you know (for instance, a password) with something you have (such as a YubiKey), you have two-factor authentication. Authenticating yourself with both of these factors is obviously more secure than relying solely on one factor because in order to compromise it an attacker needs to compromise both factors; the attacker would need to know what you know (figure out your password) and steal something you have (physically obtain your YubiKey).

If you’re familiar with one-time credit cards such as those that PayPal offers, you can think of the YubiKey like one of these cards, but instead of being used to make online purchases, it’s used for logging into stuff (and, of course, you don’t need more than one physical YubiKey). Of course, for authentication to work with the YubiKey the application or service you are logging into has to be able to understand that you’re using one of these authentication devices.

The good news here is that the entire process of using a YubiKey is a well-documented, open-source, and open-spec scheme so it’s easy for service providers to implement. And, because Yubico is also an OpenID identity provider, you can use your YubiKey to log into any site that supports the OpenID protocol right now, such as (you guessed it) Basecamp! There’s even a WordPress YubiKey plugin so you could theoretically use your YubiKey to secure your authentication to any of your WordPress blogs.

The YubiKey spec is, itself, completely independant of the OpenID spec and vice versa, which is what makes the combination so formidable. What’s so cool about this process is that the site you’re authenticating to, such as Basecamp or your WordPress blog, doesn’t have to know anything about how you’re authenticating because the OpenID provider (Yubico in this example) simply returns the answer—a perfect example of a well-constructed API at work. Either you have successfully authenticated to your OpenID provider or you haven’t, and the site can respond accordingly.

And if that’s not cool enough, want to know the coolest thing about the YubiKey? It’s environmentally friendly! The YubiKey web site states that the robust, ultra-thin and battery-free design increases lifetime and reduces environmental impact.

I’m more than seriously considering getting one of these myself, and even beyond that, getting one for all of my fellow site editors on some of the community web sites I help maintain. This is especially important for sites dealing in confidential or otherwise sensitive information, such as those which hold financial records or have other privacy concerns. Securing the authentication of privileged users such as the site administrators seems a natural step.

Even better yet, because the only cost to implementing this system is developer resources and the cost of the physical YubiKey device, I’m also seriously considering baking this right into any new sites I develop. At $35, a YubiKey is actually cheaper than an SSL certificate, and even though they don’t protect against all the same attack vectors, I think a device like the YubiKey is clearly a vastly superior solution in the majority of use cases.

I never really had a compelling reason to begin to propagate an OpenID identity before but now, at last, I do.

Written by Meitar

September 1st, 2008 at 12:08 pm

Productivity: It’s not what you do, it’s how you do it, and twentysomethings do it better

one comment

I don’t believe I have ever before posted an entry that, for all intents and purposes, is just a link to another blog post. However, this blog post is simply so brilliant and yet so short and easily-digestable, that I have nothing more to say. Thus: Twentysomething: 7 Reasons Why My Generation Is More Productive Than Yours.

By those definitions, I’ve been a productive twentysomething-year-old since I was a pre-teen, which just goes to show you that age has nothing to do with it. Damn straight.

Written by Meitar

August 4th, 2008 at 10:20 am