Updated 17 January 2021

Every few weeks or so, someone white dude suggests that the way to solve all of our online problems is to require users to submit ID verification and use their “real names,” ignoring years of research and commentary.

This is what I like to call the White Man’s Gambit. I’ve advocated in favor of the right to online anonymity and/or pseudonymity for many years, but no need to take it from me; there is loads of research and advocacy out there from a diversity of groups and individuals. This page will seek to compile that research (as always, DM me on Twitter if you have something to add).

Academic and other research

• The Coral Project’s foundational work on the “real name fallacy,” demonstrating that the use of “real” names does not inherently result in civil discourse.
• Emily van der Nagel’s research on the linking of identities and bodies on NSFW Reddit.
• Also from van der Nagel: “Alts and Automediality: Compartmentalising the Self through Multiple Social Media Profiles”
• Research from the Queensland Department of the Premier and Cabinet on social media and identity verification (link downloads Word doc)
• “Constructing and enforcing ‘authentic’ identity online: Facebook, real names, and non-normative identities” by Oliver L. Haimson and Anna Lauren Hoffmann
• “Trustworthiness and truth: The epistemic pitfalls of internet accountability” by Karen Frost Arnold
• “What do we know and what should we do about internet privacy” by Paul Bernal
• “The Adobe Content Authenticity Initiative approach to authenticity infrastructure against media manipulation” from Witness
• “Ethics for Cyborgs: On Real Harassment in an Unreal Place” by Katherine Cross

Advocacy, popular media, and other expertise

• Realnames.online is an excellent resource on the topic of identity verification
• Geek Feminism Wiki maintains several excellent pages related to the subject
• An important comment from an early Facebook moderator
• “Facebook’s ‘Real Name’ Policy Can Cause Real-World Harm for the LGBTQ Community” (2014) by Jillian C. York and Dia Kayyali
• EFF’s 2015 open coalition letter to Facebook urging them to change their policy.
• “Changes to Facebook’s “Real Names” Policy Still Don’t Fix the Problem” by Eva Galperin and Wafa Ben Hassine (2015)
• “Korean internet identity verification rule struck down unconstitutional; 13 highlights of the judgment” (2012)
• “One Name to Rule Them All: Facebook’s Identity Problem” by Jessa Lingel and Tarleton Gillespie (2014)
• “Pornhub Is Just the Latest Example of the Move Toward a Verified Internet” by Robyn Caplan
• “True Names and Identity on the Internet” by Andrew Conway
• “Real Names Chill Free Speech” by Paul Bernal
• “Tracing trust: Why we must build authenticity infrastructure that works for all” by Sam Gregory
• “Human Rights Video, Privacy and Visual Anonymity in the Facebook Age” by Sam Gregory
• “Nymwars! Part 3 of Google+ and Diversity” by Jon Pincus
• “Why Gaming Culture Allows Abuse…And How We Can Stop It” by Katherine Cross
• “‘Real Names’ Policies are an Abuse of Power” by danah boyd
• “OKCupid’s New Real Name Policy is Dumb” by Kate Conger

A bare-chested, wild-eyed white man in bearskin furs and a horned helmet stood at the podium of the Senate chambers, his fists raised in triumph, as fellow Trump-supporting rioters laid waste to the Capitol. The man, a QAnon cultist from Phoenix named Jacob Anthony Chansley, who goes by the name Jake Angeli, has since been […]

Since Twitter and Facebook banned Donald Trump and began “purging” QAnon conspiracists, a segment of the chattering class has been making all sorts of wild proclamations about this “precedent-setting” event. As such, I thought I’d set the record straight.

To my fellow content moderation/platform regulation experts reading this: I am taking submissions! Hit me up on Twitter (DMs are open) at @jilliancyork.

1. “Deplatforming Trump sets a precedent”

Deplatforming Donald Trump, a sitting US president, sets a dangerous precedent.

It has less to do with his views and more to do with intolerance for a differing point. Ironically, those who claim to champion free speech are celebrating.

Big tech firms are now the new oligarchs.

— Amit Malviya (@amitmalviya) January 9, 2021

First of all, the only “precedent” set here is that this is indeed the first time a sitting US president has been deplatformed by a tech company. I suppose that if your entire worldview is what happens in the United States, you might be surprised. But were you took outside that narrow lens, you would see that Facebook has booted off Lebanese politicians, Burmese generals, and even other right-wing US politicians…nevermind the millions of others who have been booted by these platforms, often without cause, often while engaging in protected speech under any definition.

2020 alone saw the (wrongful, even in light of platform policies) deplatforming of hundreds, perhaps thousands of people using terms related to Iran (including a Los Angeles-based crafter’s “Persian dolls” by Etsy) in an overzealous effort by companies to comply with sanctions; the booting of Palestinian speakers from Zoom on incorrectly-analyzed legal grounds; the deplatforming by Twitter of dozens of leftist Jews and Palestinians for clapping back at harassers, and so much more.

2. “This is the biggest online purge in history!”

I’ve lost over 15,000 followers today – insane how many accounts are getting terminated in the largest online purge in history

— ELIJAH SCHAFFER (@ElijahSchaffer) January 9, 2021

Twitter has been purging accounts of QAnon conspiracists and other right-wing accounts over the past week or more. Many of these accounts engage in dangerous rhetoric, including encouragement of violent insurrection against a democratically elected government. It is indeed interesting, particularly when one compares it to the company’s inaction against similar rhetoric in India and elsewhere. But what it isn’t is the “largest online purge in history”—not by a long shot. I would suggest that that occurred two years ago, when Twitter kicked off more than a million alleged ISIS accounts with zero transparency and the “freeze peach” galaxy brains didn’t blink.

3. “AWS kicking Parler off its servers is a step too far/is unprecedented/marks new territory in the digital rights debate”

Companies like Amazon should either get out of the hosting business, or remain agnostic about what their customers use their services for. As a very long term user, all the way back to the beginning of S3, their move today is disturbing and unacceptable.

— dave@scripting.com (@davewiner) January 10, 2021

To be completely fair, I am of the belief that infrastructure companies play a different role than platforms designed to host user speech/user-generated content, and that decisions like this should not be taken lightly. But let’s not pretend it hasn’t happened before (to be fair, Dave Winer is not doing that, and he is quite aware of the company’s history on these matters). In 2010, AWS famously booted WikiLeaks after no more than concern from the State Department—that is, WikiLeaks hadn’t been charged with anything—kicking off a series of deplatformings of the group. But WikiLeaks is not the only example here: Sanctions—or at least some legal interpretations of them—have meant that ordinary folks from countries like Iran can’t use AWS freely either. Last January saw a massive purge of Iranian users from various platforms, likely instigated by the Department of Treasury (though thus far, we have no proof of that). Some might suggest that this is a legal requirement of Amazon, but as GitHub demonstrated this week, there are indeed workarounds for companies that care enough about internet freedom.

4. “This is communism!”

Uh no, this is capitalism. Platforms have this much power because unbridled American capitalism is what y’all wanted. It is also not “Orwellian,” I can assure you.

5. “The Google Play store/Apple store booting Parler sets new precedent.”

Uh actually, no it doesn’t. Does anyone remember that Apple forced Tumblr’s hand hardly two years ago by threatening to kick it out of the App store if it didn’t do something about the child sexual abuse imagery it was unknowingly hosting, resulting in a near-total ban on nudity and sexual content on the site? Anyone?

5. “Twitter won’t let you hashtag #1984”

Twitter won’t let you hashtag #1984, a dystopian novel about an evil Big Tech government that spies on everyone, censors and manipulates speech, punishes wrong-thought, and tortures dissidents for sport.

There’s Orwellian, and then there’s banning references to Orwell Orwellian.

— Sean Davis (@seanmdav) January 9, 2021

Twitter has never allowed number-based hashtags, next?

Got more examples? Shoot them to me on Twitter.

A couple of pieces of mine are featured in Human Rights Foundation's ART IN PROTEST online exhibition, namely:

While I appreciate the foundation's efforts to highlight the work of artists attempting to speak truth to power, I must say I am rather astonished that in their survey of “A Year In Global Protest Art” as indicated on their website, their list of 15 countries represents every continent on Earth except three: Europe, North America, and Australia—which I find wholly appalling.

This is, after all, 2020; the year in which the Black Lives Matter movement was revived with vigor in the wake of George Floyd's murder by police and sparked protests of unprecedented mass in almost every metropolitan city across the United States, inspiring similar solidarity protests across the entire planet! Neglecting Europe discounts the plight of Polish women fighting for abortion rights and the over 100 protests in France critical of the country's new security bill. And what of the protests staged by Aboriginal Australians? Who only demand the end of their murder at the hands of Europe's colonial descendants.

This very obviously non-accidental oversight shows how the “Human Rights Foundation” view on human rights is a completely politicized and racialized one wherein violators of human rights can only ever be governments helmed by “brown, black, and yellow people” but never ever the righteous oh so civilized “whites”.

Despicable.

Happy fucking new year.

#Journal #Work

Metablogging is the most (self-)indulgent form of blogging—a bit of (self-demonstrating/self-performing) wisdom that was already a well-worn cliche when Technorati was still a thing that people cared about. But we are products of our milieu, are we not?

Adam Kotsko would agree, I think—and this reflective bit of his from earlier this week flipped me into a similarly reflective mode at this inevitably reflective time of year. Responding to WordPress’s recent hard push on the new post-composition UI, and his instinctive annoyance at a change he feels he neither wants nor needs, Kotsko wonders:

Why can’t I just move on? Why this attachment to an outdated publication model, such that a website redesign can quite sincerely ruin my afternoon? It’s because blogging isn’t just another tool to me. It was my way out. It allowed me to build up a social network and a reputation that I never could have achieved otherwise. I realize that a big part of this was the dumb luck of getting into blogging just slightly before it hit the bigtime, but it also reflects a lot of hard work and energy on my part…

I read that and got an instant hit of recognition. Our journeys have been pretty different, and we started at slightly different times and from very different places, but there’s nonetheless a good chunk of commonality in our experience based on our both having dived into the cresting wave of bloggage back when it felt like something that might take us somewhere. (Indeed, I recall being both admirous of and intimidated by Kotsko back in the day, because it felt like he was laying track way better than I was, and his rhetorical chops, then as now, were way out in front of my own.)

In both cases, blogging did take us somewhere—though in neither case did that happen in quite the way we initially thought it would:

For the better part of the 2000s, blogging was my life, and it has turned out to be the condition of possibility and condition of impossibility for the life that followed. People sometimes wonder how I am able to write so much, and the answer is basically that I have written a substantial amount every single day since I was in junior high. First it was comic books, then in high school I switched to journaling, and then in college I switched to writing for a personal website and subsequently blogs. It was the blog, though, that really shifted me into high gear because I knew each time that I was writing for a critical audience, who could respond to me immediately if they so chose. It was intimidating but also intimate — falsely so, in many ways, as I often found that unsympathetic readers found their way to my stuff without making themselves known, including influential people who based their conception of me on the tone of what amounted to a pub conversation among friends.

Back when I was still running Futurismic (and—largely unknowingly, due to my considerable political naivete at the time—turning it from an aspirant but very much second-tier libertarian-tech-and-sci-fi webzine to an enduringly second-tier but left-leaning contra-Panglossian critical-futures-and-sci-fi webzine) I spent maybe three or four hours reading RSS feeds and cranking out two or three posts every day, six days a week. During the period of my doing so, I made a total US$ sum of ad revenue in the mid-three-figure range, and I had to fight like hell—and engage in some minor attempts at public shaming—to actually get the cheque out of the cowboy operator who owed it me. All that work was effectively subsidized by the little bits of freelance writing and web development work that I managed to scrape up along the way. But I accepted that, because I saw it as my chance to do my apprenticeship in public and without a mentor or entry-level break, neither of which were forthcoming. I did my ten thousand hours as a writer—in fact, I probably did closer to twice that many. I learned to write in public.

As such, I also learned to argue in public, and in so doing I learned a style that has been both an advantage and a disadvantage in my subsequent academic career. (By way of example: my oft-lamented doctoral thesis, I realise with hindsight, might have had a much easier ride if I didn’t write and think like a blogger.) But at the same time, I wouldn’t have pushed into the thought-spaces that I pushed into if I hadn’t learned that novelty is what gets you noticed… and it was that knack for novelty, acquired in the trenches of the blogwars, that got me my make-or-break RA gig around the same time I started my Masters. I wrote myself into existence, in a way… flaws and all.

Well, selah. Much as Kotsko notes of his own dynamic, in a post from earlier in the year, I was a twenty-something blogbro with a selection of chips on my shoulder in a period when blogbro-dom was rewarded in ways that probably weren’t great for my character in the long run. And, y’know, hey: twenty-somethings gonna twenty-something, amirite? Though I was still twenty-somethinging well into my thirties, which is rather less forgivable. I had learned to play a small set of abrasive riffs particularly well, and—much as in my actual guitar-playing, such as it is—relied on them far too heavily for far too long. I have some explanations for that, though not really any excuses. I like to think I’ve become a broader writer/thinker over the last decade, but the curve took a long while to start climbing, and there’s a lot of work still to do. Kotsko again:

I wound up burning bridges, probably too many, by putting myself out there so aggressively when still had so much growing up to do. I only learned about the job at Shimer College because of my blogging, but I have also probably missed out on a lot of opportunities due to the reputation for brashness that my blogging won me. Sometimes I have even suspected that the very fact that I built up a reputation as a thinker and writer on my own, outside of “proper channels,” has hurt my academic career, even aside from the content of what I was writing. But there are a lot of people who went through “proper channels” and have nothing to show for it. In a world with no guarantees — which my exposure to contingent faculty through blogging showed me I was entering into — the only “strategy” is to do what you really want, while you have the chance to do so. I haven’t exactly been “rewarded” for that strategy, but I have kept on living to fight another day — most often neither despite or because of it, but through sheer good fortune.

As I suggest above, and in a similar manner to Kotsko, my own shaping-by-blogging is likewise something of a disadvantage to me, academically… but at the same time, if it wasn’t for that self-shaping experience, then I wouldn’t have an academic career for it to compromise, or the skills to bluff through and fake it until I (hopefully) make it.

All of which is to say: I too am attached to blogging as a medium in a manner that I can rationalise until the cows come home, but which perhaps ultimately boils down to it having been the context of my life and aspirations at a formative and fortunately-timed moment of half-accidental career development. I too resent the banalisation of socnet discourse, because I (probably very mistakenly) hark back to an idealised golden era in which our heated arguments took days and thousands of words to play out rather than hours and dozens. I can’t let it go any more than I can let go my affection for miserabilist grunge-rock. I’ve learned to love newer things since, and I don’t listen to it so much as I used to (if you’ll excuse the over-extension of the metaphor), but it’s still the foundation of everything that I’ve done since. How could it be any other way? The self, assuming there is such a thing, is emergent; the starting parameters inevitably remain implicit in the latest iterations. And with the self-system as with the contextual metasystem: the way out is through, and also endless—a utopian direction of travel rather than a destination that can ever be reached.

But enough navel-gazing. People have been saying that blogging is making a comeback since long before it had even fully faded away, so I’m retaining a healthy (and somewhat prophylactic) scepticism about the most recent resurfacing of that particular signal—“we won’t get fooled again”, as the song goes. But maybe the hellscape of the year that has been 2020 will provide the momentum that’s needed for that dialectic to spin around once more; if you want yer signs and portents, then they’re out there.

(Perhaps the strongest of those was summed up very accurately by a recent backchannel message from Jay Springett, who was pointing out a sudden fashion among newsletter-writers for building taxonomy pages linking out to their archives… but then again, I know my Douglas Adams, and thus have some well-founded opinions about the propensity for people to attempt to reinvent the wheel, and to get stuck on entirely the wrong aspects of the problem. Well, I guess we’ll see.)

One way or another, much like Kotsko, I think—and indeed hope—I’ll keep blogging, even if I don’t have the time or mental stamina to do it as much as I once did. There’s only so much composition bandwidth the ol’ brainmeat can muster in a single day, and academia is—thankfully, and happily—taking up the majority of that right now, and for the foreseeable.

If blogging ever does make its comeback, it will of course never be “blogging” as we experienced it Back In The Day. I guess I have sufficient wisdom to recognise that to be as good a thing as it is an inevitable thing—even as I have sufficient nostalgia for a formative and desperate time of my life to wish, just a little bit, that we could go back to what now seems like a more innocent and antediluvian culture.

World keeps spinnin’, don’t it? That’s our curse, as a species, but it’s also our blessing.

Happy new year.

Way back in 1999, I wrote about open-source software:

First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are fickle and busy people. They do not have the time to examine every piece of source code that is published. So while opening up source code is a good thing, it is not a guarantee of security. I could name a dozen open source security libraries that no one has ever heard of, and no one has ever evaluated. On the other hand, the security code in Linux has been looked at by a lot of very good security engineers.

We have some new research from GitHub that bears this out. On average, vulnerabilities in their libraries go four years before being detected. From a ZDNet article:

GitHub launched a deep-dive into the state of open source security, comparing information gathered from the organization’s dependency security features and the six package ecosystems supported on the platform across October 1, 2019, to September 30, 2020, and October 1, 2018, to September 30, 2019.

Only active repositories have been included, not including forks or ‘spam’ projects. The package ecosystems analyzed are Composer, Maven, npm, NuGet, PyPi, and RubyGems.

In comparison to 2019, GitHub found that 94% of projects now rely on open source components, with close to 700 dependencies on average. Most frequently, open source dependencies are found in JavaScript — 94% — as well as Ruby and .NET, at 90%, respectively.

On average, vulnerabilities can go undetected for over four years in open source projects before disclosure. A fix is then usually available in just over a month, which GitHub says “indicates clear opportunities to improve vulnerability detection.”

Open source means that the code is available for security evaluation, not that it necessarily has been evaluated by anyone. This is an important distinction.