Self-control isn't merely a matter of eliminating your own weaknesses. Self control is primarily about compensating for those weaknesses. When you go on a diet, you don't just commit yourself to eating well - you also throw away the Oreos so you won't be tempted.
1/
1/
This manoeuvre has a name: a Ulysses Pact, named for the passage in the Odyssey in which Ulysses pilots his ship through the sirens' sea, eschewing wax-stoppered ears so that he could hear their song, protecting himself by lashing himself to the mast.
2/
2/
Ulysses knew he would face a moment of weakness in the future, so he used his strength in the moment to guard against his future self.
Tech was built on a Ulysses Pact: the irrevocable free software license: once a hacker applies the GPL, they can't unchoose it.
3/
Tech was built on a Ulysses Pact: the irrevocable free software license: once a hacker applies the GPL, they can't unchoose it.
3/
No pressure from investors, not even the risk of bankruptcy or physical coercion can remove a free software license once it has been applied.
A Ulysses Pact is an act of humility, an admission of frailty. Alas, humility is in short supply in tech (the GPL is an exception).
4/
A Ulysses Pact is an act of humility, an admission of frailty. Alas, humility is in short supply in tech (the GPL is an exception).
4/
Far more common is to build systems that can be abused, and assume that you - and your successors, collaborators, and underlings - will never yield to temptation.
5/
5/
Think of when the @W3C incorporated #DRM into browser standards, sure that none of its members would use this to exclude future rivals, only to be proven wrong a mere three years later, when @Google blocked all free/open entrants into the field.
https://memex.craphound.com/2020/01/08/three-years-after-the-w3c-approved-a-drm-standard-its-no-longer-possible-to-make-a-functional-indie-browser/
6/
https://memex.craphound.com/2020/01/08/three-years-after-the-w3c-approved-a-drm-standard-its-no-longer-possible-to-make-a-functional-indie-browser/
6/
Or when @Apple arrogated to itself the power to decide which software you can run on your phones and tablets, only to have the Chinese state order it to block working privacy tools to facilitate a system of violent, totalitarian control.
https://locusmag.com/2021/01/cory-doctorow-neofeudalism-and-the-digital-manor/
7/
https://locusmag.com/2021/01/cory-doctorow-neofeudalism-and-the-digital-manor/
7/
As Pavel Chekov counselled us all those years ago on the Desliu lot, a phaser on the bulkhead in act one will go off by act three.
Back in 2015, we bought - and then returned - a @canary security camera. We'd just immigrated to the US and were feeling a little nervous.
8/
Back in 2015, we bought - and then returned - a @canary security camera. We'd just immigrated to the US and were feeling a little nervous.
8/
I was suspicious of this gadget. Though I wasn't technically capable of auditing its software, I WAS able to read its privacy policy, in which they promised not to share footage from your home unless ordered to do so.
https://arstechnica.com/gadgets/2016/09/canary-debuts-flex-cam-suited-for-your-living-room-and-your-lawn/?comments=1&post=31916515
9/
https://arstechnica.com/gadgets/2016/09/canary-debuts-flex-cam-suited-for-your-living-room-and-your-lawn/?comments=1&post=31916515
9/
I suspected that meant that Canary didn't employ end-to-end encryption, meaning that company insiders could peek at that footage, and the only thing preventing such peeking was policy and integrity, not that such a thing was impossible.
10/
10/
I wrote to the company and they confirmed that this was so, explaining that having access to cleartext video streams helped them use ML models that could distinguish between intruders and pets, and promising that they carefully vetted people with access to the footage.
11/
11/
That is a system of protection that works well, but fails badly. A single coding error, a single HR error, a single spy or cop who obtains a warrant or gets an oppressive state legislature to pass a law requiring access, and the system fails...badly.
12/
12/
So far as I know, Canary hasn't had such a breach...yet. But @ADT - an industry leader whose major investor is @Google - did. An ADT technician named Telesforo Aviles admitted to spying on at least 200 ADT customers.
https://gizmodo.com/a-home-security-worker-hacked-into-surveillance-systems-1846111569
13/
https://gizmodo.com/a-home-security-worker-hacked-into-surveillance-systems-1846111569
13/
Aviles wanted to spy on attractive women in order to see them in naked and having sex. ADT's system was designed to allow this; the primary means by which it was prevented was vetting staff - a process that is obviously too imperfect to trust in a high-stakes environment.
14/
14/
When ADT discovered this was happening, they tried to cover it up, offering laughable cash payments to survivors of Aviles's spying in exchange for confidentiality.
https://nypost.com/2020/05/19/adt-worker-accused-of-using-app-to-spy-on-people-for-7-years/
15/
https://nypost.com/2020/05/19/adt-worker-accused-of-using-app-to-spy-on-people-for-7-years/
15/
Doubtless certain technical aspects of the administration of ADT's security system were made simpler by choosing to create a system that was vulnerable to insider attacks. But by making this tradeoff, ADT demonstrated its unfitness to be in this market.
16/
16/
Maturity, after all, isn't about resisting temptation - it's about recognizing your own fallibility and taking measures to limit it. Exposing millions of customers to insider attacks on the obviously false belief that you will never hire the wrong person is unforgivable.
eof/
eof/