Vendors must start adding physical on/off switches to devices that can spy on us

Update (May 15, 2019): This post was linked and its author quoted as a source in this Fast Company article on the same subject.

Where's my webcam's off switch?

Have you ever noticed that your webcam doesn't have an "off" switch? I looked on Amazon, and I couldn't find any webcams for sale that had a simple on/off switch. When I thought I found one, but it turned out just to have a light that turns on when the camera is in use, and off when not—not a physical switch you can press or slide.

The "clever" solution is supposed to be webcam covers (something Mark Zuckerberg had a hand in popularizing); you can even get a webcam (or a laptop) with such a cover built in. How convenient! I've used tape, which works fine.

But a cover doesn't cover up the microphone, which could be turned on without your knowledge. Oh, you think that's impossible? Here are some handy instructions. Or maybe you'll say you're not paranoid—it's not a serious problem? Don't be so naive, said the FBI seven years ago (they're worried about predators stalking children), and the Atlantic, and USA Today more recently. The issue isn't going away. With hacking skills growing more common, the problem has surely grown, if anything, more dire.

Another "clever" solution is to use a software off switch, like this (for Windows). But it simply turns your webcam's driver on and off. Of course, it's not too hard for a sufficiently skilled hacker to turn your driver back on and start recording you without your knowledge.

For USB devices, you can use a USB off switch like this, which seems like a good idea; but it doesn't solve the problem for devices with built-in cameras and microphones like laptops and smart phones.

The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

Do any computer cameras with "off" switches (not just covers) exist? They seem to be very rare at best, but I was able to find one: the company building a Linux phone, Purism, has a whole page devoted to the joys and wonders of its off switch—which is kind of ridiculous, if you think about it. The humble "off" switch is now high technology. It is a significant selling point for the single device that I could find that comes equipped with one.

(By the way, I have absolutely no relationship to Purism. I write about them because their focus is privacy and I've been writing a lot about privacy.)

The kill switch on Purism's Librem laptop (c) Purism 2019

Your phone has the same problem, you know

Tape over the webcam? Covers to disable the functionality we paid for? Why on earth do we go to these lengths when hardware vendors could simply sell their products with off switches? The more I think about it, the more I find it utterly bizarre. Don't these companies care?

I've just been talking about webcams, but let's talk about the really horrible spy devices: your smart phone. Oh, your Android phone can't be hacked? Here are some handy video instructions, viewed over 300,000 times and upvoted 1,100 times. Surely not your iPhone? Don't be so confident; hackers are very creative, as (for example) the Daily Mail has reported, and besides, Apple is proud of its patent allowing remote control of iPhone cameras.

Besides, it's been known since at least 2014 that the NSA had developed, as early as 2008, software to remotely access anybody's phone.

And yet there isn't a hardware off switch for your phone's camera and microphone, short of turning the device entirely off (but there's an app to turn the camera off). A device equipped with a hardware "off" switch for the camera and microphone isn't yet on the market, as far as I know. Purism is making one.

It's not just your webcam and your phone that you need to worry about, by the way. Do you have a smart speaker? At least you can mute Amazon Echo's microphone, and it's apparently a hardware switch, too, so well done, Jeff Bezos. That's important, if true, because it prevents software exploits. I found no word on whether Google Home's and Apple HomePod's mute buttons are hardware switches; maybe not. How about a surveillance or doorbell camera? How about your smart TV? Those can be hacked too, of course, and some of them are always listening. Wouldn't it be nice to have the peace of mind that they aren't listening to you when you're not using the TV?

In short, what if you want to turn these devices' cameras and microphones off sometimes, for some perfectly legitimate reason? Can you do so in a trustworthy, hardware-based way? In most cases, for most devices, the answer is No.

Let's demand that hardware vendors build hardware "off" switches

It's almost as if the vendors of common, must-have devices want to make it possible to spy on us. An enterprising journalist should ask why they don't make such switches. They certainly have deliberately made it hard for us to stop being spied upon—even though we're their customers. Think about that. We're their bread and butter, and we're increasingly and rightly concerned about our security. Yet they keep selling us these insecure devices. That's just weird, isn't it? What the hell is going on?

But this, you might say, is both paranoid and unfair. Surely the vendors don't intend to spy on you. Why would they add an off switch when nobody will turn your camera and microphone on without your consent?

But, as I already said, it's a hard, cold fact that hackers and government and corporate spies can and sometimes do turn our cameras and microphones on without our consent. This isn't controversial and, for anybody who is slightly plugged-in, shouldn't be surprising. Security experts have known that, for many years, regardless of the intentions of hardware vendors like Logitech and Apple and large software vendors like Skype and Snapchat, the hardware, firmware, and software that run our devices just are susceptible to hacking. It's just a fact, and we are right to be concerned. So these companies are responsible for building and selling insecure systems. At a minimum, they could be made significantly more secure with a tiny bit of hardware: the humble "off" switch.

If your webcam, or your phone, or any other device with an Internet-connected camera or microphone (think about how many you own) has ever been hacked, these companies are partly to blame if it was always-on by design. They have a duty to worry about how their products make their users less secure. They haven't been doing this duty.

It starts with us. We the consumers need to care more about our privacy and security. We're not powerless here. In fact, we could demand that they give us an off switch.

I think we consumers should demand that webcams, smart phones, smart speakers, and laptop cameras and microphones—and any other devices with cameras and microphones that are connected to the Internet—be built with hardware "off" switches that make it impossible for the camera and microphone to be operated.

Do you agree?


How I chose a NAS

A network-attached storage (NAS) device is your own Internet server—your very own "cloud"! I decided to get one for my own reasons. But which, and configured how, exactly? Here's what I came up with for myself.


A NAS server (credit to Bin im Garten on Wikimedia Commons, CC by-sa 3.0)

After dropping Dropbox, and then ditching Resilio Sync, I decided to get a NAS. To pull this off, it seemed to me I had to answer the following questions:

  1. Type of server. Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS server instead?
  2. Server software. Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?
  3. NAS vendor. There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.
  4. RAID/drive configuration. This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?
  5. Beefiness. How much machine do I need?
  6. Drives. Which drives should I put into the NAS bays?

Answering these questions helped me decide which box I would purchase. But because these are some difficult-sounding and (to me) unfamiliar questions, I decided first to get to the nut of the issue. After all, I did already know why I wanted a NAS and what some of my requirements were.

I wanted a NAS (as I said) first and foremost as a replacement for Dropbox. I actually didn't have very much data in Dropbox; I had more (over 500 GB) on my hard drive, backed up to an external drive. If I felt I more confident about my data storage, backup, and long-term continuation strategies, I might digitize (or pay a kid to) a hell of a lot more of my data. (10 GB per DVD/Blu-Ray at ~200? disks = 2 TB. Could be doable!) So it might be a good idea to err on the side of lots of space.

But the thing that pushed me to a NAS solution, over syncing all my devices directly such as Resilio accomplishes, is the availability of lots of awesome personal cloud software, for things like calendar, contacts, and who knows, maybe even email. (I finally called my current mail hosting provider. They don't encrypt my mail on their servers. They can quite easily read my mail. I don't think they do, but I have to trust them. Sucks to have to trust them. But I will probably not try hosting my own email; that's really hard to get right.) Since Synology has so much decent software (so it appears; check out their packages list and demo), that eventually inclined me toward them. Any NAS should also let you install and run Nextcloud, which is open source and has a boatload of similar free software for your personal home server.

Now, if I was going to put mission-critical things like calendars (which need to be up-to-date!) and shared/collaborative documents on this server, then I should also have a sufficiently beefy and fast machine. (I also upgraded my Internet connection to the fastest home connection.) One of the differences between Synology and QNAS is that the latter is supposed to be stronger on hardware specs but weaker on software functionality (maybe). That was bothersome, because I wanted both to be awesome.

All right then—how did I answer the questions?

Type of server

Question: Should I roll my own personal server using Nextcloud (or OwnCloud; but probably Nextcloud) on Linux, with a regular web server (device/box/CPU), or get a NAS device instead?

This one was easy to dispatch. It looked to me as if, supposing I tried to set up my own server, then running Nextcloud on it wouldn't be the hard part; running a good old-fashioned server would be. I'd have to make time to learn good old-fashioned server administration, which would be hard even if I ran FreeNAS, an open source operating system for self-built NASes. And even if I wanted to do that (server administration would be a cool skill to have), if I don't have to learn all that, because NASes solve all these problems for me, then I don't wanna.

Now, if I were still a poor student or a full time developer/engineer, maybe I'd be rolling my own. But since I can afford to let someone else do all the hard server setup work, I reasoned, I will.

So, I said, forget that noise. It's a NAS for me, period.

Server software

Question: Assuming the actual box I purchase is a NAS, should I go with the proprietary software installed on the box (of any kind), or install Nextcloud and plan to use those features?

When I first wrote the above questions, I was laboring under the false assumption that I would have to choose between the Nextcloud suite of server applications and whatever Synology or QNAP offered. But this is false. You can run both on the same NAS!

There are a number of guides online to installing Nextcloud on Synology and on QNAP. So if I want the functionality that Nextcloud offers, because Synology, QNAP, or any other NAS doesn't cut the mustard, then I can always do that.

My biggest misgiving, to be honest, is that companies like Synology and QNAP don't always seem to have the user's privacy foremost in mind, but they're better than most. (I found this discussion of the issue useful.) Certain apps and support might require that the vendor will have some access to your data. But this is the price you pay for not using free software; as far as I know, the only way to absolutely guarantee the privacy of your information is if you enjoy total ownership over your hardware and software. But in this case, it involves developing skills (server administration) that I just don't have time for these days. So I'll just have to be careful and conscientious in what information I give to the vendor, what I install, what privacy issues it has, etc.

Besides, I figured, I could always install and run NextCloud on the device, and that's open source. So maybe was OK.

As this was a question I didn't have to answer yet, I decided to kick it down the road.

NAS vendor

Question: There are actually two-closely related questions here. (a) Which brand of NAS box should I purchase if I do decide to use proprietary server software for the NAS? (b) Which proprietary server software do I prefer, regardless of the box? It is the combination of the two questions that would determine which vendor I'd purchase from.

This was the first question that I couldn't quickly gloss over. Given that I knew I'd be buying a NAS, it followed that I'd be buying a machine that is already set up with its own operating system and, in the cases I'm most interested in, support for the suite of cloud apps I'm after (actually pure Linux NAS systems are available, but strangely expensive).

I had a few desiderata here:

  • Must have strong privacy and security policies and practices. The biggest reason to get a NAS, for me, is to avoid the privacy and security issues associated with hosting my data in a shared public cloud like Dropbox. So the operating system had better not phone home, the way Windows and Mac do, and the software should generally have strong privacy practices. Strong plus if data encryption features and two-factor authentication are built in and automatic or easy to implement.
  • Must be fast and powerful enough for daily use. I'm not sure how powerful it has to be, and it certainly depends on my Internet connection. But the bottom line is that syncing should not take forever, I shouldn't have to constantly wait for things like calendar entries to update, chat apps shouldn't be laggy, photos should upload and download reasonably fast so my family and I can use the server, etc.
  • Software in the ecosystem must be feature-rich and easy-to-use. Assuming it makes sense to make generalizations about the software ecosystem of a vendor, the software should be advanced and "ready for prime time," or as much as possible. For example, the syncing software should enable me to restore old versions that were mistakenly deleted. I should be able to share files with fine-grained permissions. The office collaboration apps (Google Docs/Sheets replacement) should offer real-time updating without significant edit conflicts. Updating the system should be automatic, i.e., as easy as it is to update Ubuntu (more or less automatic, if that's what I want, as it happens to be).
  • Prefer good reputation and reviews. Specs count for a lot, but so do reviews and reputation.

There are, essentially, two top NAS vendors that everybody talks about: Synology and QNAP. There are other vendors, to be sure, including (not a complete list) Asustor, TerraMaster, Netgear, and WD. But Synology and QNAP seem to be the gold standard, and since I had no desire to spend many hours or days looking over the differences between all the others, I initially narrowed down my choice to these two.

In my travels around the Internet, I found that Synology is marketed and thought of as being a home solution for the average reasonably technical user—or perhaps just for anybody who values UX highly, regardless of skill level. (I don't really know.) It apparently has an emphasis on simplicity and usability—the demo linked above gives great evidence of that—but sometimes (so I read) at the expense of configurability or choice. Synology puts more money into software than hardware, according to one prolific NAS reviewer; for the same money, a Synology box has more usable software but less satisfying hardware stats and overall speed than QNAP.

QNAP is sometimes portrayed as being more of a solution for more technical users, for whatever that's worth. While both ecosystems are based on Linux (and therefore presumably very configurable at some level), QNAP is again reputedly more configurable and speedier. It also has more apps available—but the apps are also sometimes a bit dodgier, or so I read. All of that sounds like Linux to me, frankly; but QNAP is actually more often compared to Windows and Android. Whatever, such comparisons are surely of limited value.

On this limited basis, being on the techier side who likes configurability, I was initially inclined toward QNAP. But on second and third thoughts, I heard a lot of breathless praise for Synology and the quality of its apps, including from some very technical people. And after all, I really care about software quality. Synology advocates say that its software "just works"—hugely important. A random person on Reddit replied to me saying, "From personal experience I run both Synology and QNAP devices and have done for several years. Synology has more robust software, generally more stable and less security flaws. QNAP provides faster hardware for the same money."

Reddit commenters seem to be fairly evenly divided between the brands, and machines from both brands are similarly rated 4 to 4.5 stars on Amazon.

I decided in the end to go with Synology. Usability is key. But I'd probably be about as happy with QNAP.

RAID/drive configuration

Question: This also has two closely-related questions. (a) What RAID configuration should I plan to set up? (b) How many bays should I plan to get? In other words, how many drives will the server have, and how will they function together to serve as automatic backup or redundancy?

A few different technical observers have said that one should err on the side of many bays, and that two is a definite non-starter. Why? Because two bays won't give you enough space unless you use a no-RAID setup, and part of the beauty of a NAS is that it has RAID support built in. (RAID, in case you didn't know, is an acronym for "Redundant Array of Independent Disks," and it is the practice of mirroring, and otherwise intelligently managing, data across several disks. It isn't the same as backup, but it can save you from losing data, so it can be a useful part of an overall backup plan.)

On the other hand, I don't have that much data, to be honest. Since Synology is expandable, I didn't go crazy and get a hell of a lot more space than I need—just a lot more than I need. For my personal, family, and modest business needs, I decided to get a five-bay device (it would have been four bays, but a five-bay device had double the RAM) and put three 2 TB drives in it. According to Synology's RAID calculator, this gives me something less than 4 TB of usable space, which is a lot for me. If I really wanted to rip all my movies, I'd have more than enough room. I can always add more drives and increase the size of the drives, too.

As far as which RAID configuration to use, since I've decided to go with Synology, I didn't even need to think about which kind to use: I just went with the cool "Synology Hybrid Raid" (SHR) setup. I don't understand it very well myself, except that it's supposed to be better than traditional RAID configurations for most uses.

Beefiness

Question: How much machine do I need?

When I sat down to figure out "how much machine I need," assuming I was going to get a Synology with four (or five) bays, I asked the Synology subreddit for help and the respondents generally said to just go ahead and get the beefiest four-bay machine. It was well within my price range and good value for the money, a couple people said. I asked a related question on r/HomeServer, where the DIY geeks tried but failed to make me feel guilty for not building my own server. (I did learn that I should choose my forums more carefully, though; and that, indeed, I might want to build my own server eventually, or have my son do it for me.)

A higher-end machine seemed necessary if I wanted to support (a) several simultaneous connections, (b) non-laggy real-time collaborative editing, (c) video streaming (seems like a good idea if the device is capable of it), (d) several apps/server processes running simultaneously.

So I decided to get the option with the most powerful processor (quad core Intel) and most RAM without actually voiding the warranty, and that ended up being this one.

Drives

Almost done! Last question: Which drives should I put into the NAS bays?

I have absolutely nothing intelligent to say on this one. I'll just share my conclusions. There are two main brands and models touted for NAS devices: Seagate IronWolf and Western Digital Red. Mostly because someone at Micro Center recommended them, I went with the SeaGate IronWolf. You can also choose the slower or faster versions; I got the faster-rated "Pro" version because disk access speed might actually improve the speed of response from my NAS when I'm out and about.

Conclusion

Wish me luck. The NAS and drives should arrive next week, and then I'll look forward to installing them on my network. I'll be getting a new router, too. (You should have a fast, secure, and modern router for a NAS, I gather, but I won't bore you with my ruminations on that.) All of that shouldn't take long. Rather longer will be the installation of the many and various NAS apps (and corresponding mobile apps) I'll need, along with the upgrading of my contacts, calendar, and of course my file sync program. The longest part of that process will probably be the actual copying of data from my computer's drives to the NAS. Hopefully, I won't have too much trouble converting my data folders, now associated with Resilio Sync (and earlier, with Dropbox) to whatever the Synology app I use on my computers and phone.

Another necessary step will be to do setup a zero-knowledge cloud backup—one that is strictly a backup, with no sync, no file access, no nothing but encrypted data storage. Should be fairly cheap (much cheaper than syncing services like Dropbox).

And another thing: I'll have to really lock down the NAS, since so much important info will be on it. Fortunately, Synology does have a lot of tools for doing that.

And another: I might want to route all outbound traffic from my NAS through a VPN. That's possible. (You can also use the NAS itself as a VPN node, but I'm not sure why, if you've already got a VPN to use; maybe a reader can tell me.)

What about the fun stuff? Well, in the very near future, I look forward to being able to do all this:

  • Delete all Google Docs I own; host my own real time collaborative documents. All of the Google Docs and Sheets I own, I'm moving to the corresponding Synology app on my own server. As far as I've been able to ascertain, the functionality is pretty much identical. I can't necessarily expect my work colleagues to stop using Google Docs, so I won't be able to rid myself of my Google account completely, but I will be able to get rid of most of my dependency on it. (There's still YouTube, though. I'm still all in, there.) But the cool part of course is that the documents I edit in real time will live right there on my own machines, in a private network I can open up to whomever I want.
  • Delete Google contacts. Completely delete all my contacts from Google, because I'll have them in a single central copy on my NAS (but with redundant copies on my devices).
  • Delete Gmail archive and set up Gmail vacation message. Since that was the main thing I was waiting for before rendering my Gmail account nonfunctional, I'll then make sure I have a local copy of all my Gmail archive, then delete all my old mails from Google servers. Then, finally, set up a "email me at my new address" on Gmail, something I've sort of been putting off until getting completely ready to separate myself from Gmail (not just my ongoing personal mail use, but all data archives, too).
  • Move Gcal data to Synology Calendar. I'm still using Gcal because I haven't had a privacy-respecting cloud solution. Soon, I will. Finally I'll be telling my colleagues to put my appointments invites on my own calendar on nas.sanger.io or—why not—just send me a mail and I'll add it myself. We've gotten so used to dealing with automatic invites that we've forgotten how stupid simple adding an appointment is by hand yourself. Hardly any time at all.
  • Stop using Slack for family chatting; start using chatting on our family server. Even if Papa is on the other side of the world, we'll be able to connect to each other via the same server that's right at home. My wife won't worry (as she does) that someone at Slack (or some hacker) is watching over our shoulders, since the whole encrypted chat takes place via our own server.
  • Keep my password manager datafiles in sync. I've had trouble with this ever since switching to Resilio and trying to use a single datafile shared by all instances. Instead, now I'll be able to use Synology's (and Enpass's) support for the WebDAV standard to keep the datafiles in sync. Yay!
  • Share pix with family like Dropbox, listen to streaming music, audiobooks, and podcasts like Pandora, and watch ripped streaming videos from anywhere like Netflix. Seriously, Synology even designed their video player's UX like Netflix's. So if I do decide to rip all those DVDs, I'll be able to watch videos that were formerly on a shelf in my living room while I'm unwinding after a speech far, far away. We can also stream the videos through the NAS straight to the TV, which is also cool. After this, I might not buy any more physical disks; I might just go ahead and buy digital all the way and stream stuff, assuming I don't have to deal with DRM headaches.
  • Maybe set up a Mastodon instance. That would be a great option, previously not available to me (or, not entirely controlled by me), for a new social media experiment I can use with my former Facebook friends.
  • Maybe get some security cameras. I wouldn't have done it before for the simple reason that I don't want the data online, as it would be. But if I can host the data myself, maybe it's OK.

Of course, there's a huge caveat: if it works as advertised. We'll see!


I'm not sure my career illustrates the value of a humanities degree, but the BBC thought so anyway

I was quoted by the BBC explaining the purpose of the liberal arts:

BBC graphic

The BBC article quotes this 5-year-old post from the very blog you are now reading.

A few days earlier, I was on the BBC's list of "star performers" with humanities degrees, a sidebar of their article explaining "Why 'worthless' humanities degrees may set you up for life":

"Star performer" is not exactly the description I would have given myself, but who am I to disagree with the BBC?

Also, of course, humanities degrees are not all created equal, and your mileage may vary.


There are no NPCs

International travel drives home that insight that, contrary to a put-down used by immature people, and consistent with Jordan Peterson's frequent observation that our biographies are all fascinating, there are no NPCs in the world: the variety of human experience is stunning.

Yesterday I was delayed (here in Tokyo) by a long, long queue of pretty young Japanese women, all dressed exactly alike (black skirt, white blouse). I was told they had been interviewing for jobs. When I asked why they dressed all alike, I was told simply "Japanese culture." I instantly imagined someone watching the parade of future businesswomen and thinking of them as interchangeable drones, or movie extras, or "NPCs." But I am incapable of viewing them that way.

These ladies were not "NPCs." Each had her own story; the perspective of each would, upon sufficient examination, be fascinating. The fact that they were dressed alike, while perhaps odd to Westerners like myself, is meaningless when it comes to their real individuality.

If the error of racism is dehumanization, its opposite is to look past apparent, reductive commonalities to what is unique, contextualized, and valuable in each of us. And that ultimately comes down to our minds—to how we think things through. I don't mean just our thought processes, but also the many products thereof, including our culture: philosophy, religion, musical tastes, how we conduct ourselves, our fundamental values. These things you must be capable of considering and tolerating, not necessarily supporting. I mean conversation of the sort that friends have, in which, while there might be some give and take and even occasional harshness, there is both sympathy, if not for position, then for common humanity, and a sincere desire to comprehend a point of view.

No one can claim to be enlightened (or "woke") on issues of race, gender, etc., if they are capable of dismissing whole classes of other people. The problem of prejudice has as its root an inability to consider others as individuals. And you can't claim to be tolerant if you are incapable of enjoying, without disgust, a conversation with a very different person, even a person with features you dislike or disagree with. (Of course you can't expect to like everything about everyone.)

So let me ask some hard questions.

  • Democrats: are you capable of having such a conversation with Republicans? Republicans, can you talk seriously with Democrats without giving up in disgust?
  • Committed feminists and men's rights activists, could you talk to each other without quitting in horror? I don't mean you have to tolerate abuse (I don't); but if they're just saying stuff you dislike, but politely, can you handle it?
  • Socialists, could you have a beer with a libertarian? Libertarians, will the thought that the person you're boozing with would love for you to be taxed at 70% (or whatever) permanently turn you off?

Etc., etc.

Even better, can you look past your disagreements and see lovely things about the other person?

You are intolerant, you are bigoted, if you are incapable of these sorts of conversations. Sorry to be harsh, but it's an important truth a lot of people seem not to realize, and they need to start doing so.

I doubt anybody really disagrees with me, too. I'd be fascinated to hear if anybody did. Many of us just need to grow a little more, and get off our high horses, and our social and political discourse could be radically improved.

How about it?


Ad Astra Per Aspera

This content is password protected. To view it please enter your password below:



Cloud smackdown: NAS vs. Resilio Sync vs. Zero-Knowledge Cloud!

In my ongoing effort to lock down my cyber-life, I jettisoned Dropbox three weeks ago, and I'm quite happy I did.

But I'm not done with the reconfiguration. So, if you have the patience and credulity, you may listen in while an amateur deliberates about the choices...

People more expert about this stuff than I am: please review my various claims here for accuracy. I must thank a gentleman who gave excellent feedback and corrections on my VPN post from a month ago.

Why Resilio Sync isn't working out for me

As I explained in an update, the solution I went with—Resilio Sync plus backup to an external drive—had some drawbacks that were unexpectedly annoying. Foremost among these is the fact that Sync isn't a "set it and forget it" technology, i.e., you have to think about and maintain the state of your syncitude, since your devices have to be on at the same time (and Sync has to be working on both/all of them). Also annoying is having to rely heavily on traditional backup, because if God forbid you should delete something inadvertently, your deletion will propagate among your devices (if they're all on at the same time—entirely possible). I've had to use Dropbox's "restore" feature before; I figure it's only so long before I have to restore something from my backup, and what happens if my backup program's restore feature is screwed up or very hard to use? Oy.

These problems are annoying, but not horrible. However, I definitively decided that I had made the wrong choice when I discovered that Sync has no easy way (that I can find) to support the syncing of contacts, passwords, calendars, bookmarks, and text editor settings. Sure, you can sync a data file, but insofar as this same data file (i.e., identical copies of it) must interact correctly with software on each of your systems, then unless the software is specially and carefully written to work with an independent datafile that works the same on all your systems (I think Sublime Text is OK here), you should let your local copy of the software update its own copy of its datafile. This is one of those technical issues that sounds very abstruse, but which poses very real, concrete problems when the rubber meets the road.

The problem, essentially, is that you need to let your software (browser, password manager, calendar, or text editor) handle its own syncing via the cloud. There are two ways in which software can do this for you: (1) you use a cloud you pay for, like Dropbox (e.g., Enpass supports Dropbox syncing), or (2) you use the software vendor's cloud/server, as email syncs via IMAP with your mail host, which you must trust, or as Chrome and Firefox do with bookmarks, and as Apple does with your contacts and calendar. Boo! Hiss! I'd rather handle this myself and avoid the privacy/security risks, if I can.

Your very own cloud server: a NAS

Well...having decided I'm going back to the drawing board on a cloud/device syncing solution, I recalled that NAS devices solve this general problem very neatly. NAS means "network-attached storage," and it means basically your very own personal cloud server. It's an actual box that lives in your home or office, but it's also on the Internet, so you can access it from anywhere. It's not a traditional desktop computer; it's a server. With a NAS, when you sync your devices, they don't all have to be on, because they sync via the NAS, which is always on (but don't worry, it doesn't use much energy). If you ever have to restore your files, the NAS makes it easy without the trouble or worry of having to interact with fiddly backup software. In other words, "file restoration" is built in to the NAS's syncing software—an "undo" button for inadvertent deletion.

NASes (especially the Synology brand) come with a whole raft of software for syncing particular types of data that work with different apps, like calendars (oh joy! Finally, a plausible replacement for Gcal!), address books, passwords (using WebDAV), and more. This is a decided advantage over Resilio Sync, which simply doesn't offer such solutions.

NAS devices also support cloud-based collaborative document editing—basically, they replace Google Docs. It's insane what a NAS can do for you: not just syncing documents and data, not just collaborative document editing, but also (these are all available Synology packages/apps)

  • calendar (replaces Gcal and Apple calendar via iCloud)
  • contacts/address book (CardDav; replaces various)
  • chat (replaces Facebook Messenger, Slack, and Telegram; includes end-to-end encryption)
  • your own frickin' mail server if you're brave enough
  • photo sharing (replaces Instagram, Facebook, or whatever you use to share pictures with your family and friends)
  • Discourse (host your own web forum)
  • Apache and support for various programming languages like Java, Node.js, PHP, Ruby, as well as databases; i.e., make your NAS an actual, fully-functional web server
  • Redmine (project management and ticketing system; replaces Zendesk, Pivotal Tracker, Jira, Trello, Asana)
  • multiple options for blog, CMS, and wiki systems
  • video hosting and podcasting
  • VPN (i.e., turn your NAS into a VPN node)
  • Git and Git Server (put your code on your own Git server instead of using Github or Gitlab; handy if you have totally private projects)
  • built-in backup for the NAS

In short, just think of all the computing functions you farm out to the Internet just because you want something "always available from anywhere using a brower." Well, pretty much all of those services can be had via your own NAS, and a sizeable company (Synology) supports the software.

Now, I'm not saying these apps are as good as the ones available to you from the professionals. Your NAS is not likely to be as fast or as reliable as your current web host. But (a) it's yours, and (b) you don't have to worry about the prying eyes of corporate workers, or about hackers attacking the big corporate data honeypots (they might take a crack at your NAS if they think its defenses are poor, though).

Wait, what about zero-knowledge cloud services?

Oh, you thought I had forgotten about zero-knowledge cloud services, like Sync.com, Spider Oak, Pcloud (my son threatened to use this one himself because he didn't like Resilio Sync), and others?

I started out thinking these were good options, but in retrospect I see they don't hold a candle to NASes. They specialize in being always-on, reliable, and secure cloud sync/backup options. And that's good. The problem, however, is that there are an awful lot of cloud services we rely on that put you and your data in the same boat as Dropbox. And even if you don't need to host your own website or your own mail server, which is admittedly going a bit far, there are very sound reasons at least to want to host your own contacts, passwords, calendar, and so on.

I looked at the features offered by Sync.com, Spider Oak, and Pcloud, and while they seem to nail the traditional Dropbox feature set (which is good!), they don't support the other cloud features I'm anxious to have. One of the next items on my lock-down "to do" list is to finally replace Gcal and Apple Contacts, and to delete my calendar and contacts from Google. I just hate the idea of leaving these problems unsolved. My ambition is to completely divorce my data and habits from Google, Apple, and Microsoft products. I don't see how I can do that without either trusting somebody else, or running my own server. Since zero-knowledge cloud services are so underdeveloped at present—and if I were an investor, I'd put money into that, as it strikes me as a potentially huge growth industry—the only option left is a NAS.

Some final reasonable considerations

Let's take a step back and get reasonable, now.

What is the main concern motivating these deliberations? Not just concern about privacy, but a refusal to entrust sensitive information to corporations that are, essentially, black boxes to me. But maybe I can just accept some risk here. Isn't that reasonable?

Well, I wouldn't be where I am if I was prepared to answer "yes. " My sense of the thing is that having massive amounts of valuable data sitting right in their servers ends up being too much of a temptation to a lot of companies, and they can craft and interpret their privacy policies in a clever enough way to escape much legal risk. And even if I could trust their privacy practices, the many and growing number of security breaches means my data isn't safe.

I also don't like the direction that both government surveillance and authoritarian, paternalistic corporate cultures are moving in; while I don't expect the secret police to bust down the door anytime soon, or the remaining Big Tech companies I have relationships with to cut me off, it's a definite plus to cut ties with these institutions which have become so corrupt.

I admit my motivations are partly (perhaps only a small part) political. I'd like to lead a revitalized, individualistic civil society in a better direction, help support the ecosystem of privacy-respecting companies, and poke snoops, spooks, hackers, and authoritarians in the eye.

All that said, I don't expect others to think about this the way I do. We all have our paths to walk.

As for myself, I've concluded I will get a NAS after all. Wish me luck with the installation and configuration!


The Meaning of Life

...just in case you haven't figured it out yet.

In this old answer, which I still believe and endorse wholeheartedly, I integrate many of popular answers—happiness or flourishing, meaningful work, benefiting mankind, love and family, and integrity—into a single narrative. Three parts below:

https://www.youtube.com/watch?v=_d_ZZR2dCN8
Part 1

https://www.youtube.com/watch?v=u_AMbEqgI5I
Part 2

https://www.youtube.com/watch?v=3LMzpARrUWQ
Part 3


Gay activists and Hollywood liberals vs. traditional Muslims vs. free speech liberals

Here's a richly ironic slice of our strange, sad old world in 2019.

Ellen Degeneres is (quite rightly) protesting the Sultan of Brunei for introducing the death penalty (stoning to death) for gay sex. He's also executing people for adultery, but Ellen doesn't mention that:

https://twitter.com/TheEllenShow/status/1113177461276082177

To this, a reply was posted by an account, "Jihyo" (apparently, the name of a Kpop singer), who claims to be a Demi Lovato fan and medical student, and who writes various pro-Muslim comments. The reply was:

This is a Sharia law in Islam. And lgbt is never okay. I am an educated person & a medical student. In gynecology, urology & dermatology departments, we often get gay patients with terrible diagnoses. They always come with complaints relate to their sexual activities.
(I'm not embedding this because it repeats that Ellen tweet also might well be removed anytime by Twitter. But that's just a cut-and-paste quote of what "Jihyo" wrote.)

In the ensuing war of words, which you can easily imagine if you don't look for yourself, "Jihyo" is taken to task for being "cruel and inhumane," for being not in the "21st century," an "offensive agitator" and "nasty," etc.

One person more seriously responds that "there is no religious justification for this punishment." This is an interesting formulation: does the person mean that no religions cite any justification for stoning gays to death, or that no such religious justification would succeed if attempted?

For their part, the Sultan, his people (who perhaps understandably do not criticize his policies), and this "Jihyo" clearly disagree with both interpretations, as do many other Muslim countries, including Saudi Arabia, Iran, Sudan, Afghanistan, northern Nigeria, Yemen, and others. All have the death penalty for gay sex.

So now we have the interesting spectacle of Ellen, along with reliably progressive celebrities like George Clooney and Elton John, criticizing the Sultan of Brunei for a policy that they might or might not realize is already practiced in the most devoutly Muslim countries of the world.

And, interestingly, nobody is calling them "Islamophobic."

Well, why the hell not? Shouldn't they be called Islamophobic? What gives? If a conservative, or Allah forbid an alt-right conservative, were to dwell for long on the precise same facts about the modern Islamic world, if they were to call traditional Muslims "cruel and inhumane," not in the "21st century," an "offensive agitator" and "nasty," etc., then what would happen to them? Well, the U.K., Canada, Austria (probably all of the E.U.), and other countries do criminalize criticism of Islam—whether such laws should, in fairness, apply to Ellen's criticisms of Muslims seems unclear.

The weird unresolved tensions and rich ironies on display here are no doubt what caught the attention of a Paul Joseph Watson, who has worked for Alex Jones' Infowars for many years. Once, he called himself a member of the "alt right," before the term became much more clearly associated with fascism. He is, whatever else he is, an avowed foe of the left. Earlier today he posted an article on the kerfuffle titled, "LGBT vs Islam (Choose Your Fighter)," and wryly observed, "This one isn’t going to end well, is it?"

But is it only erstwhile "alt right" people like Watson, and free speech zealots like me, who observe the ironies involved here? Of course not. Old-fashioned Bill Maher could be counted on to notice the weirdness, too. He criticized Clooney for proposing a boycott of the Beverly Hills Hotel: "What about Saudi Arabia? If you really want to get back at them, stop driving or using oil."

Gay conservative Andrew Sullivan made some well-placed observations on Maher's show as well: "The nice thing about a free society is that you can have a political life and then you can have your actual life. Not everything has to be political." He added, "We shouldn't be dictating our lives by religion, according to the dictates of wokeness. It kills the vitality of a free society."

Sadly, this hullabaloo will all probably disappear in a week's time. Brunei will start executing gays, just like Saudi Arabia. Gay activists will go back to making common intersectional cause with Muslims from countries where those same gay friends would be executed. After a few years, self-righteous (but strangely unreflective) Hollywood progressives will once again start checking in at the Beverly Hills Hotel. Europeans and Canadians will keep enforcing blasphemy laws against Islamophobes who criticize Islam, even when such unwoke cretins are criticizing Islam for executing homosexuals—as long as the cretins aren't too powerful and aligned with the left, of course. Then it's OK. Then they're not Islamophobes.

Attempting to make sense of all this, the beautiful people will placidly declare that they "contain multitudes." Life will likely go on much as before.


Until this year, when I decided to lock down my cyber-life and reformed how I use social media, instead of writing the above, I would have just posted some snide remarks on Facebook or Twitter. But since I've quit Facebook and don't use Twitter except in service of media I have some control over, i.e., Everipedia and this blog, now I have to consider whether the issue is worth making a whole blog post over. In this case, I thought so.


Zuckerberg Is Wrong: Don't Regulate Our Content

Last Sunday, Mark Zuckerberg made another Facebook strategy post. (This is his second major policy post in as many months. I responded to his March 6 missive as well.) Unsurprisingly, it was a disaster.

I want to shake him by his lapels and say, "Mark! Mark! Wrong way! Stop going that way! We don't want more snooping and regulation by giant, superpowerful organizations like yours and the U.S. government! We want less!"

He says he has spent two years focused on "issues like harmful content, elections integrity and privacy." If these have been the focuses of someone who is making motions to regulate the Internet, it's a good idea to stop and think a bit about each one. They are a mixed bag, at best.

1. Zuckerberg's concerns

Concern #1: "Harmful content"

Zuckerberg's glib gloss on "harmful content" is "terrorist propaganda, hate speech and more." Applying the modifier "harmful" to "content" is something done mainly by media regulators, giant corporations like Facebook, and the social justice left. Those of us who still care about free speech—and I think that's most of us—find the phrase not a little chilling.

Let's be reasonable, though. Sure, on the one hand, we can agree that groups using social media to organize dangerously violent terrorism, or child pornography, or other literally harmful and illegal activity, for example, should be shut down. And few people would have an issue with Facebook removing "hate speech" in the sense of the KKK, Stormfront, and other openly and viciously racist outfits. That sort of thing was routinely ousted from more polite areas of the Internet long ago, and relegated to the backwaters. That's OK with me. Reasonable and intellectually tolerant moderation is nothing new.

On the other hand, while all of that can perhaps be called "harmful content," the problem is how vague the phrase is. How far beyond such categories of more uncontroversially "harmful" content might it extend? It does a tiny bit of harm if someone tells a small lie; is that "harmful content"? Who knows? What if someone shares a conservative meme? That's sure to seem harmful to a large minority of the population. Is that a target? Why not progressive memes, then? Tech thought leaders like Kara Swisher would ban Ben Shapiro from YouTube, if she could; no doubt she finds Shapiro deeply harmful. Is he fair game? How about "hateful" atheist criticisms of Christianity—surely that's OK? But how about similarly "hateful" atheist criticisms of Islam? Is the one, but not the other, "harmful content"?

This isn't just a throwaway rhetorical point. It's deeply important to think about and get right, if we're going to use such loaded phrases as "harmful content" seriously, unironically, and especially if there is policymaking involved.

The problem is that the sorts of people who use phrases like "harmful content" constantly dodge these important questions. We can't trust them. We don't know how far they would go, if given a chance. Indeed, anyone with much experience debating can recognize instantly that the reason someone would use this sort of squishy phraseology is precisely because it is vague. Its vagueness enables the motte-and-bailey strategy: there's an easily-defended "motte" (tower keep) of literally harmful, illegal speech, on the one hand, but the partisans using this strategy really want to do their fighting in the "bailey" (courtyard) which is riskier but offers potential gains. Calling them both "harmful content" enables them to dishonestly advance repressive policies under a false cover.

"Hate speech" functions in a similar way. Here the motte is appallingly, strongly, openly bigoted speech, which virtually everyone would agree is awful. But we've heard more and more about hate speech in recent years because of the speech in the bailey that is under attack: traditional conservative and libertarian positions and speakers that enfuriate progressives. Radicals call them "racists" and their speech "hate speech," but without any substantiation.

It immediately raises a red flag when one of the most powerful men in the world blithely uses such phraseology without so much as a nod to its vagueness. Indeed, it is unacceptably vague.

Concern #2: Elections integrity

The reason we are supposed to be concerned about "elections integrity," as one has heard ad nauseam from mainstream media sources in the last couple years, is that Russia caused Trump to be elected by manipulating social media. This always struck me as being a bizarre claim. It is a widely-accepted fact that some Russians thought it was a good use of a few million dollars to inject even more noise (not all of it in Trump's favor) into the 2016 election by starting political groups and spreading political memes. I never found this particularly alarming, because I know how the Internet works: everybody is trying to persuade everybody, and a few million dollars from cash-strapped Russians is really obviously no more than shouting in the wind. What is the serious, fair-minded case that it even could have had any effect on the election? Are they so diabolically effective at propaganda to influence elections that, with a small budget, they can actually throw it one way or another? And if so, don't you think that people with similar magically effective knowhow would be on the payroll of the two most powerful political parties in the world?

Concern #3: Privacy

As to privacy—one of my hobby horses of late—Zuckerberg's concern is mainly one of self-preservation. After all, this is the guy who admitted that he called you and me, who trusted him with so much of our personal information, "dumb f--ks" for doing so. This is a guy who has built his business by selling your privacy to the highest bidder, without proposing any new business model. (Maybe they can make enough through kickbacks from the NSA, which must appreciate how Facebook acts as an unencrypted mass surveillance arm.)

Mark Zuckerberg has absolutely no credibility on this issue, even when describing his company's own plans.

He came out last month with what he doubtless wanted to appear to be a "come-to-Jesus moment" about privacy, saying that Facebook will develop the ultimate privacy app: secret, secured private chatting! Oh, joy! Just what I was missing (um?) and always wanted! But even that little bit (which is a very little bit) was too much to hope for: he said that maybe Facebook wouldn't allow total, strong, end-to-end encryption, because that would mean they couldn't "work with law enforcement."

The fact, as we'll see, that he wants the government to set privacy rules means that he still doesn't care about your privacy, for all his protestations.

Zuckerberg's declared motives are dodgy-to-laughable. But given his recommendation—that the government start systematically regulating the Internet—you shouldn't have expected anything different.

2. Mark Zuckerberg wants the government to censor you, so he doesn't have to.

Zuckerberg wants to regulate the Internet

In his previous missive, Zuckerberg gave some lame, half-hearted ideas about what Facebook itself would do to shore up Facebook's poor reputation for information privacy and security. Not so this time. This time, he wants government to take action: "I believe we need a more active role for governments and regulators." But remember, American law strives for fairness, so these wouldn't be special regulations just for Facebook. They would be regulations for the entire Internet.

"From what I've learned," Zuckerberg declares, "I believe we need new regulation in four areas: harmful content, election integrity, privacy and data portability."

When Zuckerberg calls for regulation of the Internet, he doesn't discuss hardware—servers and routers and fiber-optic cables, etc. He means content on the Internet. When it comes to "harmful content and election integrity," he clearly means some harmful and spurious content that has appeared on, e.g., Facebook. When he talks about "privacy and data portability," he means the privacy and portability of your content.

So let's not mince words: to regulate the Internet in these four areas is tantamount to regulating content, i.e., expression of ideas. That suggests, of course, that we should be on our guard against First Amendment violations. It is one thing for Facebook to remove (just for example) videos from conservative commentators like black female Trump supporters Diamond and Silk, which Facebook moderators called "unsafe." It's quite another thing for the federal government to do such a thing.

Zuckerberg wants actual government censorship

Now, before you accuse me of misrepresenting Zuckerberg, look at what his article says. It says, "I believe we need a more active role for governments and regulators," and in "four areas" in particular. The first-listed area is "harmful content." So Zuckerberg isn't saying, here, that it is Facebook that needs to shore up its defenses against harmful content. Rather, he is saying, here, that governments and regulators need to take action on harmful content. "That means deciding what counts as terrorist propaganda, hate speech and more." And more.

He even brags that Facebook is "working with governments, including French officials, on ensuring the effectiveness of content review systems." Oh, no doubt government officials will be only too happy to "ensure" that "content review systems" are "effective."

Now, in the United States, terrorist propaganda is already arguably against the law, although some regret that free speech concerns are keeping us from going far enough. Even there, we are right to move slowly and carefully, because a too-broad definition of "terrorist propaganda" might well put principled, honest, and nonviolent left- and right-wing opinionizing in the crosshairs of politically-motivated prosecutors.

But "deciding what counts as...hate speech" is a matter for U.S. law? Perhaps Zuckerberg should have finished his degree at Harvard, because he seems not to have learned that hate speech is unregulated under U.S. law, because of a little thing called the First Amendment to the U.S. Constitution. As recently as 2017, the Supreme Court unanimously struck down a "disparagement clause" in patent law which had said that trademarks may not "disparage...or bring...into contemp[t] or disrepute" any "persons, living or dead." This is widely regarded as demonstrating that there is no hate speech exception to the First Amendment. As the opinion says,

Speech that demeans on the basis of race, ethnicity, gender, religion, age, disability, or any other similar ground is hateful; but the proudest boast of our free speech jurisprudence is that we protect the freedom to express “the thought that we hate.” 

The trouble with the phrase "hate speech" lies in both the ambiguity and the vagueness of the word "hate" itself. "Hate speech" in its core sense (this is the motte) is speech that is motivated by the speaker's own bigoted hatred, but in an ancillary sense (this is the bailey), it means speech that we hate, because in our possibly incorrect opinion we think it is motivated by bigotry (but maybe it isn't). The phrase "hate speech" is also vague and useless because hate comes in degrees, with shifting objects. If I am irritated by Albanians and very mildly diss them, am I guilty of hate speech? Maybe. Jews? Almost certainly. What about white male southerners? Well, what's the answer there? And what if I really strongly hate a group that it is popular to hate, e.g., rapists?

There's much more to be said about this phrase, but here's the point. If government and regulators took Zuckerberg's call for hate speech legislation to heart, what rules would they use? Wouldn't they, quite naturally, shift according to political and religious sentiments? Wouldn't such regulations become a dangerous political football? Would there be any way to ensure it applies fairly across groups—bearing in mind that there is also a Fourteenth Amendment that legally requires such fairness? Surely we don't want the U.S. legal system subject to the same sort of spectacle that besets Canada and the U.K., in which people are prosecuted for criticizing some groups, while very similar criticism of other, unprotected groups goes unpunished?

But precisely that is, presumably, what Zuckerberg wants to happen. He doesn't want to be responsible for shutting down the likes of Diamond and Silk, or Ben Shapiro. That, he has discovered, is an extremely unpopular move; but he's deeply concerned about hate speech; so he would much rather the government do it.

If you want to say I'm not being fair to Zuckerberg or to those who want hate speech laws in the U.S., that of course you wouldn't dream of shutting down mainstream conservatives like this, I point you back to the motte and bailey. We, staunch defenders of free speech, can't trust you. We know about motte and bailey tactics. We know that, if not you, then plenty of your left-wing allies in government and media—who knows, maybe Kara Swisher—would advocate for government shutting down Ben Shapiro. That would be a win. The strategy is clear: find the edgiest thing he has said, label it "hate speech," and use it to argue that he poses a danger to others on the platform, so he should be deplatformed. Or just make an example of a few others like him. That might be enough for the much-desired chilling effect.

Even if you were to come out with an admirably clear and limited definition of "hate speech," which does not include mainstream conservatives and which would include some "hateful," extreme left-wing speech, that wouldn't help much. If the government adopted such "reasonable" regulations, it would be cold comfort. Once the cow has left the barn, once any hate speech law is passed, it's all too easy for someone to make subtle redefinitions of key terms to allow for viewpoint censorship. Then it's only a matter of time.

It's sad that it has come to this—that one of the most powerful Americans in the world suggests that we use the awesome power of law and government to regulate speech, to shut down "hate speech," a fundamentally obscure weasel word that can, ultimately, be used to shut down any speech we dislike—which after all is why the word is used. It's sad not only that this is what he has suggested, but that I have to point it out, and that it seems transgressive to, well, defend free speech. But very well then, I'll be transgressive; I'd say that those who agree with me now have an obligation to be transgressive in just this way.

We can only hope that, with Facebook executives heading for the exits and Facebook widely criticized, Zuckerberg's entirely wrongheaded call for (more) censorship will be ignored by federal and state governments. Don't count on it, though.

But maybe, censorship should be privatized

Facebook is also, Zuckerberg says, "creating an independent body so people can appeal our decisions." This is probably a legal ploy to avoid taking responsibility for censorship decisions, which would make it possible to regulate Facebook as a publisher, not just a platform. Of course, if the DMCA were replaced by some new regulatory framework, then Facebook might not have to give up control, because under the new framework, viewpoint censorship might not make them into publishers.

Of course, whether in the hands of a super-powerful central committee such as Zuckerberg is building, a giant corporation, or the government, we can expect censorship decisions to be highly politicized, to create an elite of censors and rank-and-file thought police to keep us plebs in line. Just imagine if all of the many conservative pages and individuals temporarily blocked or permanently banned by Facebook had to satisfy some third party tribunal.

One idea is for third-party bodies [i.e., not just one for Facebook] to set standards governing the distribution of harmful content and measure companies against those standards. Regulation could set baselines for what's prohibited and require companies to build systems for keeping harmful content to a bare minimum.

Facebook already publishes transparency reports on how effectively we're removing harmful content. I believe every major Internet service should do this quarterly, because it's just as important as financial reporting. Once we understand the prevalence of harmful content, we can see which companies are improving and where we should set the baselines.

There's a word for such "third-party bodies": censors.

The wording is stunning. He's concerned about "the distribution" of content and wants judged "measured" against some "standards." He wants content he disapproves of not just blocked, but kept to a "bare minimum." He wants to be "effective" in "removing harmful content." He really wants to "understand the prevalence of harmful content."

This is not the language that someone who genuinely cares about "the freedom for people to express themselves" would use.

3. The rest of the document

I'm going to cover the rest of the document much more briefly, because it's less important.

Zuckerberg favors regulations to create "common standards for verifying political actors," i.e., if you want to engage in political activity, you'll have to register with Facebook. This is all very vague, though. What behavior, exactly, is going to be caught in the net that's being weaved here? Zuckerberg worries that "divisive political issues" are the target of "attempted interference." Well, yes—well spotted there, political issues sure can be divisive! But it isn't their divisiveness that Facebook or other platforms should try to regulate; it is the "interference" by foreign government actors. What that means precisely, I really wonder.

Zuckerberg's third point is that we need a "globally harmonized framework" for "effective privacy and data protection." Well, that's music to my ears. But it's certainly rich, the very notion that the world's biggest violator of privacy, indeed the guy whose violations are perhaps the single biggest cause of widespread concern about privacy, wants privacy rights protected.

He wants privacy rights protected the way he wants free speech protected. I wouldn't believe him.

Zuckerberg's final point is another that you might think would make me happy: "regulation should guarantee the principle of data portability."

Well. No. Code should guarantee data portability. Regulation shouldn't guarantee any such thing. I don't trust governments, in the pockets of "experts" in the pay of giant corporations, to settle the rules according to which data is "portable." They might, just for instance, write the rules in such a way that gives governments a back door into what should be entirely private data.

Beware social media giants bearing gifts.

And portability, while nice, is not the point. Of course Zuckerberg is OK with the portability of data, i.e., allowing people to more easily move it from one vendor to another. But that's a technical detail of convenience. What matters, rather, is whether I own my data and serve it myself to my subscribers, according to rules that I and they mutually agree on.

But that is something that Zuckerberg specifically can't agree to, because he's already told you that he wants "hate speech and more" to be regulated. By the government or by third party censors.

You can't have it both ways, Zuckerberg. Which is it going to be: data ownership that protects unfettered free speech, or censorship that ultimately forbids data ownership?


Is Western civilization collapsing?

A perennial topic for me (and many of us) is the notion that there is a deep malaise in Western civilization. There are, it seems to me, three main camps on the question, "Is Western civilization collapsing?"

1. The conservative position. "Yes. And it's a horrible thing. For one thing, elites have basically stopped reproducing. They're inviting people from foreign cultures into their countries, and they're reproducing faster than their elites. The result will be an inevitable cultural replacement after a few generations, although probably not before we go through a period of bloody civil wars. And Western traditions are not being passed down. We are becoming less Christian every year. Our universities are teaching less and less of the classics of Western civilization. Though they spend longer in school, our graduates are more ignorant of their cultural roots. We have no desire to create beauty any longer. We have nothing, really, to live for. Our heart is simply not in it any longer; we're in the death throes of this civilization."

2. The postmodern position. "Are you really even asking this question? So you think Western civilization is 'collapsing'? Well, maybe it is. If so, good! But if we're going to be honest with ourselves, we should recognize that there is much about Western civilization that deserves to die, and the sooner the better. What will replace it? Who knows? Who cares? But you must be a racist Islamophobe if you think it will be Islamic. But probably, you're just an idiot because there is no reason to think Western civilization is 'collapsing.' It might be, however, transforming, and into something better, something more tolerant, open, and multi-cultural."

3. The optimistic position. "Oh, not this again. Haven't you read Steven Pinker's Enlightenment Now? Look, almost all the metrics look better than they've ever been. People always think we're on the brink of disaster even when things are awesome. The world is better educated than it's ever been. People in third world countries are moving into the modern world. Look at the Internet! Look at technology! Look at all the entrepreneurship and discovery that is happening every day! How on earth can you fail to recognize that, far from being in our death throes, we are ramping up a new global civilization with, perhaps, some new values, but which enjoys radically transformative changes for the better every year."


Here are a few notes to put these into perspective. The conservative position is a position about the health of traditional Western values and culture. It takes the view that these values and culture should be preserved, that they aren't being preserved, and that Westerners therefore are living increasingly meaningless lives.

The postmodern position is a primarily a reaction to the conservative position. It denies that there is a problem worth solving because Western values and culture are better off dead and buried.

The optimistic position certainly appears to be about another topic altogether, i.e., not about the health of traditional Western values and culture, although it pretends to be responding to conservative worry. It equates "civilization" not so much with Western traditions and values, precisely, as with the sort of globalist system of capitalist economies and the largely Western-derived education and culture that has sprouted and flowered in the 20th and especially the 21st centuries. You can see it in most of the big cities of the world. The success of this civilization is not to be evaluated (on this view) by some subjective measures of morality, or religion of course, or using sociological metrics that go proxy for these, but instead by more objective measures of well-being such as GDP, literacy rates, and longevity rates.


These positions interact in interesting ways.

  • A very strong case can be made that it is precisely certain Western traditions (democracy, industrialism, free enterprise, science, etc.) that have enabled the global success celebrated by the optimistic position.
  • The postmodern position is, too, absolutely rooted in some Western values (such as cultural tolerance and Christian charity).
  • And the optimistic position is widely (and in my opinion rightly) regarded as too optimistic; almost all of us detect some manner of deep moral malaise in Western civilization (such as dangerous populist racism, on the one hand, or the dangerous weakening of Christian values, on the other), even if we don't necessarily think of it as threatening civilization itself, and the happy talk does not do this justice.
  • And the postmodern position is surely right to suggest that Western civilization has undergone and is likely to continue to undergo radical transformations that have made the Western roots of American and European societies look positively foreign. But does that mean the collapse of civilization, or its transformation?
  • And if it is transforming and not collapsing, is that unequivocally a good thing?
  • Are important values, that conservatives perhaps talk about more than progressives, being lost? Put aside your political differences and ask yourself: might that be important? And what consequences might that have for the new global order?
  • Is it true that there must be some transcendent purpose and deep values that undergird our lives, or else (as conservatives suggest) civilization, that will cause not merely its transformation but its wholesale replacement with some other civilization that does celebrate some transcendent purpose? And if that's true, what values would replace Western ones?
  • Could something like progressivism itself constitute a global value system?
  • We already know that any such progressive value system largely conflict with traditional Christianity and some other Western values, but doesn't it also conflict with Islam?

I don't suggest any conclusion now. I just thought that contextualizing the debate would be interesting.