The Web Needs Your Help
Stop rewarding companies that break our trust. Start by picking one thing from my suggestions to work on.
The web as we use it today is bad. It's a dark, nebulous cloud of advertising technology, design philosophy, and social engineering practices meant to extract money and/or time from everyone who uses it.
And as they say: "...time is money..."
Bad actors are allowed to thrive, partly because said activity is billable. Law enforcement is generally untrained (or unwilling) to help victims of digital harassment and online scams. Our political representatives are more interested in the favor of the corporations that fund their campaigns, rather than the voters who elect them — and the highest courts in the land have said that money is protected speech and bribery isn't bribery when it's a gratuity for a job well done.
Everything Is Super Secure (Wink, Wink)
Companies based in the USA can be compelled to provide data on it's users whenever the government decides it's needed (something we collectively criticize other nations for, a la China?) Almost everything you send in digital communications is proxied through a corporate or government filter (email, SMS, phones, apps, searches, websites, etc.) - all the while the activity is added to your data profile that is routinely bought and sold by corporations and nation-states. (Yet, TikTok is somehow the only problem.)
There's also all those recurring data-breaches to worry about...like this one. Or this one. Or any of these.
But at least snail mail is safe, right? Well...you know how the United States Postal Service (USPS) offers Informed Delivery - meaning, they are scanning all of y(our) mail? If a bunch of random open-source coders can read the text from ancient scrolls, what do you think the government can gleam from scanning our mail? (he says speculatively, while wearing a tin-foil hat.)
Assume anything sent physically or digitally is capable of being read by corporate and/or government interests unless sufficiently encrypted before being sent - even then, it's just a matter of time.
Storage density is sufficiently available (and affordable) for Harvest Now, Decrypt Later (HNDL) attacks by government and large corporations - where your encrypted communications are saved until the cryptography that powers it is broken by mathematicians, data analysts, or quantum computing methods.
Use Protection
The numbers suggest that most people are out here raw-dogging it on the internet - i.e., you aren't using basic protection in the form of ad-blockers.
Sex is (arguably?) better without protection (recommended for committed relationships only), but the internet is measurably better with protection. I promise. I'm not lying to you. Use an ad-blocker and stop unwantedSTDsadvertisements.
It's a whole new experience when you aren't being over-stimulated and constantly bombarded with things we unfortunately consider normal, like:
- fly-by's,
- pop-ups,
- slide-ins,
- referrals,
- affiliates,
- paywalls,
- exit-intents,
- scroll-overs,
- floating-bars,
- fake followers,
- cookie-notices,
- delayed pop-ins,
- slanted-surveys,
- fake alert-icons,
- location-requests,
- notification dings,
- welcome-banners,
- countdown-timers,
- hover-over popups,
- auto-playing media,
- gamification of sales,
- ad-blocker-blockers,
- FOMO manipulation,
- influencer promotions,
- not-ready AI chatbots,
- intrusive chat requests,
- attention-optimizations,
- server-embedded video ads,
- ratio and activity manipulation
- CAPTCHA and human/robot tests,
- give-private-info-to-download thing forms,
...and all of that on-top of the normal tracking ad-tech and the inability for (bad) marketers to feel shame. Even the NSA thinks you should be blocking ads.
Another favorite of mine: required ads on video content that is shorter than the ad itself. A 30-second ad for a 7-second video? Yes, please!
Even our operating systems are getting harder to use offline, while purposefully pushing the envelope on what is considered an advertisement versus a recommendation. Oh what a world we've allowed to happen.
Artificially Intelligent
And if none of this was enough, the current generative AI ecosystem is moving extremely fast and it's incredibly difficult for average internet users to determine what content is genuine versus that which is manipulated, bot-created, impersonation, or outright deep-faked. Maybe there is some truth to the dead internet theory after all.
Seriously, you can deepfake someone from a picture in just a few minutes. Every piece you need to mimic someone online - voice cloning, deepfake live video, generative AI conversations - is available online.
Don't believe me? Here's a giant security awareness training company that hired a deep-fake (but not like, on purpose):
The AI companies aren't exactly being open anymore, either. Assume most commercial companies are either selling your data for AI training, or using that data for their own AI training. In any case, robust privacy laws aren't around when we need them.
The data that trained many of the closed LLMs (in-part) came from the public domain – shared freely on the web. Now that they have scraped it, they are going back and making content deals that again leave out the end-user from the equation. We will be served ads, and we will like it.
The Browser Wars: Everyone Lost
Hell, many of us (sadly, myself included) thought it was a good idea to have the quintessential ad-tech company develop the web-browser we all standardized on, while the primary alternative is also funded by the same quintessential ad-tech company.
I maintain that Internet Explorer (IE) was that bad and warranted death at any cost, but Chrome is filling that void with its backtracking on 3rd-party cookies and Manifest v3
To put it bluntly, our online footprint is fucked. We gave "big tech" our trust and they squandered it in the name of profits. Until we collectively take back control over our own digital livelihoods, we're not likely to make much of a dent in the monolith that is the current generation internet.
Time For A Metaphor: The Pendulum
My hope is that we are on a proverbial pendulum, and that we are starting our swing back towards equilibrium. My worry is that the equilibrium point is ever-moving towards new baselines that we won't recognize.
In keeping with the pendulum metaphor, gravity is the force that makes equilibrium happen. Without gravity, a pendulum will not swing it's way back towards the equilibrium point. We need to collectively become that force which causes our digital pendulum to swing back towards the web we grew up thinking we were creating.
I want the old internet back: the one that taught me how to share for the benefit of others, not the enrichment of myself. The one that helped create communities for the betterment of it's members, not the bottom-line of the corporation that happens to host it. The internet where open-source developers were credited and paid fairly for large corporations using their code (okay, this one never happened.) The internet that promoted honesty and sharing: the personal web.
Just think of the amount of resources spent over the past 30 years on delivering the optimal online shopping experience. Good thing Elon Musk solved world hunger years ago.
Crypto-currency still exists
One of the funniest things to me is that I haven't even mentioned cryptocurrency like Bitcoin or Ethereum, which typically illicit strong negative opinions on the power consumption and scams in surrounding ecosystems (see FTX.) At least (legitimate) cryptocurrency is mostly transparent, and rules-bound - the opposite of what traditional finance provides.
In any case, public-opinion appears to have stopped its Sauron's Eye-like gaze at crypto-mining power consumption because NVIDIA is suddenly making a bunch of already rich people richer (and consequently AI has consumed the environmental discussion.)
Becoming Gravity (remember the metaphor!)
So, how can we do better, you ask? Here's a small list of things you can do even if you aren't super technical-in-nature.
- Use Mozilla Firefox browser instead of Chrome or Edge
- Install an ad-block extension like uBlock Origin
- Donate to the EFF (Electronic Frontier Foundation)
- Donate to the Internet Archive (i.e., the Wayback Machine)
- Prefer offline, local, and/or small-business shopping
- Avoid social media unless it's people you know in real life
Like a pendulum, this set of recommendations may swing a bit over time, especially my preferred browser for overall privacy and usability tradeoffs.
More options for fighting back
Are you technically literate and want to do even more? Here are some ideas for you – ranging from standard usage all the way to developer/engineer/hacker-level shit.
Remember, doing everything at once is extremely hard, and some services we have come to love may require using big-tech solutions for optimal usability (looking at you, YouTube, Android Auto/Apple Car Play, and Google Maps.)
- Start using Signal Messenger instead of SMS messages, as your SMS/MMS/RCS messages aren't private.
- Go full geek and use LibreWolf or even LadyBird browser(s)
- Use federated social media like Mastodon (twitter), Lemmy (reddit), PixelFeed (instagram), PeerTube (youtube), and Matrix (discord)
- Use privacy focused VPN providers, like Mullvad or Proton
- Stop doing business on sites that block VPNs (good luck)
- Use and contribute to the Open Street Map project
- De-Google yourself as much as possible (GrapheneOS for the hard-core)
- Run your own open-source infrastructure (Velid, NextCloud, Immich, Ghost, etc.)
- Request your data be removed from data-brokers
- Setup a deep-fake code word or reject any requests not made in person
- RSS is back - grab your favorite feed reader (I like Feeder by NoNonsenseApps) and start re-creating your favorite blog feeds
- Use Forgejo for your software development repositories instead of Github
- Encrypt data locally before uploading to cloud storage like Drive, OneDrive, etc.
- Developers: create software that enables E2EE with end-user managed keys
- Developers: consider using alternative licensing (such as FSL?) for your software projects
- Stop hiding security behind pay-walls - i.e., don't strive to land on https://sso.tax/
- Lobby your representatives for comprehensive data privacy laws in the US (for consumers, not companies...in case that wasn't clear.)
Recommendations are subject to change based on the level and depth of enshittification that will inevitably penetrate many of these projects and concepts
The biggest thing you can do?
Talk to others about these things. Try them out yourselves. FINANCIALLY SUPPORT THE PROJECTS YOU WANT TO WIN. Help create the competition that makes everything else better as a result.
It's really hard not to go into a rant about how the fiduciary duty to shareholders needs to be reigned in so capitalism isn't so fucking feudal. I'm already thinking of how the pendulum metaphor applies to capitalism, too.
If you're a business owner, my opinion is to consider ESOP for your businesses and avoid going public. Shareholders rewarding terrible business practices because it made them money is a choice we have to actively avoid. Good luck.
Honestly, does it even matter?
Lots of things have to happen to make the internet better, not the least of which is the need for massive support for digital privacy laws. We have to take action by telling our family, friends, peers, and representatives that this is something that matters to us, and why it should matter to them.
For some of us, the convenience is fine. For others, privacy is more important. But I believe the choice should be up to the individual on how their digital identity is handled. Let's create a world where that control doesn't resemble Idiocracy.
Enshittification!
Check out this talk from DEF CON 31 that describes the concept of enshittification that really brings the problems into focus in a concrete, relatable way (to me, anyhow.)
As a side note, I wrote this post because the DEF CON 32 theme "We Engage" resonated heavily, and putting my thoughts on paper is the first step for me to figure out what my next steps are in support of a better internet.