Tag: technology

Self-described activist creator of Cell 411 app weirdly refuses to discuss its closed source tech because of anti-racist Twitter handle of the person asking

About a week ago I published a post cautiously praising the work of Boulder, Colorado based SafeArx, the company behind a smartphone app called Cell 411 claiming to cut down on the need for police:

Let me be clear that I love the idea of a decentralized emergency alerting response platform. I think it’s incredibly important for such a tool to exist. […] I want to see a project with Cell 411’s claims succeed and be a part of abolishing the police and the State altogether. I think there’s real potential there to make headway on an important social good (abolishing the police, dismantling the prison industrial complex, among other social goods) and I want to offer whatever supportive resources I can to further a project with these goals.

In the post, I raised some basic questions about Cell 411 that seemed to have gone unasked by reporters covering it. Chief among them is that the app claims to be a de-centralized alternative to 9-1-1, except that it’s not decentralized at all. I described this discrepancy as follows:

On the Google Play store, Cell 411 describes itself like this:

Cell 411 is a De-centralized, micro-social platform that allows users to issue emergency alerts, and respond to alerts issued by their friends.

The problem is in the very first adjective: de-centralized. To a technologist, “decentralization” is the characteristic of having no single endpoint with which a given user must communicate in order to make use of the service. Think trackerless BitTorrent, BitCoin, Tor, or Diaspora. These are all examples of “decentralized” networks or services because if any given computer running the software goes down, the network stays up. One of the characteristics inherent in decentralized networks is an inability of the network or service creator from unilaterally barring access to the network by a given end-user. In other words, there is no one who can “ban” your account from using BitTorrent. That’s not how “piracy” works, duh.

Unfortunately, many of the people I’ve spoken to about Cell 411 seem to believe that “decentralized” simply means “many users in geographically diverse locations.” But this is obviously ignorant. If that were what decentralized meant, then Facebook and Twitter and Google could all be meaningfully described as “decentralized services.” That’s clearly ridiculous. This image shows the difference between centralization and decentralization:

The difference between centralization and decentralization.

As you can see, what matters is not where the end users are located, but that there is more than one hub for a given end user to connect to in order to access the rest of the network.

Armed with that knowledge, have a look at the very first clause of Cell 411’s Terms of Service legalese, which reads, and I quote:

1. We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

This is immediately suspect. If they are able to actually enforce such a claim, then it is a claim that directly contradicts a claim made by their own description. In a truly decentralized network or service, the ability for the network creator to unilaterlly “terminate or suspend your account immediately, without prior notice or liability” is not technically possible. If Cell 411 truly is decentralized, this is an unenforceable clause, and they know it. On the other hand, if Cell 411 is centralized (and this clause is enforceable), other, more troubling concerns immediately come to mind. Why should activists trade one centralized emergency dispatch tool run by the government (namely, 9-1-1), for another centralized one run by a company? Isn’t this just replacing one monopoly with another? And why bill a centralized service as a decentralized one in the first place?

Despite this, I was hopeful that Cell 411’s creator, Virgil Vaduva, and his team would be willing to at least address the point, perhaps by discussing their development roadmap. Maybe it’s not decentralized yet, but they intend to decentralize it later on? That would be awesome, and important. Moreover, I asked if they would be interested in combining efforts with me or others with whom I’ve worked, since we’ve been developing an actually decentralized, free software tool with the same goal in mind called Buoy for a few months now. I said as much in my earlier post:

I want to see Cell 411 and Buoy both get better. Buoy could become better if it had Cell 411’s mobile app features. Cell 411 could become better if its server could be run by anyone with a WordPress blog, like Buoy can be.

I sent Virgil Vaduva an email last week, and tweeted at him before writing my post. (My previous post includes a copy of the email I sent him.) I was ignored. So I started tweeting at others who were tweeting about Cell 411, linking them to my questions. It seems that’s what got Mr. Vaduva’s attention, since today I finally got a response from him. And that response is extremely concerning for Cell 411’s supposed target audience: activists. Here’s how Mr. Vaduva “answered” my technical questions:

I’m not entirely sure why technical questions like these were answered by a hyper-focus on the militantly anti-racist Twitter handle I happen to be using right now (it’s actually “Kill White Amerikkka”), unless of course if Vaduva is having some kind of trigger reaction caused by (evidently not-so-latent) internalized white supremacy. Later, he called my original post, which, again, included outright praise for Cell 411 a “shitty hit piece.” I even offered to change my Twitter handle (as if that has any bearing at all on the technical matters?) for the duration of a discussion with him, but again, the only replies were, well, have a look:

The full thread is…well, classic Twitter.

I don’t know about you, but the idea of installing a closed-source app that reports my location to a centralized database controlled by a company whose founder actively deflects legitimate technical questions by objecting to a militantly anti-racist Twitter handle and making immature pro-capitalist statements when asked technical questions doesn’t sit well with me. But even if that were something I could tolerate, it raises even more concerning questions when that very same app is one touted as being built for anti-police brutality activists.

Last week, I would have told my friends, “Go ahead and try Cell 411, but be careful.” With this new information, my advice is: “Don’t trust anything created by SafeArx, including Cell 411, until and unless the technical issues are addressed, the source is released as free software, and its creators make clear that anti-racism and anti-capitalism is a core intention of their development process.”

In my personal opinion, tools like Cell 411 that purport to be “made for activists, by activists” need to be comfortable materially advancing the destruction of whiteness and white identity, as well as standing in solidarity with militant resistance to white supremacy. But even putting aside concerns over Vaduva’s discomfort with anti-racist Twitter handles, any technologist worth his salt who wants his closed-source technology to be trusted should be able to answer some basic questions about it if he’s indeed unwilling to release the source code itself.

Mr. Vaduva and Cell 411 fall short on both counts. The sad thing is that any potentially latent racism in Cell 411’s creator wouldn’t be a technical concern if Cell 411 itself were actually decentralized free software, since the intentions or social beliefs of an app’s creator can’t change how the already-written code works. As I said in the conclusion to my previous post:

It’s obvious, at least to anyone who understands that the purpose of cops is to protect and uphold white supremacy and oppress the working class, why cops would hate a free decentralized emergency response service. Again, I want to use such an app so badly that I began building one myself.

But if Cell 411 is centralized, then it becomes a much more useful tool for law enforcement than it does for a private individual, for exactly the same reason as Facebook presents a much more useful tool for the NSA than it does for your local reading group, despite offering benefits to both.

Cartoon of a protester ineffectually trying to shoot corrupt government officials with a 'Facebook' logo positioned as a gun.

[…]

As long as Cell 411 remains a proprietary, closed-source, centralized tool, all the hype about it being a decentralized app that cops hate will remain hype. And there are few things agents of the State like more than activists who are unable to see the reality of a situation for what it is.

Admiral Ackbar: Proprietary and centralized software-as-a-service? It's a trap!

If you think having a free software, anarchist infrastructural alternative to the police and other State-sponsored emergency services is important and want to see it happen, we need your help making Buoy better. You can find instructions for hacking on Buoy on our wiki.

Cell 411, the “de-centralized” smartphone app that “cops hate” is neither de-centralized nor hated by cops

If you’re following anti-police brutality activists, you might have heard about a new smartphone app that aims to cut down on the need for police. Cell 411 is touted as “the decentralized emergency alerting and response platform” that “cops don’t want you to use.” There’s only one problem: its central marketing claims aren’t true. Cell 411 is not decentralized, and there’s no evidence that cops don’t want you to use it.

Let me be clear that I love the idea of a decentralized emergency alerting response platform. I think it’s incredibly important for such a tool to exist. I’m so committed to that belief that I’ve been building a free software implementation of just such a tool, called Buoy, for a few months now.

Further, I believe it’s equally important that the developers of a tool like this actively eschew the State-sponsored terrorist gangs known as law enforcement, because that mindset will inform the tool’s development process itself. On the face of it and from the research I’ve done to look into Cell 411’s developers, I think there is a lot of welcome overlap between them and myself. Indeed, I’m grateful to them for developing Cell 411 and for dropping their price for it, offering it free-of-charge on the Android and iOS app stores, which is how it should be. Nobody should be charged any money for the opportunity to access tools for self- and community protection; that’s what cops do!

I’ve even reached out both publicly and privately to the developers of Cell 411 through email and Twitter to ask them about a possible collaboration, pointing them at the source code for the Buoy project I’m working on and asking where their source can be found.1 I want to see a project with Cell 411’s claims succeed and be a part of abolishing the police and the State altogether. I think there’s real potential there to make headway on an important social good (abolishing the police, dismantling the prison industrial complex, among other social goods) and I want to offer whatever supportive resources I can to further a project with these goals.

But I am concerned that Cell 411 is not that project. The fact is there are glaring, unexplained inconsistencies between their marketing material, the perception that they encourage the public to have about their tool, and their tool’s legal disclaimers. Such inconsistency is, well, sketchy. But it’s not unfamiliar, because this exact kind of inconsistency is something activists have seen from corporations and even well-meaning individuals before. We should be able to recognize it no matter the flag, no matter how pretty the packaging in which the message is delivered is wrapped in.

On the Google Play store, Cell 411 describes itself like this:

Cell 411 is a De-centralized, micro-social platform that allows users to issue emergency alerts, and respond to alerts issued by their friends.

The problem is in the very first adjective: de-centralized. To a technologist, “decentralization” is the characteristic of having no single endpoint with which a given user must communicate in order to make use of the service. Think trackerless BitTorrent, BitCoin, Tor, or Diaspora. These are all examples of “decentralized” networks or services because if any given computer running the software goes down, the network stays up. One of the characteristics inherent in decentralized networks is an inability of the network or service creator from unilaterally barring access to the network by a given end-user. In other words, there is no one who can “ban” your account from using BitTorrent. That’s not how “piracy” works, duh.

Unfortunately, many of the people I’ve spoken to about Cell 411 seem to believe that “decentralized” simply means “many users in geographically diverse locations.” But this is obviously ignorant. If that were what decentralized meant, then Facebook and Twitter and Google could all be meaningfully described as “decentralized services.” That’s clearly ridiculous. This image shows the difference between centralization and decentralization:

The difference between centralization and decentralization.

As you can see, what matters is not where the end users are located, but that there is more than one hub for a given end user to connect to in order to access the rest of the network.

Armed with that knowledge, have a look at the very first clause of Cell 411’s Terms of Service legalese, which reads, and I quote:

1. We may terminate or suspend your account immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.

This is immediately suspect. If they are able to actually enforce such a claim, then it is a claim that directly contradicts a claim made by their own description. In a truly decentralized network or service, the ability for the network creator to unilaterlly “terminate or suspend your account immediately, without prior notice or liability” is not technically possible. If Cell 411 truly is decentralized, this is an unenforceable clause, and they know it. On the other hand, if Cell 411 is centralized (and this clause is enforceable), other, more troubling concerns immediately come to mind. Why should activists trade one centralized emergency dispatch tool run by the government (namely, 9-1-1), for another centralized one run by a company? Isn’t this just replacing one monopoly with another? And why bill a centralized service as a decentralized one in the first place?

Virgil Vaduva, Cell 411’s creator, told me on Twitter that the app is not open source but hinted that it might be in the future:

This leaves me with even more questions, which I asked, but received no answer to as yet. (See the Twitter thread linked above.)

Cell 411’s proprietary source code is licensed under an unusual license called the BipCot NoGov license, written by a libertarian group with whom I share distrust and hatred of the United States government. Where we differ, apparently, can be summed up by this Andy Singer quote:

Libertarianism is just Anarchy for rich people.

And that concerns me greatly. Cell 411 originally cost 99¢ per app install on both the Google Play and iTunes app stores. It’s now free, which, again, is a move in the right direction. But by refusing to release the source code, SafeArx holds its users hostage in more ways than one. There are already rumors that the company is intending to monetize the app in the future, perhaps by charging for app downloads or perhaps in some other way in the future. That is fucked. The people who need an alternative to the police most of all are not people with money. That’s why all of Buoy’s code was available as free software from the very beginning; so those people could access the tool. And beyond that, it’s the very people who need an alternative to the prison industrial complex most who are also most in need of safety from capitalism’s exploitative “monetization.”

I hope Virgil chooses to make Cell 411 free software too—i.e., not just free as in no-charge but software libre as in freedom and liberty. A closed-source tool is downright dangerous for activists to rely on, especially for an app that is supposed to be all about communal safety. This has never been more obvious than in the post-Snowden age. If you share our goal of abolishing the State and ending the practice of caging human beings, and you want to dialogue, please do what you can to convince the people running SafeArx and Cell 411 of the obvious strategic superiority of non-cooperation with capitalism.

Which brings me to my next major concern: there is no evidence that cops hate Cell 411, despite the headlines. It’s obvious, at least to anyone who understands that the purpose of cops is to protect and uphold white supremacy and oppress the working class, why cops would hate a free decentralized emergency response service. Again, I want to use such an app so badly that I began building one myself.

But if Cell 411 is centralized, then it becomes a much more useful tool for law enforcement than it does for a private individual, for exactly the same reason as Facebook presents a much more useful tool for the NSA than it does for your local reading group, despite offering benefits to both.

Cartoon of a protester ineffectually trying to shoot corrupt government officials with a 'Facebook' logo positioned as a gun.

I am not saying that Cell 411 is a bad tool. Far from it. My belief is that it is a good tool for individuals and my hope is that it will become a better tool over time. But if Cell 411 is to go from “good” to “great,” then it must actually be decentralized. It must be released freely to the people as free software/software libre. Private individuals who are working to create social infrastructure as an alternative to police must be able to access its source code to integrate it with other tools, to hack on it and make it more secure. This is the free software way, and it is the only feasible anti-capitalist approach. And the only strategically sound way to abolish police is to abolish capitalism, since police are by definition capitalism’s thugs.

It is the explicit intent of police and the State to prevent private individuals from taking their own protection into their own hands, from making their own lives better with their own tools in their own way, by not allowing access to the source of those tools. We, Cell 411 included, should not be emulating that behavior.

I want to be able to run my own Cell 411 server without asking for permission from SafeArx to do so. If Cell 411 were decentralized free software, I would be able to do this today, just as I can publish my own WordPress blog, install my own Diaspora pod, or run my own Tor relay without asking anyone for permission before I do it. This is what I can already do with Buoy, the community-based emergency response system that is already decentralized free software, licensed GPL-3 and available for download and install today from the WordPress plugin repository.

As a developer, I want to see Cell 411 and Buoy both get better. Buoy could become better if it had Cell 411’s mobile app features. Cell 411 could become better if its server could be run by anyone with a WordPress blog, like Buoy can be.

But as long as Cell 411 remains a proprietary, closed-source, centralized tool, all the hype about it being a decentralized app that cops hate will remain hype. And there are few things agents of the State like more than activists who are unable to see the reality of a situation for what it is.

Admiral Ackbar: Proprietary and centralized software-as-a-service? It's a trap!

If you think having a free software, anarchist infrastructural alternative to the police and other State-sponsored emergency services is important and want to see it happen, we need your help making Buoy better. You can find instructions for hacking on Buoy on our wiki.

  1. Here’s the email I sent to Virgil Vaduva, Cell 411’s creator and SafeArx’s founder (the company behind the app):

    From: maymay <bitetheappleback@gmail.com>
    Date: Sat, 27 Feb 2016 20:03:38 -0700

    Hi Virgil,

    My name is maymay. I learned about Cell 411 recently and I’m excited to see its development. It is similar to a web-based project of my own. I am wondering where the source code for the Cell 411 app can be found. I could not find any links to a source code repository from any of the marketing materials that I saw on your website.

    Our own very similar project is called Buoy. The difference is that Buoy is intended for community leaders and intends to be a fully free software “community-based crisis response system,” with the same anti-cop ideology as Cell 411 but built as a plugin for WordPress in order to make it super easy for anyone to host their own community’s 9-1-1 equivalent.

    Our source code is here:

    https://github.com/meitar/better-angels/

    We have focused on the web-app side of things because that’s where our experience lies, but were hoping to create a native mobile app later on. It seems you already made one. Rather than reinvent the wheel, we’re hoping to integrate what you’ve done with Cell 411 with what we’ve already developed in order to facilitate a more decentralized, truly citizen-powered infrastructure alternative to 9-1-1.

    So that’s why we’re interested in looking at Cell 411’s source code.

    Thanks for your work on this so far.

    Cheers,
    -maymay
    Maymay.net
    Cyberbusking.org

    []

HowTo: Download movies, games, books, and other digital media freely and anonymously using BitTorrent with public proxies

Note: This guide assumes you never used BitTorrent before, and that you want to start learning about it with a safety focus from the outset, but it does assume you understand basic computer and Web lingo like “website address” and “downloading.” If you’re new to BitTorrent and don’t care about staying private, then LifeHacker’s “A beginner’s guide to BitTorrent” or “The Torrent Guide for Everyone” at MakeUseOf.com may be more your speed. Also, if you do have some experience with BitTorrent, all the better. Things will make more sense to you more quickly. :)

If you’re going to read this how-to guide, I’m not going to assume you need to be convinced that downloading movies and other digital media like music, eBooks, games, and so on is something worth doing. There are, of course, many reasons why you might want to get media at no cost. These reasons range from the personal (Netflix doesn’t have the show you’re really into right now) to the political (fuck Netflix and also fuck capitalism) and everything in between (you don’t have “discretionary income” because, y’know, capitalism, but whatevs).

This guide isn’t trying to tell you what you should do—that’s your government’s job. All I want this guide to do is help you access the material you want, whatever that material is, regardless of why you want it, safely and anonymously. And since the most widely used and arguably most effective digital media distribution technology is BitTorrent, that’s what we’ll focus on today.

If you’ve heard anything about “downloading free movies on the Internet,” you probably heard of BitTorrent or its more colloquial synonym, “torrents.” You have also probably heard of companies threatening BitTorrent users with Internet service bans, financial penalties, and even lawsuits for “stealing intellectual property.” Through expensive and coordinated campaigns, companies like Disney and others represented by special interest groups like the RIAA and MPAA try to convince people that BitTorrent is hard, immoral, and unsafe to use. But these corporate-backed efforts are little more than self-serving moral crusades, effectively a big societal guilt trip, and a false one at that.

By the time you finish reading this guide, you’ll see how and why BitTorrent is easy, ethical, and safe to use. To do that, let’s start at the beginning. (If you’re one of those “just give me a fish, I don’t want to learn how to fish,” people, skip to Step 1, below. But I warn you, you’ll have a much better understanding of what I’m talking about, and that means you’ll be able to keep yourself a lot safer, if you read thoroughly than if you skip ahead. You can always skip ahead the next time, after you absorb the background information first.)

What is BitTorrent, really?

BitTorrent is a way to copy files between computers. That’s it. Really. “But if it’s just a way to copy files around,” you’re probably wondering, “what makes BitTorrent so special?”

What makes BitTorrent special: pieces, not files

What makes BitTorrent special is the way it goes about copying (or “sharing”) files. Ordinarily, to start downloading a copy of a file from someone else, they have to have the entire file. Not so with BitTorrent. Using BitTorrent, you can download (that is, receive, or copy)1 incomplete parts of a file from someone else who also only has some but not all parts of the desired file, themselves. Moreover, BitTorrent itself doesn’t care what the file is. The file might be a “pirated” movie, but it might also be literally anything else. BitTorrent isn’t just for piracy. BitTorrent can be, and often is, used to share anything that can be digitized, no holds barred, since all BitTorrent cares about are what it calls pieces.

You can think of BitTorrent “pieces” like pieces in a jigsaw puzzle. When you download a file with BitTorrent, what you’re actually downloading is copies of all the individual puzzle pieces that, taken together, make up the completed jigsaw puzzle. When you have all the pieces, BitTorrent automatically puts the pieces in the right places so they make up the desired file or files. This completed puzzle is what BitTorrent calls a “seed.”2

When you first go to download stuff with BitTorrent, you’ll be presented with something called a “torrent.” You can think of torrents, which are sometimes a kind of file themselves (a “.torrent file”), like empty jigsaw puzzle boxes.3 Torrent files describe their contents, but they are not the actual content. So the torrent isn’t a true puzzle piece, per se. Rather, a torrent is the additional information we need to look for the rest of the pieces. Much as a picture on a jigsaw puzzle box shows you what the complete puzzle with all the pieces in the right spots is supposed to look like, but it isn’t a puzzle piece itself, so too does the torrent itself describe the completed torrent contents.

Okay, but where do torrents come from?

Torrents are made by other people, just like you. Sharing something of your own with others using BitTorrent is actually pretty easy. Beyond that, especially if you want to share something big but don’t have a lot of resources like bandwidth or disk space, using BitTorrent to share it can help you out big time.

Making a torrent is a simple matter of using a program to make a new .torrent file (our proverbial “jigsaw puzzle box”) out of files you already have on your computer. Usually, this is as simple as choosing “New Torrent…” from the “File” menu in a BitTorrent app, such as in this screenshot of uTorrent 1.8.4 for Mac OS X, below:

Creating a torrent is as simple as: 1. Choosing "New Torrent…" from the "File" menu of your BitTorrent client and 2. Ticking a few boxes.

There are a lot of BitTorrent client apps you can choose to use. Naturally, Wikipedia has a huge comparison chart of them, and plenty of blogs have their “best of” picks. “uTorrent” is just the name of a popular one, and I like it well enough. For our purposes, the only really important thing is that whatever client you pick needs to have support for network proxies, which we’ll talk about next. If you’re not sure what to use, I recommend Deluge because it’s free, fast, works everywhere, and yes, supports proxies.

Sharing something of your own makes you the first seed for this torrent, since you obviously have all the pieces of the files you’re sharing. For other interested users to make their own complete copies of a file, there needs to be at least one person who’s got all the puzzle pieces. That is, there needs to be at least one “seeder.” But don’t worry, because once someone else finishes downloading all the pieces of your torrent from you, they become another seeder, since now they, too, have all the puzzle pieces. The group of folks sharing a torrent is what BitTorrent calls a “swarm.”

Any torrent you might download was first uploaded to the Internet by someone else in this way. Many people also take the next step of listing their torrents in one or more of the many public, searchable directories that index, archive, and categorize torrents, called “torrent sites.” The most famous of these community-driven websites was ThePirateBay.com (may it rest in peace), but today there are dozens of popular ones, like Kickass Torrents, ExtraTorrent, and AhaShare, to name a few.

If you’re new to BitTorrent and just wanna practice using it without the threat of legal doom, then you can use this page as a test torrent! Get a torrent client app (I like Deluge a lot), and then click on this “seed this page as a torrent” link (or the similar link on any of my blog’s web pages). You’ll get a .torrent file to download. Open it in Deluge and you’ll begin downloading. When the download is done, you’ll have a copy of this guide. If you’re a blogger like me, you can make anything on your website into a torrent very easily by using the BitTorrent My Blog plugin that I wrote shortly after I put this guide together. :) Once you feel like you have the hang of torrent basics, read on to learn more about torrenting anonymously. (Alternatively, try downloading one of Archive.org’s many zines using their torrent option, instead of the “direct download” option.)

So you see, there’s nothing nefarious, underhanded, or dangerous about sharing files over BitTorrent, or “torrenting.” The danger comes solely from malicious, overbearing, and greedy people who abuse others to try to control what is being shared, and who is allowed to share it. BitTorrent itself is just a tool, much like the rest of the Internet. Equating BitTorrent with wrongdoing is like telling people they’re doing something wrong when they browse the Web and read blogs. It’s just silly. Still, much like browsing the Internet, torrenting can be dangerous because of the malicious people, corporations, or tentacle monsters who are willing and able to abuse you for reading, saying, or sharing something they don’t want you to.

That’s where protecting yourself with public proxies comes in.

Public proxies as shields for our identity

To keep yourself safe from predators like corporations with itchy lawsuit fingers, you have to know a thing or two about network proxy servers.

It's dangerous to go alone! Take this.

Everything you need to know about proxies, and nothing you don’t

A network proxy is simply a computer that’s willing to forward a message from you to another computer on your behalf, just like a classmate who’s willing to pass your note along to a fellow classmate during class.

The nature of proxies makes them easy to abuse (much like a classmate’s trust), so many proxies are not available for public use. These are called “private proxies,” and they generally require that you have a username and a password before you can use them. But many other proxies are available for public use, offered freely to netizens like you by folks who understand the importance of a free and open Internet. Many of these proxies are listed in directories like XRoxy.com, ProxyNova.com, UltraProxies.com, PublicProxyServers.com, and so on. These are called “public proxies,” to no one’s surprise.

By the same token, an anonymous proxy is a computer that’s willing to forward a message from you to another computer, and won’t tell that other computer who the message came from. For obvious reasons, anonymous network proxies are almost always also public proxies. Anonymous proxies are designed to shield our identities. The ones that take privacy seriously are like our best friends; they’re willing to pass notes for us in class and won’t snitch on us if they get in trouble.

Confusingly, there are about as many ways to describe (or “classify”) anonymous proxies as there are websites listing them. Each of the proxy directories I just mentioned displays their list somewhat differently, but they all classify proxies along the same basic criteria because, technically, they’re all doing the same thing. For our purposes, the important things to know about a proxy are:5

  • Its IP address and port number. This is the proxy’s internet address. It serves the same purpose as the Web addresses (URLs) you’re familiar with, but both parts are only numbers.
  • Its anonymizing features. We only want to use proxies that are labelled with words like “HiAnon,” “High KA+,” “Elite,” “Anonymous,” or “Ultra” anonymity levels. We don’t want “transparent” proxies.
  • Ideally, the proxy should also have “SSL,” “TLS,” or “HTTPS” support, which all mean the same thing. These proxies are the ones that accept the ubiquitous, encrypted Web traffic that many banks and e-commerce sites like Amazon and Facebook use. This is helpful to us because it means we can make our torrenting activity look like we’re browsing websites, even if we’re not.

Finally, there’s one peculiar and popular kind of anonymizing proxy that deserves a special mention: the Tor Browser.

Tor Browser: a very special, very important anonymizing tool

One very special example of an anonymous proxy service is called Tor: The Onion Router. I wrote a detailed description of it in another HowTo guide. While it’s technically possible to use the Tor network as an anonymous proxy for BitTorrent, that’s generally a bad idea because doing that slows down the whole Tor network, including your own BitTorrent downloads, among other reasons. Remember, the whole point of BitTorrent is to download large files quickly, which is the opposite of what Tor was invented to do (download tiny files super secretly). So, BitTorrent isn’t something you want to use Tor for.

That said, Tor does come in handy when you’re searching the Internet for torrents to download in the first place. Especially if you’re looking for some “intellectual property” protected by the legal system (*cough*movies/games/TV shows/apps/etc.*cough*), you probably want to use the Tor Browser to find torrents of it. This is because, if you use your regular ol’ Web browser and Internet connection directly, you’ll reveal what you’re searching for to anyone looking. Using the Tor Browser, rather than your regular browser, keeps others in the dark. Tor, in turn, then makes a request to The Pirate Bay or whoever on your behalf, and returns their answer (that is, the resulting web page) to you. So as long as you use the Tor Browser, your Internet service provider (and your government) remains none the wiser about what material you’re accessing.

This is how we want our actual torrenting to work, too. So what we need is a (fast) network proxy. But wait. We don’t want anyone to know that we’re looking for fast network proxies, because duh. What are we to do? The answer, by now, should be obvious: use Tor. So, if you don’t already have it, get the Tor Browser. It’s an easy to use Web browser that frees you to browse the Internet anonymously. We’ll need that.6

Torrenting anonymously: an overview

At this point, you have all the knowledge you need to torrent anonymously, even if you don’t feel like it, yet. Let’s review.

Torrenting is simply the activity of copying files from one computer to another using BitTorrent. To do this anonymously, you need to make sure that you never make a direct connection from your computer to other users. For that, you use a BitTorrent client that supports network proxies. You also need a way to search for torrents that your Internet provider won’t know about. For that, you use the Tor Browser.

You also use the Tor Browser to find an anonymous proxy. Once you find an anonymous proxy, you tell your BitTorrent client to use it, which is a simple matter of setting its proxy preferences to the address of the anonymous proxy you found. Then you load the torrent you want to download into your BitTorrent client, and you’re done.

That’s the whole process from start to finish. Now let’s take each step one at a time.

Preparation: Get the Tor Browser and a BitTorrent client that supports proxies

If you don’t already have it, download and open the Tor Browser. If you don’t already have a favorite BitTorrent client that supports proxies, try Deluge. Open it up, too.

Step 1: Find and configure an anonymous network proxy

As mentioned earlier, there isn’t anything magical about network proxies, and there’s nothing special you need to know to use one. All you really need to know about them is where they are. Luckily for us, there are public listings of them in much the same way that there are public listings of torrents themselves. A simple search for them on the Tor Browser’s home page, as shown here, will return many such listings:

Annotated screenshot showing how to use the search field on the Tor Browser's start up page to perform a secure, anonymous Web search. We're looking for anonymous proxies, but you could search for anything at all, without fear of being watched.

Make a note of the type (typically either SOCKS4, SOCKS5, HTTP, or HTTPS) and address (IP and port numbers) of an anonymous proxy. Then, configure your BitTorrent client with those network settings.

Here’s an example of what Deluge 1.3.11’s Proxy preference window looks like:

Screenshot of Deluge version 1.3.11 showing a sample proxy configuration for every BitTorrent request type.
Screenshot of Deluge version 1.3.11 showing a sample proxy configuration for every BitTorrent request type.

And here’s the same configuration in uTorrent 1.8.4 for Mac OS X:

Screenshot showing uTorrent's proxy configuration options.7

Anonymous proxies don’t stay online forever. They come and go at irregular, sometimes unexpected intervals. That’s why they’re listed in public directories alongside a timestamp, so you know when the proxy was last checked to be working.

Whenever you start torrenting, check the proxy settings in your BitTorrent client to make sure you’re using a proxy that is currently online.

Step 1-A: Enable BitTorrent encryption settings

While we’re digging around BitTorrent client preferences, it’s worth taking a look at some other settings related to privacy. Unlike the earlier settings, which you’ll need to adjust with a new anonymous proxy every time you want to start downloading a torrent, these are all “set it and forget it” options, and they all do basically one thing: turn on BitTorrent’s protocol encryption.

In uTorrent, you’ll find the protocol encryption options in the “BitTorrent” preference pane, where you want to set the “Outgoing encryption” option to “Force,” as shown here:

screenshot-annotated-utorrent-bittorent-encryption-options

In Deluge, you’ll find the same options in the “Network” preference pane, grouped under the “Encryption” header:

screenshot-annotated-deluge-bittorent-encryption-options

Set all the encryption options available to you to “Force,” meaning that you’ll only accept encrypted connections. These settings help hide that the messages you’re sending through the proxy are BitTorrent messages, which means proxy operators and Internet service providers who don’t like torrent traffic will be less likely to notice that you’re torrenting. This also might mean you reject connections from some BitTorrent users who don’t support encryption, but these days enough folks do that you probably won’t notice a difference.

In my experience, using BitTorrent’s protocol encryption settings and getting into the habit of choosing a new anonymous proxy each time you start a torrenting session means you can fly under the radar and still use BitTorrent for a good, long while. Permissive coffee shops or other free Wi-Fi spots, instead of your home connection, are also good spots to torrent from. Just make sure you’re still torrenting using encryption and a working anonymous proxy—and that you tipped your barista. (Use cash.)

Step 2: Find a torrent to download

Back in the Tor Browser, click around some of the torrent sites or use their search features to find a torrent you want to download. Here’s what a search for “daily show” looks like at Kickass Torrents:

Searching any of the popular torrent indexing and archiving sites often turns up thousands of torrents shared by thousands of users. And remember, use Tor to browse these sites, not your regular Web browser!

As with most things in life, use common sense to help guide you to a good torrent. Remember, these torrent descriptions are like the outside of a product box; they’re labels, not the actual contents. Here are some common sense questions you could ask yourself to avoid fakes and scams as you browse for a good torrent:

  • Does the reported file size of the torrent seem reasonable for what you’re trying to download?
  • Does the torrent’s reported file count and content list seem reasonable for what you’re downloading?
  • Skim the comments associated with the torrent listing. Do commenters tend to agree that the torrent is high quality, or do they call it a fake?
  • Does the torrent have a healthy number of seeds? Remember, if a torrent has no seeds at all, then you’re not going to be able to complete your download.8

Step 3: Download the torrent file or click the magnet link, and load the torrent in your BitTorrent app

Once you find a suitable torrent, find and click the download link on the torrent site (usually a downwards-pointing arrow), or the magnet link (usually a horseshoe magnet icon). One, if not both, of these options will cause your browser to pass along the data to your BitTorrent app, which may ask you where you want to save the torrent contents. Choose an appropriate spot on your hard drive and start torrenting.

If you’ve set everything up by following the previous sections, you’ll begin to see connections appear in your BitTorrent client. In actuality, though, none will be direct connections you’ve made to any of those machines. Instead, those connections are being routed through the anonymous proxy you chose, earlier.

Congrats, matey! ;) You can now cancel your Hulu subscription and enjoy the wonderful world of media without commercial pollution interruption.

Optionally, verify it’s all working as intended

The simplest way to verify your setup is to use the netstat utility built in to your computer. This is a command line tool that shows you the state of all network connections your computer is currently making. On a Mac as well as most Linuxes and other UNIX-like systems, the easiest way to get the output we want is to invoke the netstat program with its -n and -p switches enabled. Open a new Terminal window, type netstat -np tcp, and then press return.9 This will produce a report looking something like the following:

$ netstat -np tcp
Active Internet connections
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)    
tcp4       0      0  192.168.1.77.54535     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  192.168.1.77.54534     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  192.168.1.77.54533     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  192.168.1.77.54532     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  192.168.1.77.54531     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  192.168.1.77.54530     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  192.168.1.77.54529     114.215.238.215.8080   ESTABLISHED
tcp4       0      0  127.0.0.1.9151         127.0.0.1.53404        ESTABLISHED
tcp4       0      0  127.0.0.1.53404        127.0.0.1.9151         ESTABLISHED
tcp4       0      0  192.168.1.77.53403     212.83.176.125.9001    ESTABLISHED
tcp4       0      0  127.0.0.1.9151         127.0.0.1.53402        ESTABLISHED
tcp4       0      0  127.0.0.1.53402        127.0.0.1.9151         ESTABLISHED
tcp4       0      0  192.168.1.77.53395     17.172.239.138.5223    ESTABLISHED
tcp4       0      0  127.0.0.1.49153        127.0.0.1.1023         ESTABLISHED
tcp4       0      0  127.0.0.1.1023         127.0.0.1.49153        ESTABLISHED

The important column for our purposes is the fifth one, “Foreign Address,” which lists the addresses of computers our computer is directly connected to. If you see the address of the proxy server you chose to use back in step 1, congrats, you’re torrenting via a proxy. What you don’t want to see there is the address of any peers (fellow participants in the swarm) that your BitTorrent client shows you:

Screenshot showing an active torrent download and the many connected peers. The addresses your BitTorrent client shows you are ones you don't want to see in Netstat's connection report.

If you see these addresses in netstat‘s “Foreign Address” column, it means your computer is directly connecting to the swarm, without using a proxy. As shown in the example above, comparing netstat‘s output with the peer list here shows that we’re set up nicely!

Torrenting anonymously can be tricky, and it certainly helps to have a friendly neighborhood technomage to ask for advice if you’re feeling uneasy. But as you can see, it isn’t a hard thing to learn once you have the information you need. Best of all, I can guarantee you this: torrent sites have a far better selection than Netflix. ;)

The best source for information about news and developments in the BitTorrent universe is TorrentFreak.com. Check it out!

Addendum: What about paid VPN services?

A link to this guide was posted on The Pirate Bay subreddit, where it was well-received. Several people suggested using paid VPN services instead of free public proxies. Using a paid VPN service means purchasing access to a private proxy from a corporate entity, which is something I do not recommend. There were also some good follow-up questions about using proxies. Here’s one such exchange.

separatebrah asks:

The first proxy I tried didn’t work (cmd was showing peer addresses), I tried another and it worked.

However, the first time, the torrent still downloaded, I wouldn’t have known it wasn’t going through the proxy, so is it necessary to check the connections every time I use a new proxy, start utorrent etc? What if the proxy stops working halfway through? It would be nice for utorrent to stop downloading if it’s not going through the proxy.

Also, why are paid VPNs so recommended if it’s as easy (and cheap) as this to avoid punishment?

Thanks

I responded:

Yes, you should always check to see if the proxy you selected is actually working for each new proxy you select, and you should always choose a new proxy each time you fire up your torrent client. People pay money for reliability, not technology. The technology of a free proxy and the technology of a paid proxy is identical. The difference is the consistency and contractual uptime guarantee, that’s it. If you have bad habits (i.e., you’re not carefully checking to see if the settings you entered ACTUALLY WORK after you enter them), then maybe paying for reliability is something you want to do. Just keep in mind that when you pay for something, there’s a money trail. If you don’t use a paid service, there’s no receipt in someone’s financial accounting ledger that can be traced back to you. I prefer being careful and using free proxies over paying money for the same technology in a way that encourages me to be lazy.

Also, uTorrent has a bad habit of trying proxies you give it but falling back to whatever other means are available if the proxy doesn’t respond to you. That’s a problem with uTorrent, not you. It does mean that you might want to use a different BitTorrent client, though, if you’re not careful about checking the proxies you choose to use. Again, that’s why I like Deluge: if you give it a proxy that isn’t alive, it will try the proxy but the download will fail. That’s what you want, because the proxy is dead. You don’t want it switching to a direct connection behind your back.

Another thing you can do to be extra cautious is disable PEX (Peer Exchange) and DHT (Distributed Hash Table) lookups. Some clients don’t respect proxy settings for these two mechanisms, even though they should. Again, that’s a problem with the client, not you. It’s also easier to check that the proxy you’re setting up is really the proxy being used for trackers (as opposed to PEX or DHT) because numerous paid torrent VPN services also provide IP checking utilities that you can by definition use for free (even without being a customer). See, for instance, BTGuard: CheckMyTorrentIP. Just set up a free anonymous proxy like in the above HowTo guide, then follow the steps in the BTGuard CheckMyTorrentIP page, and look for the IP address of the proxy you set up instead of “BTGUARD IS WORKING”. BTGuard won’t tell you “it’s working” because you’re not paying or using BTGuard. But it will show you what IP address it thinks you’re using, and if that IP address is the address of the proxy you configured, then you’re torrenting (at least using traditional trackers) through that proxy. :)

Hope this helps.

  1. Everyone glosses over this point, myself included, but this point is actually very important: downloading something is the act of making a copy of the thing you are downloading. When you download or receive something from the Internet, you are literally creating an exact replica (a “copy”) of whatever it is you’re downloading. This is fundamentally different from “stealing,” which is the act of removing something from one place and putting it in another. You literally can not steal anything using the Internet no matter what you do, and anyone who tells you differently is trying to sell you something, or put you in jail. []
  2. BitTorrent suffers from a wealth of jargon. Thankfully, Wikipedia has a decent glossary of BitTorrent terms. []
  3. BitTorrent files typically have the .torrent file name extension, but they don’t have to. Technically, BitTorrent files are bencoded dictionaries, which is a fancy way of saying an index that lists the torrent’s referenced contents and where that content can be found. So they’re really meta or metainfo files. Sometimes they’re also called a manifest. When torrents are not files, they are usually something called “magnet links,” which serve the same purpose as a torrent file’s dictionary but that use a special URL instead of an actual file. More on magnet links later. []
  4. In the screenshot above, you might have noticed there’s a field for “Trackers.” That’s where you paste the URLs (the Web addresses) of any well-known trackers you want to announce yourself to. When you start sharing (or “seeding”) your file, those trackers will dutifully re-announce your announcement of your presence to any other BitTorrent users who want to copy what you’re sharing. There are numerous stable, public, free BitTorrent trackers available to you (like udp://tracker.publicbt.com:80 or udp://open.demonii.com:1337/announce), and it doesn’t really matter which one you use. (In fact, the more you use, the easier it will be for others to find you.) For now, suffice it to say that a tracker’s job is to keep other users in the swarm updated about where everyone else is, in case things change and in order to help you find one another in the first place. Obviously, hiding our real identity from trackers as well as the rest of the swarm while still being able to find and share files with one another is a key part of what staying anonymous while using BitTorrent is all about. We’ll look at ways to do that in the next section. []
  5. Another useful consideration for a proxy server I don’t list explicitly is its physical location. You may want to use a proxy located in another country than you are in so as to avoid running afoul of local laws, or to route around geographic censorship. Remember, political and legal borders are not real, so the fundamental Internet technology we’re talking about doesn’t and, to work correctly, shouldn’t pay any attention to them. Most proxy lists display the country a proxy is in alongside its other information. []
  6. Technically, the Tor Browser is a package deal that comes with a modified version of Mozilla Firefox and the actual tor proxy software, all pre-configured to work together. If you want to learn more about Tor and, trust me, you do, consider reading my article all about it. []
  7. Even though each BitTorrent client’s preferences window looks different, they all describe the same basic behavior. []
  8. You can often still download many pieces of a torrent even if there are no seeders in the swarm. Sometimes, if a torrent has many independent files, you can still download the majority of the content you’re after because only a few pieces in a few files are missing. The quickest way to check this is to look for the “Availability” proportion in your BitTorrent client. Without a seed, this readout will be somewhere between 0, meaning absolutely no parts are available, and just under 1. The closer this value is to 1, the more pieces of the torrent are available. I once downloaded a torrent of a four-season TV show whose availability was 0.954, and was happy to find two complete seasons had downloaded without any problem at all despite never finding a seed for that torrent. Other torrents provided the missing episodes and all was well. []
  9. On Mac OS X, netstat is also available from the Network Utility application, in addition to the command line in Terminal. In Network Utility, go to the “Netstat” tab and choose the “Display the state of all current socket connections” radio button. This is the equivalent of typing netstat -a in Terminal. []

How would you design an online social network that was hostile to abusers?

Everyone realizes that the Internet’s public squares have a harassment problem. No one seems to know what to do about it. I argue that’s because they don’t know how to think about online harassment and abuse—or even power, more generally. I argue that I do. But don’t take my word for it. Take my ideas, and implement them yourselves. Then let’s let the results speak for themselves.

“So, maymay,” I can already hear you asking, “how would you design an online social network that was hostile to abusers?” You’re probably asking this because you either don’t know that I’ve written about it before, or you haven’t been able to understand from what I’ve written how to take the lessons from code I’ve deployed in the Predator Alert Tool project and apply it to your own projects. That’s okay. You’re not alone.

Recently, I received an email from a developer asking for advice about this exact issue. They’ve told me they’d be fine with my sharing our conversation here, in the hopes that it gets other developers thinking about what they can do to proactively “protect people from abusers online,” as they put it. Here is our exchange (slightly edited for anonymity and clarity) so far. The email I received went something like this:

Hello! I’m building a new social network and want to be pro-active about protecting people. I wanted to reach out as I have little experience with protecting people from shitty people and abusers online, and the Predator Alert Tools is great. Is there any way I can help contribute to those projects, and/or utilise them somehow with [my project] to help protect people?

Any help you can give would be appreciated.

Thanks,

[Anon Developer]

I wrote back a few days later:

Thanks [for reaching out, Anon Developer].

Yes.

You can contribute to any of the PATs in any way you like. Here’s a short “how to help” page for the project. It talks mostly about Predator Alert Tool for Facebook but it’s relevant to all the tools.

Well, there are a number of themes that run through the entire suite of tools, and those are the only things I can talk about without knowing more about [your specific project]. So for now, let me just point your attention to these two blog posts about the tools.

First, “More on ‘The Match Percentage Fallacy’, or The Influence of Rolequeerness on the Predator Alert Tool project.” This post explicitly uses the language of game theory to talk about protecting people from online predation. An excerpt:

Predator Alert Tool for OkCupid highlights the signals players send when they answer OkCupid’s Match Questions to other players in order to de-silo as much information as possible, thereby hoping to expand the set of possible moves a given player (user of PAT-OKC) is aware of and enabling them to analyze the given situation (the decision tree of their “turn”) with the information they received through the tool. This is a fundamentally different approach than the one OkCupid’s “Match Percentage” interface provides, and this is no coincidence.

The “Match Percentage” interface is designed to account for “the best possible outcome” for OkCupid itself, not the best outcome for the OkCupid user. This makes sense when you realize that OkCupid is a company, and they have their own incentives and have defined the win conditions of this complex game very differently than their users (we) have.

In other words, the single most obvious problem with online “dating” sites (a category which include “social networking sites,” obviously) is that they are designed from the ground-up to focus on filtering data out as opposed to considering related data important. This is precisely the environment in which serial rapists are most protected. If you are serious about building a social networking site that is proactive about maintaining an environment hostile to these kinds of abuses, you need to focus on identifying and surfacing information about signals between users that are negative as well as positive. Again: rather than burying those signals, you need to surface them. Use OkCupid’s “Match Percentage” interface as a perfect example of what not to do.

If that’s curious to you and, again, if you’re interested in pursuing this line of questioning further, write back and tell me more about [your project], and yourself, and so on. Let’s have a conversation. Predator Alert Tool’s implementations are different depending on the site for which the specific tool was intended not only because the technology of different sites is different, as you know, but also because the culture of each website is different; users interact with the sites differently based on the messaging, context, and approaches different sites take. So Predator Alert Tool also needs to integrate with a culture, not just a programming language.

For more on that, see this early post by one of my collaborators, “Rape Culture, meet Internet Culture.” An excerpt:

Probably the most well-known recent pushback against rape culture is the Predditors story, in which some Reddit users discovered and published the identities of others who had been posting sexualized pictures of young women. The Predditors tumblr has since been shut down, but its contents are still available in a GoogleDoc here. Sexual abusers have also been outed via YouTube, Facebook, and Twitter. Blogs provide a public square for arguments about rape culture to rage. Twitter users directly critique the media. I’ve heard rumors of a Tumblr hashtag used by survivors to post the names and addresses of their rapists. The FetLife Alleged Abusers Database Engine (recently rolled into the Predator Alert Tools suite as the “Predator Alert Tool for FetLife”) collects anonymous reports of consent violations in the BDSM community and then flags the FetLife profiles of alleged abusers. And I recently helped beta-test a new tool, The Predator Alert Tool for OkCupid, which highlights self-reported sexually violent opinions and behaviors by OkCupid users.

I don’t think any of these tools, or even all of them together, will put the nail in the coffin of rape culture. Like other kinds of abuse, rape culture adapts to new environments quickly. Activists need to stay on our games in order to keep exposing new forms of it as they appear. We need to keep experimenting, trying new things, and being creative with whatever resources we have available. What I find most powerful about these tools is the ways each seems tailored to the specific culture from which it emerged. Predditors addresses rape culture on Reddit by retaliating against its perpetrators using technological savvy, counter-rhetoric about free speech and privacy, and a “troll the trolls” sort of strategy all suited to Reddit’s particular cultural sensibility. FAADE, on the other hand, capitalizes on a mentality strongly espoused by FetLife users that the BDSM community is like a “small town” in which everyone is connected to everyone else by kinship ties. BDSMers often rely on personal references and a player’s public reputation to assess their safety, thus a database allowing FetLife profiles (the site of a player’s public reputation online) to be tagged with negative references from community members has a powerful impact on the sub-cultural consciousness. What would a similar tool look like for Twitter or Facebook?

So again, the question you’re asking is bigger than an email. I’d be interested in having that bigger conversation with you, if you are serious about having it, too.

Thanks again for reaching out.

Cheers,
-maymay
Maymay.net
Cyberbusking.org

I was pleased by the developer’s response:

Thank you so much for all this information.

I often struggle to digest information like this; I’ll be re-reading these articles a few times to try to understand them more fully.

I would like to have the bigger conversation, but […] I need to watch out I don’t bite off more than I can chew. I regard this topic as highly important and a responsibility I now have.

The use of game theory resonates with me, as I’ve used ideas from my basic understanding of game theory as influence in the structure of [my project] (only very crudely). So if I can expand those ideas in a way which protects people, all the better.

Am I right in my understanding that one core idea is that negative information is intentionally hidden in most places, in order to benefit the company? So (and this is a contrived example) where [my project] might track how many messages a person receives as a positive, it should also track, process, and weight the negative events associated; messages which go unrelieved to, messages reported as abusive etc?

Thanks again,

[Anon Developer]

My response tried to elaborate on “negative” signaling:

Of course. That’s fine. Take your time.

It’s good that you consider this a responsibility you have, because you already had this responsibility, even before you were developing [your project]. ;)

You’re almost right about your understanding.

The bigger point being made here is that, from the perspective of users, [your project] is a hostile, not a friendly. You, as the company, are not a passive facilitator of information. You are in a decidedly dominant position over your users, and this means that you have the capacity to be predatory in relation to them, because when it comes to their interactions with or through [your project], you are obscenely more powerful than they are.

So, yes, you should also track, process, and weight negative events. But you should also not presume to necessarily know what events are negative and what events are positive. The minute you think you can determine what negative signaling is for someone else, you become much more likely to fail to empower that other person. It’s not up to you to determine what’s negative or what’s not. You can, of course, do some things to make this more obvious, and the “report abuse” feature is a start. But the problem with “abuse reports” is that those reports are sent to the entity in the [project] ecosystem that already has the most power: [the project/website/company itself]. That’s a recipe for disaster.

One simple way to tweak this system would be to simply display a tally of all the abuse reports a given profile has received next to their profile. Allow people to click-through on that icon to a list of all abuse reports filed against that profile. Don’t hide it. Don’t make excuses for it. Don’t arbitrate it. Don’t moderate it. In a centralized system such as I understand [your project] to be (I signed up for an account today and had a look around), a moderation system is far more likely to end up as a “benevolent” dictatorship rather than an effective means of anti-abuse behavior. You should not appoint yourself as the police.

For more on this point, see my blog post, “Revisiting why ‘no moderation’ is a feature, not a bug, in Predator Alert Tool for Facebook.” An excerpt:

“Moderation” is a governance tool that may make sense in the context of online communities with a relatively homogenous populace, such as multiplayer video games or topically-oriented forums. But moderation is inherently in conflict with the goal of dissolving authority and dispersing power amongst a heterogenous populace already prone to conflict. There is no system of moderation that is not also a system of social control. And in the context of a project explicitly designed to overcome the iniquities introduced to human experience by traditional mechanisms of social control, adding a traditional mechanism of social control is shortsighted at best and active sabotage at worst.

We realize this is difficult to understand at first. After all, there is currently no physical-world social context wherein we are free from the power of authorities we did not choose and also do not agree with. Everyone has a parent, a teacher, or a boss—even the fucking police. As one PAT collaborator wrote:

We’re all so accustomed to having our spaces monitored and moderated and overseen “for our own safety” that sometimes, when we take the well-being of our communities into our own hands, we appear to be doing more harm than good. That’s only because we’re comparing our efforts to the imaginary “safe” world we’ve been told that we live in, not to the dangerous realities that survivors actually face online and off.

Put another way, from the perspective of a vulnerable populace, namely people who are the targets of rape and physical abuse, a system that erodes the power of central authorities (such as website admins, or the cops) is a move towards safety, not away from it.

In other words, the premise of [your project] is to connect people with different characteristics who want to engage positively. This means you have to provide them with the information both to find people they like and to avoid people they don’t like. You can’t do this effectively if you only surface positive signals while hiding negative ones. And to effectively surface negative signals, you have to re-examine your assumptions about what “negative” means because, if you don’t, especially in the context of a diverse user base, you’re going to get it wrong for at least some users. When you get it wrong for them, you create an environment in which it is particularly easy to predate on that specific subsection of your user base.

That’s why most dating sites are a breeding ground for predatory users. Most dating sites are, after all, programmed by men.

Again, feel free to email me whenever you’re ready for another round. This is basically what I do for “a living.” :P I would strongly encourage you to read the posts tagged with “Predator Alert Tool” on the archives of my various blogs, of course.

My hope in sharing this is to encourage other people to think more critically and creatively about what structural changes are necessary to facilitate anti-abuse action. Recent attempts by Twitter and WAM have been decidedly stupid. And I don’t say that lightly. These are some exceptionally talented people in a number of fields ranging from gender advocacy to technology. And yet most acts I see being taken—”moderation superpowers” to use the most recent buzzword—is downright counterproductive. Obviously.

It’s time we stopped believing that authority or authorities in public spheres are a solution. The longer we wait to face the fact that power corrupts, the more abuse we’ll bring down on ourselves, our communities, and our peers. Heed this warning: do not police.

A case study in cyberbullying using Tumblr’s broken “Report Abuse” feature

Earlier this week, I wrote “Tumblr is not a safe place for me,” in which I make the claim that the “report abuse” feature on corporate-controlled social networks fundamentally empowers cyberbullies, not their targets. (Here’s an archived copy in case it gets taken down.) Predictably, I just received a vaguely threatening email from Tumblr Support warning me of unspecified action against one of my posts. To demonstrate how this type of abuse of these “report abuse” systems work, and showcase yet again why that feature is so fundamentally broken right now, I’m going to be liveblogging my interactions with Tumblr Support across three different blogs: maymay.net, days.maybemaimed.com, and maybemaimed.wordpress.com (a backup auto-crossposting blog).

So without further ado, their email to me:

From: Tumblr Support <abuse@tumblr.com>
To: maymay <bitetheappleback@gmail.com>
Date: Thu, 30 Oct 2014 20:40:54 +0000

##- Please type your reply above this line -##

Hello,

We are writing regarding your post located here: http://days.maybemaimed.com/post/101074626300/on-rolequeerness-sharpening-the-blade

As there are a few privacy concerns regarding this post, we are requesting that you remove the full name and link to their LinkedIn profile from the text within 24 hours. If you do not remove the information, we may take action against your entire post.

If you have any questions or concerns, please let us know.

Thank you,

Tumblr Trust & Safety
abuse@tumblr.com

This email is a service from Tumblr Support.
(#GLOAP3DKZB4J8CMQRSCM)

And my reply:

To: Tumblr Support <abuse@tumblr.com>
From: maymay <bitetheappleback@gmail.com>
Date: Thu, 30 Oct 2014 17:23:19 -0500

Hello,

I understand that you are concerned about my post located here: http://days.maybemaimed.com/post/101074626300/on-rolequeerness-sharpening-the-blade and also available here http://freze.it/onrolequeernesssharpeningtheblade and https://archive.today/HsMBK and http://pages.citebite.com/m3c8j6p6e3xwb at the moment.

I do have a few questions and some concerns. Please address them promptly so that we may move towards resolution of this issue within the 24 hour deadline you imposed on us. Here is a list of my questions:

1. What “action against [my] entire post” are you implying you will take, specifically?
2. What action, if any, are you willing and able to take against Sara D. Luterman’s own post that, I understand, also violate Tumblr content guidelines by comparing me to a pedophile, located here: http://beyondthevalleyofthefemdoms.tumblr.com/post/100914743747/on-rolequeerness and also available here http://freze.it/saradlutermanonrolequeerness and http://pages.citebite.com/k3a8l6n6v1qui and https://archive.today/2Xerq?

Also, not that I have much trust in your concern for safety, dear “Tumblr Trust and Safety” admins, I will nevertheless remind you of the context of these posts, which you can read at http://maybemaimed.com/2014/10/27/rolequeer-thoughts-a-reply-to-princess-poopheads-concerns-about-current-public-conflicts/ and which I’ve excerpted here:

This conflict largely began when, again, to repeat unquietpirate’s words[0] in case you missed them:

On this episode, Crosswords compares Maymay to pedophiles and racists for having the temerity to say mean things on the Internet about people who violated their consent — and to yell at those peoples’ friends and supporters when they try to shoehorn their way into our conversations about consent and identity so they can tell us how wrong we are and then play “trendy rolequeer dress-up” back at the BDSM club.

Crosswords, meanwhile, decided it was a good idea to start a discussion group in which to dissect, discuss, and debate the ideas in work such as Consent as a Felt Sense,[1] which had come directly out of months and months of Maymay and I helping each other process trauma and grief related to past abusive relationships and having our consent violated by people and in communities that told us we weren’t being abused. Crosswords made it very clear that Maymay was not welcome to participate in this academic discussion of their own rape (‘cause, y’know, they’re too angry about it), but DID very publicly invite Maymay’s former Dominant partner to join in the fun!

So again, the point here is not to say that I do not behave viciously to some people. I do. The point is that I behave viciously to some people—and it is your responsibility as readers, not mine as the writer, to do your own work putting my actions in whatever context you wish to draw meaning from them.

I don’t have any objections to being called vicious, or an abuser, or disagreed with. I have an objection to seeing Crosswords and others who have been victim blaming me for my own rapes for years using the work that has come directly out of my own painful, personal healing work with UnquietPirate for ill-informed reformist wedge politics and for armoring their own reputation[2] while at the same time comparing me to pedophiles as they do it.

So, Tumblr Trust and Safety, my third question:

3. Given this context, how would you propose I handle the continued and years-long use of your publishing platform by Sara D. Luterman to discuss me and my personal traumatic experiences as though I am an abusive pedophile?

If you have functions beyond merely “Ignore” (which does not actually help protect people who care about me, as described here)[3] or your own “Report Abuse” feature, which only seems to be effectively used by bullies themselves, I would like to know about them.

Thank you for your thoughtful consideration of my questions and concerns.

Sincerely,
-maymay

EXTERNAL REFERENCES:

[0] http://unquietpirate.tumblr.com/post/100967967978/on-rolequeerness
[1] http://bandanablog.wordpress.com/2013/11/05/you-can-take-it-back-consent-as-a-felt-sense/
[2] http://days.maybemaimed.com/post/101072050885/on-rolequeerness-blunting-the-tip
[3] http://unquietpirate.tumblr.com/post/59321895608/community-fuck-the-community-this-isnt-for-them

My third question is the really important one, of course. The problem with current “Report Abuse” systems and the whole reason they ultimately benefit cyberbullies is that current “Report Abuse” systems are an appeal to authority, and authorities are often the most egregious bullies and abusers. Here’s how the introduction to the Predator Alert Tool for Twitter describes the problem:

Despite many “anti-bullying” campaigns, online harassment and cyberbullying are prevalent behaviors. Most anti-abuse efforts fail because they tend to focus on appeals to authority. The now-ubiquitous “Report Abuse” buttons on social networking websites like Twitter are one such example, yet their ubiquity have not curbed the behaviors or harm they purport to address or mitigate.

We believe these efforts have failed because cyberbullying and online harassment are cultural, not technological, problems inherited from a society where coercion and abusive behavior offline are normalized. Abusive behavior is no more successfully mitigated in the physical world through appeals to authority than it is likely to be mitigated in the online world through the same sorts of appeals. This is doubly true in an environment where the biggest “bullies” are the authorities themselves[.]

What to do in the face of deliberate provocation is a very tricky one; expert abusers know that in order to continue bullying others with impunity, they need to create provocations that authority figures will not interpret as provocations, and they are very skilled at doing this. The single most powerful tool in their toolbox is the erasure of context; they rewrite history to ensure the authorities to whom they eventually appeal treat the moment the target retaliated as the start of the story.

Anyway, I will either publish this post anew or edit it with updates as the conversation progresses. Watch this space. :)

“How I Explained Heartbleed To My Therapist”

This is an important post by Meredith L. Patterson:

“Remember back around April or May, when you had to change your passwords on all the websites you use? Facebook, Yahoo, LinkedIn, everywhere?” He nods, vigorously. “Do you remember hearing the word ‘Heartbleed’ back around then?” A blank look. Maybe I should have worn the T-shirt. Too late. I have to press on.

“That part’s not important. It doesn’t matter what the problem was called. What matters is, there’s one piece of software that nearly all those websites use to make sure that all the messages that go between your browser and their site are private. And nobody pays for it.”

“Nobody at all?”

“Nobody. The people who write it have been working on it for like fifteen years now, and they’re basically all working for free, the same way I’m doing on the work I’d rather be doing, even though Google and Facebook and practically every company with a website relies on that software these guys make. ‘Relies’ as in without this software, all their business evaporates.” I leave out the part where half of “these guys” are my dead husband’s friends and they’re not all guys; there will be time to talk about that at a later appointment. “And back around New Year’s in 2011, one of those guys made a little mistake with a really big consequence. The upshot of it was that any jerkoff could just ask whatever websites they wanted for whatever private information they had on hand at the time — your passwords, your calendar, whatever.

“And nobody in a position to fix it noticed until April of this year. Which is why you and everybody else had to change all your passwords. And in the meantime, who knows how many credit card numbers and god knows what else got snatched.” My e-cigarette is nearly empty but I fidget with it anyway, calculating on the back of the envelope in my head whether I can dredge just one more hit of nicotine without burning the coil to an ashy, taste-ruining wreck. Everything has become a cost-benefit analysis on the edge of a razor in this New New Economy that has become my life: how far can I stretch the resources I have before physics or information theory dictate they snap? “And even after a disaster like this, these poor fuckers are still running on handfuls of donations. They’re still overstretched and understaffed. It’s a tragedy of the commons problem.”

That’s a catchphrase you hear sometimes in sociology, a cousin dialect to the language of psychoanalysis he speaks. He leans forward. “In what way?” he asks. I hope it means I’ve given him firmer footing than all this computery shit he doesn’t speak.

“These bugs that happen, these mistakes in software that lead to vulnerabilities, they aren’t one-off problems. They’re systemic. There are patterns to them and patterns to how people take advantage of them. But it isn’t in any one particular company’s interest to dump a pile of their own resources into fixing even one of the problems, much less dump a pile of resources into an engineering effort to fight the pattern. Google could easily throw a pile of engineers at fixing OpenSSL, but it’d never be in their interest to do it, because they’d be handing Facebook and LinkedIn and Amazon a pile of free money in unspent remediation costs. They’ve got even less incentive to fix entire classes of vulnerabilities across the board. Same goes for everybody else in the game.

See also, “Your Consent Is Not Being Violated By Accident” and “Predator Alert Tool as a Game Theoretic Simulation of Countermeasures to Rape Culture,” two posts further describing the intentional abuse by the Silicon Valley for-profits against individuals and organizations who explicitly declare a “people over profit” motive. Also relevant is this short post about the so-called “sharing economy,” bluntly titled, “Get on your knees and thank the Silicon Valley elites for your chance to serve them.

Your Consent Is Not Being Violated By Accident

unquietpirate:

When you start looking for examples of nonconsensual culture in technology, you find them absolutely everywhere.

– Deb Chachra, Age of Non-Consent

About a month ago, someone sent me this lovely rant and asked me to publish it anonymously. I’ve been sitting on it mostly because I got wrapped up in other things. But I was reminded of it tonight when I read Deb Chachra’s “Age of Non-Consent” and Betsy Haibel’s “The Fantasy and Abuse of the Manipulable User”.

Both of the above pieces draw links between rape culture and issues of consent in software design. I recommend them both, particularly the Haibel piece, for incisive and disturbing analysis of the details of how the Stacks intentionally build software to violate their users’ consent — and what a major problem this is given technology’s influence on culture as a whole.

This coercion is picked up on and amplified by the platforms themselves – when someone I know tried to delete his Facebook account, it tried to guilt him out of it by showing him a picture of his mother and asking him if he really wanted to make it harder to stay in touch with her.

I’ve been in meetings where co-workers have described operant conditioning techniques to the higher-ups, in those words – talking about Skinner boxes and rat pellets and everything. I’ve been in meetings where those higher-ups metaphorically drooled like Pavlov’s dogs. The heart of abuse is a fantasy of power and control – and what fantasy is more compelling to a certain kind of business mind than that of a placidly manipulable customer?

– Betsy Haibel, The Fantasy and Abuse of the Manipulable User

However, where these otherwise terrific articles don’t go far enough is in explicitly acknowledging that the people who are most responsible for perpetuating rape culture and the people writing consent-violating software are the same people. It’s no coincidence that Facebook doesn’t care about your consent, because most of the people who work at Facebook wouldn’t think twice about getting you drunk and “taking advantage” of you at a party, or of defending a friend who did.

So, while both of the above authors optimistically implore high-level developers and other elite tech workers to adopt an ethic of “enthusiastic consent” when it comes to software design — as if the majority of workers in that sphere understand what that is or would even care if they did — my angry and extremely on-point friend below has another solution:

There has been much gnashing of teeth recently about how blatantly people’s privacy is violated by software like the new Facebook messenger app. These articles or editorials will rage about “companies like facebook” and often have a picture of Mark Zuckerberg’s punchable face just so people know who to have rage at.  One imagines Zuckerberg, possibly at the same table as the director of the NSA, maybe a CIA agent, and maybe the ghost of Steve Jobs all conspiring to violate your privacy and make hardware you bought do what they want against your will. The villain in these stories is either the CEO of some company or “the corporation” as a faceless monster.     

But what’s really going on here?  What we have, overwhelmingly, is a lot of technology being built which ignores the consent of the user.  A app which no one wants is forced on everyone, things which clearly everyone will hate are put in vague terms of service which essentially say that the service provider can do anything they want any time they want and there is nothing you can do about it.  How did this happen?  

Meanwhile, if you follow technology media and especially feminist technology media you see constant stories about what a festering shithole of sexism the technology industry is.  These articles are generally along the lines of a narrative about female engineers trying to be at conferences or trade shows and facing constant harassing of just about every kind from their overwhelmingly male peers.  They are constantly being touched, catcalled, and generally treated like shit, obviously against their will. Articles will talk about how this needs to be addressed in order to improve the quality of life for women in tech as well as to bring more women into tech.  As tech insider media, they meanwhile generally ignore the role of the user in all this.

What I find disappointing here, and is the point of this article, is that these are all the same shit heads, and that this is no accident.  Is it an accident that the same men who think it’s ok to grab ass at a technical conference are writing software that deliberately and blatantly ignores the consent of the user all the time?  No.  Because software is simply one of the worst industries in the history of technology.  I think it would be hard to find any industry in the history of technological capitalism that has held itself to such low standards and shown such consistent contempt for the user or for quality of their product.  

It is time for people in the public at large to stop seeing companies like Facebook as either a monolithic inhuman monster, or the personal fiefdom of some monstrous oligarch like Zuckerberg, but rather like just a big group of horrible people doing horrible work.  It’s time for the tech backlash within the industry to wake up to just how fucked the rest of us are by this, and for the rest of us to wake up to just how fucked this industry is from the inside.  

It’s time to smash Silicon Valley.

Yes, to all of this. My personal experiences of working in the software industry validates every word of this. It is why I left.

“Bitcoin can’t lead on its own to a disintermediated society,” and other uncomfortable truths about BitCoin

We live in an epoch of techno-utopianism with a strong drive for techno-cracy. The former means that many believe that technology alone determines certain outcomes, while the latter believes it is a good thing that flawed human processes are replaced by ‘clean’ technological processes. Both attitudes are very dangerous.

First, distributed technologies do not necessarily lead to distributed outcomes. We have seen this historically with the effect of the invention of printing, which led to a democratisation of knowledge and literacy, but also in time replaced the local autonomy of free medieval cities with much stronger and controlling nation-states, i.e. more political centralization, not less. Networks which have no counter-measures to maintain equality inevitably lead in time to a new concentration of resources. Hence, in Amazon and iTunes, the so-called long tail of culture consumption predicted by Chris Anderson is no longer operative, and in p2p social lending, 80% of loans are provided by big bangs and institutions, the very forces the technology was supposed to disintermediate.

Again and again, we see that the potential disintermediation of power, which may affect established powers, creates new intermediaries, such as the platform monopolies. Technologies are indeed, used by social forces, who inflect technologies for their own needs. The inequality of bitcoin ownership will inevitably further affect the structures that make bitcoin operational, leading to new kinds of monopolies. Technologies are always infused with human values, no programming or infrastructure is truly neutral in that respect.

Michel Bauwens’s “A political evaluation of BitCoin” sums up some of the most overlooked problems with cryptocurrency. A short read (~5 minutes) and very worth the time.

See also:

Shall. We. Play. A. Game? Predator Alert Tool as a game theoretic simulation of countermeasures to rape culture

In “Strategies Without Frontiers,” one of this week’s BSides LV information/security conference talks, software engineer and co-originator of the language-theoretic approach to computer security Meredith L. Patterson used Predator Alert Tool as an example of “an organic response against predatory [societal] games.” Or, in simpler words, Predator Alert Tool was cited as an example of how we can change our cultural environment from a relatively safe place for (sexual) predation into one that’s actively hostile to sexually predatory behaviors. And we can talk about that process using math, like this:

Normal form of the classic Prisoner's Dilemma game theory problem displays a matrix of outcomes for a given combination of player strategies ("cooperate" or "defect").
Normal form of the classic Prisoner’s Dilemma game theory problem displays a matrix of outcomes for a given combination of player strategies (“cooperate” or “defect”).

That’s why myself and a group of volunteer culture hackers have been blanketing the Internet’s social media websites with numerous different variations of Predator Alert Tool prototypes. We’re dissecting rape culture and using what we learn to devise game theoretic counter-strategies encoded as software tools that help people avoid undesirable outcomes.

That sounds complicated, but it has very humble origins: scale protective mechanisms that already work.

For the future, to use Meredith’s words:

Predicting your adversary’s behaviour is the holy grail of threat modeling. This talk will explore the problem of adversarial reasoning under uncertainty through the lens of game theory[. …] But as a tool for the real world, game theory seems to put the cart before the horse: how can you choose the proper strategy if you don’t necessarily even know what game you’re playing? For this, we turn to the relatively young field of probabilistic programming, which enables us to make powerful predictions about adversaries’ strategies and behaviour based on observed data.

In “the transparent society” of the public Internet, we can observe a lot of data. After all, the Internet is a record-keeping archive at the same time as it is a telecommunications medium. And this data reliably reveals patterns about who behaves in predatory ways:

People who try to break tools designed to support rape survivors are extremely likely not to support those who have had their consent violated. And it just so happens that identifying people who are likely to be unsupportive of those who have had their consent violated is what Predator Alert Tool is designed to do. Letting people attack PAT and then identifying who launched those attacks turns out to be an exceptionally reliable indicator—undeniable, even—that those attackers should be included in the database itself.

For the more mathematically minded, Predator Alert Tool can be approached as a reputation system coupled with a societally iterated prisoner’s dilemma. That is to say, it’s a tool designed to help you make dating choices that take into account all the past interactions a given person (like, say, the cutie you’re scoping out on OkCupid) has had. As one oft-targeted woman put it, “PEOPLE CAN SEE WHAT YOU TWEET AROUND HERE and some of us can’t afford to have short memories.”

And wouldn’t you know it? A lot of hackers are already working on this problem. Unfortunately for those of us who think rape is kind of a shitty thing to do, those highly-skilled and well-paid mathematicians and computer hackers are usually employed by secretive government agencies that are famous for sharing sexually explicit photos of attractive women intercepted from their private Internet communications. (Also, hey, thanks for letting us know about that, Edward Snowden.)

Sadly, we live in a world where sociopathic behavior isn’t just tolerated, it’s rewarded. Until that changes, I can guarantee you this: violence prevention needs more hackers.

Turn your Android phone into a full fledged programming environment

These days, mobile phones are basically computers. And not just any computer. If you have a smartphone, then it's the same kind of computer as a regular ol' laptop. Sure, the two look different, but once you get "under the hood" they look and feel remarkably similar.

My mission, which I chose to accept, was to see if I could turn my Android phone into a fully fledged web development console. Lo and behold, I could. And it's not even that hard, but I did have to do some digging.

That's because searching the 'net for phrases like "web development on Android" mostly returns information on how to code and debug websites for mobile browsers, rather than how to use mobile phones as your environment for developing websites. Once I figured out which tools were suited for the task (and my personal tastes), though, everything else fell into place.

Read the full post.

Read more