[Plura-list] Hackers can remotely lock IoT cock-cages; Congress's Big Tech trustbusting smackdown

Cory Doctorow doctorow at craphound.com
Wed Oct 7 12:19:04 EDT 2020

Today's links

* Hackers can remotely lock IoT cock-cages: The Qiui Cellmate is a giant
wontfix that requires an angle-grinder to remove.

* Congress's Big Tech trustbusting smackdown: Tech is exceptional,
except when it's not.

* This day in history: 2005, 2010, 2015, 2019

* Colophon: Recent publications, upcoming appearances, current writing
projects, current reading


🗣 Hackers can remotely lock IoT cock-cages

Smart sex-toys are a terrible idea, notwithstanding the ways that they
work for certain kinks (to say nothing of sex workers, who can charge
for access to them during livestreams).

It's just the combining the intrinsically terrible security of IoT with
the inherently sensitive nature of sex-toy use and the unavoidable risk
of network interfaces for servos and motors on your junk makes this a
big old nope.


* A networked fellatio machine is vulnerable to code-injection attacks
that cause it to mangle your junk


* Smart dildoes tracked users' wanking habits and sold the data


* Smart buttplugs broadcast their presence using Bluetooth and can be
detected from the sidewalk in front of your house


* Sex toy secretly records audio from your sexual activity, vendor calls
it a "minor bug"


And now, the latest one: the Qiui Cellmate - a smart cock cage that lets
kinksters lock up their subs' dicks  in a hardened steel cage, is
vulnerable to networked attacks that can freeze the lock shut, so that
you need an angle-grinder to remove them.


That's the headline, but there are so many other ways you can attack a
Cellmate user: steal their location, password and other PII.

Oh, also, if the company pushes an update to fix any of this, they could
permanently lock up the dicks of many of their users.

Thankfully (?) there's not much risk of them fixing it. When Pen Test
Partners contacted them, the company said it only had $50k on hand and
couldn't afford to update the software.

So Pen Test went public, notably with Zack Whittaker from Techcrunch,
who was told by Qiui CEO Jake Guo that there'd be a fix by August. No
fix was released. Guo told Whittaker, "We are a basement team. When we
fix it, it creates more problems."


As Whittaker notes, many users of *non*-hacked Cellmates have found that
they can't remove them, because the software is just that buggy.


🗣 Congress's Big Tech trustbusting smackdown

After more than a year of investigations, House Dems have produced a
450-page report on market concentration in the tech industry, with a
slate of findings that are obvious and long overdue, and a slate of
recommendations that are simultaneously traditional and radical.

Start with the findings: the market is concentrated and the companies
preserve their monopolistic standing with anitcompetitive tactics:

* Apple's App Store stranglehold raises prices and transfers money from
creators to the company

* Google preferences its own services in search results

* Facebook buys companies for predatory reasons, to snuff out potential
future competition threats

* Amazon rips off its sellers and engages in predatory pricing


All obvious, but it's nice to have it in the record.

Then there's the traditional AND radical remedies: blocking mergers,
prohibiting the creation of vertical monopolies by entering "adjacent
lines of business."

And then there's "structural separation" - the rule that banned rail
companies from owning freight companies that competed with their
customers and banks from owning businesses that competed with the
businesses that borrowed money from them.

There's a shifting of the default in mergers: the DoJ should presume ALL
mergers and acquisitions by large firms are anticompetitive and require
the companies to prove otherwise.

A kind of neutrality in platforms, requiring them not to preference
their own products over others. I predict this one will be the source of
endless misery because it supposes that there is a "right" way to
organize search results.

Weirdly, this was Google's position for a long time. If you were an
early web writer and you cornered a Google exec at a party to complain
about your pagerank, they'd just shrug and say, "Make the page better then."

The implication being that they were measuring objective quality of your
page, like they'd invented a machine for taking pictures of the forms
casting shadows on the wall of Plato's cave. It was an algorithm and
algorithms are math and math is objective.

This excited the world's governments, who started to say, "Oh, hey, if
this is MATH, then it's not censorship to order you to change the math.

"If we order you to keep certain things above the fold, or to downrank
or banish others, that's like specifying the equations for structural
steel, not like ordering the editor of the New York Times to put certain
articles on the front page."

Hoist on their own petard, Google started working with eminent First
Amendment scholars to advance the (correct) position that the math was
in service to expression: the programmers and QA teams that wrote and
tuned the algorithms were making editorial judgments.

These were indirect - in the way that, say, a newspaper proprietor might
say, "We need more coverage of inflation" or "Let's call Qanon a 'cult'
and not a 'conspiracy theory'" - but they were acts of human expression.

I mean, they HAD to be. Google doesn't have a webcam in Plato's cave.
There is no objective, universal quality metric. And they're not
choosing sites at random, either. So it has to be judgment, and judgment
is expression.

All to say: "Good luck with search neutrality, Congress."

But there's more! The report calls for increased budgets for antitrust
enforcement and killing forced arbitration and its bans on class action

And finally, the report calls for overturning 40 years' worth of
antitrust case-law, the decisions that depended on the doctrine of the
Nixonite criminal Robert Bork, who became a court sorcerer to Ronald Reagan.

Bork's doctrine was that antitrust law needed objective standards and
objective standards were impossible to come by in markets - you could
never hope to objectively define when a company had too much marketshare
or was abusing its power.

This may sound like my argument about "search neutrality" - but there's
a big difference. Bork had a counsel of despair: "Because we can't
identify shenanigans, we shouldn't try to prevent them."

But the pre-Borkian enforcement strategy wasn't grounded only in
objective correlates of shenanigans: it was also designed to make it
harder for shenanigans to occur. Pre-Bork, we fought monopolies because
they were bad - they had the power to distort markets and policies.

Pre-Bork, we fought monopolies because they were monopolies. Post-Bork,
we only fought monopolies if we caught them in the act, and even then,
we could only win if we could prove shenanigans - and monopolists got
really good at making it hard to prove them.

For example, they perfected the idea of the "market definition" defense.
You hear this with Amazon, when Bezos tells Congress that Amazon isn't a
monopoly because people buy stuff at Walmart.

By including "Walmart" (or every time in which goods change hands for
money) in the definition of Amazon's market, Amazon can make itself out
to be a bit-player.

Here's an example of a Borkean giving this line just last year:
"Facebook doesn't have a monopoly because I can still make phone calls."


Returning to a pre-Borkean vision of antitrust enforcement is profound
and would have far-reaching implications for telecoms, entertainment,
pharma, accounting, logistics, energy, transport, aviation, etc.

But while all these industries got concentrated through the same methods
- predatory acquisitions, mergers to monopoly, vertical monopolies -
they aren't all the same. What kind of industry they are MATTERS.

Tech has two unique characteristics:

First, it is foundational. Our ability to demand better policy and to
collaborate to hold policymakers to account depends on tech. We're not
going to organize a global movement by wheatpasting posters on telephone

And second, tech means computers, and computers are "universal" in a way
other industries' products are not. Computers can interoperate with each
other in ways that, say, cars or can-openers or beers cannot.

That interoperability has been the source of enormous dynamism and a
check against concentration in the history of tech: what companies
thought of as walled gardens that exploited "network effects" became
feeding pens for new market entrants.


Whether that's Static Controls - a tiny Taiwanese company that refilled
IBM Lexmark's toner cartridges and got to piggyback on the vast market
IBM had developed, growing so large that they ACQUIRED Lexmark or...


Apple, which defeated Microsoft's office dominance by creating Iwork,
reverse-engineering the Office file-formats so that Mac users didn't
need to convince their colleagues to switch OSes, they could just share
documents with them.


The same tech companies that rose to dominance through this Competitive
Compatibility are now its worst enemies, lobbying against Right to
Repair, building products around DRM, and claiming their terms of
service have the force of law under CFAA.

Restoring the right of new market entrants to make stuff that plugs into
the existing dominant products and services would go a LONG way to
restoring dynamism to tech, to making companies' survival reliant on
pleasing users, rather then dominating markets.

And while the Congressional report doesn't give interop the centrality
it deserves, it DOES mention it and discuss its importance.



🗣 This day in history

#15yrsago Bill Gates shouts at Sony CEO that his crappy DRM is less

#10yrsago High-tech thrift-store book-picking with a networked barcode

#10yrsago Meet the US copyright lawyers planning a denial-of-service
attack on the US courts

#10yrsago Scott Westerfeld’s Behemoth: return to the steampunk WWI of

#5yrsago HOWTO make a realistic brain-cake for your zombie parties

#5yrsago Algorithmic guilt: defendants must be able to inspect source
code in forensic devices

#5yrsago NYPD steal black woman banker’s BMW, commit her when she asks
for it back

#1yrago America’s rotten ISPs object to encrypted DNS, argue that losing
the ability to spy on your traffic puts them at a competitive

#1yrago New York’s WBAI Pacifica Radio affiliate has shut down,
orphaning 2600’s Off the Hook, the Hour of the Wolf, and many other
beloved mainstays https://twitter.com/2600/status/1181226400122130432

#1yrago The weak spots that let journalists expose the finances of
looters, organized criminals and oligarchs

#1yrago Hong Kong protesters deploy a brick-throwing bamboo siege engine


🗣 Colophon

Today's top sources:

Currently writing: My next novel, "The Lost Cause," a post-GND novel
about truth and reconciliation. Yesterday's progress: 511 words (69618

Currently reading: Harrow the Ninth, Tamsyn Muir

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 17)

Upcoming appearances:

* 3 Big Ideas To Fix the Internet, Oct 7,

* Wired Nextfest Italia, Oct 10,

* The Attack Surface Lectures: 8 nights of bookstore-hosted events in
which I and a massive group of entertaining and knowledgeable experts
discourse on my latest novel's themes, Oct 13-22

Recent appearances:

* Disney's Haunted Mansion (Nelda Live)

* Digital Rights, Surveillance Capitalism & Interoperable Socks (MMT

* If Big Tech Is Toxic, How Do We Build Something Better? (panel)

Latest book:

* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet
analyzing the true harms of surveillance capitalism and proposing a

* "Little Brother/Homeland": A reissue omnibus edition with a new
introduction by Edward Snowden:
https://us.macmillan.com/books/9781250774583; personalized/signed copies

* "Poesy the Monster Slayer" a picture book about monsters, bedtime,
gender, and kicking ass. Order here:
https://us.macmillan.com/books/9781626723627. Get a personalized, signed
copy here:

Upcoming books:

* "Attack Surface": The third Little Brother book, Oct 20, 2020.

This work licensed under a Creative Commons Attribution 4.0 license.
That means you can use it any way you like, including commercially,
provided that you attribute it to me, Cory Doctorow, and include a link
to pluralistic.net.


Quotations and images are not included in this license; they are
included either under a limitation or exception to copyright, or on the
basis of a separate license. Please exercise caution.


🗣 How to get Pluralistic:

Blog (no ads, tracking, or data-collection):


Newsletter (no ads, tracking, or data-collection):


Mastodon (no ads, tracking, or data-collection):


Twitter (mass-scale, unrestricted, third-party surveillance and


Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):


*When life gives you SARS, you make sarsaparilla* -Joey "Accordion Guy"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20201007/d709898e/attachment.sig>

More information about the Plura-list mailing list