Today's links
Against transparency (permalink)
Walk down any street in California for more than a couple minutes and you will come upon a sign warning you that a product or just an area "contains chemicals known to the state of California to cause cancer."
These warnings are posted to comply with Prop 65, a 1986 law that requires firms to notify you if they're exposing you to cancer risk. The hope was that a legal requirement to warn people about potential carcinogens would lead to a reduction in the use of carcinogens in commonly used products. But the joke's on us: since nearly everything has chemicals that trigger Prop 65 warnings, the warnings become a kind of background hiss. I've lived in California five times now, and I've never once seen a shred of evidence that a Prop 65 warning deters anyone from buying, consuming, using, or approaching anything. I mean, Disneyland is plastered in these warnings.
The idea behind Prop 65 was to "inform consumers" so they could "vote with their wallets." But "is this carcinogenic?" isn't a simple question. Many chemicals are carcinogenic if they come into contact with bare skin, or mucus membranes, but not if they are – for example – underfoot, in contact with the soles of your shoes. Other chemicals are dangerous when they're fresh and offgassing, but become safe once all the volatiles and aromatics have boiled off of them.
Prop 65 is often presented as a story of overregulation, but I think it's a matter of underregulation. Rather than simply telling you that there's a potential carcinogen nearby and leaving you to figure out whether you've exceeded your risk threshold, a useful regulatory framework would require firms to use their products in ways that minimize cancer risk. For example, if a product ships with a chemical that is potentially carcinogenic for a couple weeks after it is manufactured, then the law could require the manufacturer to air out the product for 14 days before shipping it to the wholesaler.
"Caveat emptor" has its place – say, at a yard-sale, or when buying lemonade from a kid raising money for a school trip – but routine shopping shouldn't be a life-or-death matter than you can only survive if you are willing and able to review extensive, peer-reviewed, paywalled toxicology literature. When a product poses a serious threat to our health, it should either be prohibited, or have its use proscribed, so that a reasonable, prudent person doing normal things doesn't have to worry that they've missed a potentially lethal gotcha.
In other words, transparency is nice, but it's not enough.
Think of the "privacy policies" you're asked to click through a thousand times a day. No one reads these. No one has ever read these. For the first six months that Twitter was in business, its privacy policy was full of mentions to Flickr, because that's where they ganked the policy from, and they missed a bunch of search/replace operations. That's funny – but far funnier is that no one at Twitter read the privacy policy, because if they had, they would have noticed this.
You know what would be better than a privacy policy? A privacy law. The last time Congress passed a consumer privacy law was in 1988, when they banned video store clerks from disclosing which VHS cassettes you took home. The fact is that virtually any privacy violation, no matter how ghastly or harmful to you, is legal, provided that you are "notified" through a privacy policy.
Which is why privacy policies are actually privacy invasion policies. No one reads these things because we all know we disagree with every word in them, including "and" and "the." They all boil down to, "By being stupid enough to use this service, you agree that I'm allowed to come to your house, punch your grandmother, wear your underwear, make long distance calls, and eat all the food in your fridge."
And like Prop 65 warnings, these privacy policies are everywhere, and – like Prop 65 warnings – they have proven useless. Companies don't craft better privacy policies because so long as everyone has a terrible bullshit privacy policy, there's no reason to.
My blog, pluralistic.net has two privacy policies. One sits across the top of every page:
Privacy policy: we don't collect or retain any data at all ever period.
The other one appears in the sidebar:
By reading this website, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
The second one is a joke, obviously (it sits above a sidebar element that proclaims "Optimized for Netscape Navigator."). But what's most funny is that when I used to run it at the bottom of all my emails, I totally freaked out a bunch of reps from Big Tech companies on a standards committee that was trying to standardizes abusive, controlling browser technology and cram it down two billion peoples' throats. These guys kvetched endlessly that it was unfair for me to simply declare that they'd agreed that they would do a bunch of stuff for me on behalf of their bosses.
My first response was, of course, "Lighten up, Francis." But the more I thought about it, the more I realized that these guys actually believed that showering someone in endless volleys of fine print actually created legal contracts and consent, and that I might someday sue their employers because I had cleverly released myself from their BOGUS AGREEMENTS.
Of course, that would be very stupid. I can't just wave a piece of paper in your face, shout "YOU AGREED" and steal your bike. But substitute "bike" for "private data" and that's exactly the system we have with privacy policies. Rather than providing notice of odious and unconscionable behavior and hoping that "market forces" sort it out, we should just update privacy law so that doing certain things with your private data is illegal, without your ongoing, continuous, revocable consent.
Obviously, this would come as a severe shock to the tech economy, which is totally structured around commercial surveillance. But the fact that an extremely harmful practice is also extremely widespread is not a reason to keep on doing it – it's a reason to stop. There was a time when we let companies sell radium suppositories, and then, one day, we just banned companies from telling you to put nuclear waste up your asshole:
https://pluralistic.net/2024/09/19/just-stop-putting-that-up-your-ass/#harm-reduction
We didn't fall back on the "freedom to contract" or "bodily autonomy." Sure, what you do with your body is your own business, but that doesn't imply that quacks should have free rein to trick you into using their murderous products.
And just as there are legitimate, therapeutic uses of radioisotopes (I'm having a PT scan on Monday!), there are legitimate reasons to share your private data. We don't need to resort to outright bans – we can just regulate things. For example, in 2022 Stanford Law's Mark Lemley proposed an absolutely ingenious answer to abusive Terms of Service:
https://pluralistic.net/2022/08/10/be-reasonable/#i-would-prefer-not-to
Lemley proposes constructing a set of "default rules" for routine agreements, made up of the "explicit and implicit" rules of contracts, including common law, the Uniform Commercial Code, and the Restatement of Contracts. Any time you're presented with a license agreement, you can turn it down in favor of the "default rules" that everyone knows and understands. Anyone who accepts a EULA instead must truly be consenting to a special set of rules. If you want your EULA to get chosen over the default rules, you need to make it short, clear and reasonable.
If we're gonna replace "caveat emptor" with rules that let you go about your business without reading 10,000,000 words of bullshit legalese every time you leave your house (or pick up your phone), we need smart policymakers to create those rules.
Since 2010, America has had an agency that was charged with creating and policing those rules, so you could do normal stuff without worrying that you were accidentally signing your life away. That agency is called the the Consumer Finance Protection Bureau, and though it did good work for its first decade of existence, it wasn't until the Biden era, when Rohit Chopra took over the agency, that it came into its own.
Under Chopra, the CFPB became a powerhouse, going after one scam after another, racking up a series of impressive wins:
https://pluralistic.net/2024/06/10/getting-things-done/#deliverism
The CFPB didn't just react, either. They staffed up with smart technologists and created innovative, smart, effective initiatives to keep you from getting ripped off:
https://pluralistic.net/2024/11/01/bankshot/#personal-financial-data-rights
Under Chopra, the CFPB was in the news all the time, as they scored victory after victory. These days, the CFPB is in the news again, but for much uglier reasons. For billionaire scammers like Elon Musk, CFPB is the most hated of all the federal agencies. Musk's Doge has been trying to "delete the CFPB" since they arrived on the scene, but their hatred has made them so frenzied that they keep screwing up and losing in court. They just lost again:
https://prospect.org/justice/2025-04-18-federal-judge-halts-cfpb-purge-again/
Trumpland is full of the people on the other side of those EULAs, the people who think that if they can trick you out of your money, "that makes me smart":
https://pluralistic.net/2024/12/04/its-not-a-lie/#its-a-premature-truth
If Musk can trick you into buying a Tesla after lying about full self driving, that doesn't make him a scammer, "that makes him smart." If Trump can stiff his contractors, that doesn't make him a crook, "that makes him smart."
It's not a coincidence that these guys went after the CFPB. It's no mystery why they've gone after every watchdog that keeps you from getting scammed, poisoned or maimed, from the FDA to the EPA to the NLRB. They are the kind of people who say, "So long as it was in the fine print, and so long I could foist that fine-print on you, that's a fair deal." For them, caveat emptor is a Latin phrase that means, "Surprise, you're dead."
It's bad enough when companies do this to us, be they Big Tech, health insurers or airlines. But when the government takes these grifters' side over yours – when grifters take over the government – hold onto your wallets:
https://www.citationneeded.news/trump-crypto-empire/
(Image: Cryteria, CC BY 3.0, modified)
Hey look at this (permalink)
Object permanence (permalink)
#20yrsago New copyright bill panders to Christian Right, copyfighters, Hollywood https://web.archive.org/web/20050421040240/https://www.wired.com/news/politics/0,1283,67269,00.html
#10yrsago A bill to fix America’s most dangerous computer law https://www.techdirt.com/2015/04/17/bill-introduced-to-fix-broken-dmca-anti-circumvention-rules/
#10yrsago Inside Islamic State’s spookocracy https://www.spiegel.de/international/world/islamic-state-files-show-structure-of-islamist-terror-group-a-1029274.html
#10yrsago Internet.org: delivering poor Internet to poor people https://scroll.in/article/721541/Poor-internet-for-poor-people:-why-Facebook’s-Internet.org-amounts-to-economic-racism
#10yrsago Iridescent insect sculptures from ewaste https://www.etsy.com/shop/DewLeaf?ref=shopsection_leftnav_1
#5yrsago Poor countries denied covid aid https://pluralistic.net/2020/04/19/shared-microbial-destiny-2/#shared-microbial-destiny
#5yrsago Gilead, the remdesivir welfare queens https://pluralistic.net/2020/04/19/shared-microbial-destiny-2/#remdesivir
#5yrsago 80% of the stimulus tax break will go to 43,000 people https://pluralistic.net/2020/04/19/shared-microbial-destiny-2/#trickle-down
#1yrago Precaritize bosses https://pluralistic.net/2024/04/19/make-them-afraid/#fear-is-their-mind-killer
Upcoming appearances (permalink)
- Auckland: Unity Books, May 2, 6PM
https://www.eventbrite.co.nz/e/an-evening-with-cory-doctorow-tickets-1320740102199
-
Wellingon: Unity Books, May 3, 3PM
https://www.unitybooks.co.nz/news-and-events/author-talk-picks-and-shovels-by-cory-doctorow
-
Pittsburgh: Picks and Shovels at White Whale Books, May 15
https://whitewhalebookstore.com/events/20250515
-
Pittsburgh: PyCon, May 16
https://us.pycon.org/2025/schedule/
-
PDX: Teardown 2025, Jun 20-22
https://www.crowdsupply.com/teardown/portland-2025
-
PDX: Picks and Shovels with bunnie Huang at Barnes and Noble, Jun 20
https://stores.barnesandnoble.com/event/9780062183697-0
-
London: How To Academy with Riley Quinn, Jul 1
https://howtoacademy.com/events/cory-doctorow-the-fight-against-the-big-tech-oligarchy/
-
Manchester: Picks and Shovels at Blackwell's Bookshop, Jul 2
https://www.eventbrite.co.uk/e/an-evening-with-cory-doctorow-tickets-1308451968059
-
Manchester: Co-operatives UK Co-op Congress keynote, Jul 3
https://www.uk.coop/events-and-training/events-calendar/co-op-congress-2025-book-your-place
-
New Orleans: DeepSouthCon63, Oct 10-12, 2025
http://www.contraflowscifi.org/
Recent appearances (permalink)
-
- The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
-
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
-
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
-
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
- Enshittification: Why Everything Suddenly Got Worse and What to Do About It, Farrar, Straus, Giroux, October 7 2025
https://us.macmillan.com/books/9780374619329/enshittification/
-
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026
-
Enshittification, Why Everything Suddenly Got Worse and What to Do About It (the graphic novel), Firstsecond, 2026
-
The Memex Method, Farrar, Straus, Giroux, 2026
Today's top sources:
Currently writing:
- Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Status: second pass edit underway (readaloud)
-
A Little Brother short story about DIY insulin PLANNING
-
Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025
Latest podcast: Nimby and the D-Hoppers CONCLUSION https://craphound.com/stories/2025/04/13/nimby-and-the-d-hoppers-conclusion/
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/@pluralistic
Medium (no ads, paywalled):
https://doctorow.medium.com/
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
ISSN: 3066-764X
/s3/static.nrc.nl/wp-content/uploads/2025/04/19155831/web-1904BUI_tunis.jpg)
