Search
Items tagged with: Society
"This 103 year old comic about what would happen if "pocket telephones" would be invented. (W. K. Haselden’s ‘The Pocket Telephone: When Will it Ring?’ was first published in The Mirror on March 1919)"
Quelle: Historic Photographs, FB
#Telefon #telephone #Smartphone #Kommunkation #Comic #Humor #humour #kunst #art #Gesellschaft #Société #Society
As everyone knows, Elon Musk is now running Twitter directly into the ground. Who knows? Maybe he needed some inspiration for the Boring Company.
This has, as many predicated, been a complete clusterfuck.
https://twitter.com/kennwhite/status/1589396945830813700
We should assume that Twitter is on its way out the door. Elon Musk is not a good CEO, as evidenced by the immediate mass lay-offs of Twitter employees.
Or his immediate pause of content moderation (which let some really dumb homophobes run wild).
https://twitter.com/lucashoal/status/1587443643735908353
You get the point.
Rather than continue to ruminate on the current mess, I’d like to instead take a moment of everyone’s present to look into the future, because we’re actually in a unique position to make a lot of good changes to the world; or, at least, to make something hilarious out of a bad situation.
This matters for everyone, but especially for furries, sex workers, and porn artists.
I’m going to break this post into three parts:
- How to Make a Larger Impact Than Deleting Your Account
- An Opinionated Summary of Alternate Platforms
- How to Architect the Porn-Friendly Social Media of Tomorrow
It should go without saying, but my standard disclaimer applies:
The contents of this blog post are the sole opinions of a 30-something gay furry who presents as an anthropomorphic dhole on the Internet. Do not confuse the opinion or satire contained within for either a) fact, b) professional advice, or c) the opinions of any company or entity; especially the author’s current or past employers.
How to Make a Larger Impact Than Deleting Your Account
If you’re considering deleting your Twitter account and moving to an alternative platform, I encourage you to move but not delete your account. There’s something much cooler you can do with your existing account than delete it.
Twitter’s operations costs are currently fairly predictable. Well, predictable enough to lay off a lot of the workers necessary to keep the lights on, anyway.
Wouldn’t it be great if, instead of deleting their accounts in protest, we decided to make our accounts cost more in storage and compute costs?
I posed a similar question to Twitter the other day.
https://twitter.com/SoatokDhole/status/1587807410944630790
Here are some of the more fun and interesting ideas that were shared with me:
Block and Search with Wild Abandon
(I can’t find a record of who suggested this idea. Maybe I imagine someone suggesting it, and it was actually my own idea, but I’m misremembering. Who even knows anymore?)
Filtering blocked/muted accounts from your timeline requires a small amount of server-side CPU.
Searching for trending topics and common words in your native language will likely hit many thousands of accounts.
If you ask Twitter’s search engine for all tweets that contain certain common words or phrases, and then the application has to filter out hundreds of thousands of blocked and/or muted accounts, this is going to become computationally expensive.
Especially if you systematically mute or block every single account that promotes a tweet.
Especially if you’re already using an adblocker, such as uBlock Origin (which you can install in Firefox for Android, by the way).
To be clear: The goal of this idea is NOT to degrade the platform or perform a Denial of Service attack. It’s simply to make Musk pay more for useless processing that won’t increase Twitter’s ad revenue.
Use Twitter Like TikTok
Instead of typing a reply, record a short video instead. The queerer and less marketable the contents of your video, the better.
https://twitter.com/XydexxUnicorn/status/1587810839620378628
If you don’t have a fursuit (most furries actually don’t), consider using rigged 3D models (or Live2D avatars; e.g. FaceRig) instead.
Just make sure you include a transcript or alt text for people with disabilities.
Everyone else can participate simply by diligently playing every single one of these videos (even if on mute).
Let’s run up Elon’s storage and bandwidth bills. There’s lots of fun that we can have with this idea.
Upload Lots of Compression-Unfriendly Images
For example:
https://twitter.com/yourcompanionAI/status/1587815968700600321
Bonus points if you somehow manage to work this into the video reply idea, and it actually inflates their storage costs significantly.
Bad Suggestion: Reply to Brands with Yiff
There were a few people who suggested posting adult furry art in reply to brand tweets. The idea being that this will make Twitter less marketable for advertisers.
This is a terrible idea for two reasons:
- Optics. Regardless of your goals, you’re going to expose a lot of unsuspecting users to unsolicited pornographic art. This is not how you make friends. This will make a lot of undecided people form a negative opinion of the furry fandom.
- Underage users. The minimum age to sign up for Twitter is 13. Parents who might be comfortable with their young teenager following a household name Twitter account will not want their child being exposed to hardcore pornography.
Too often, I see some furries reach for this tactic. You should consider it the nuclear option, because the small tactical gain is largely outsized by collateral damage.
The only thing you’ll accomplish is giving ammo to right-wingers who loudly proclaim all LGBT people are groomers (meanwhile they vote down laws that would stop child marriage; how so very curious of them).
Wrap-Up
https://twitter.com/charlotteirene8/status/1585700642626191360
With any luck, we can make Twitter the most expensive $44 Billion that Elon Musk will ever spend.
An Opinionated Summary of Alternate Platforms
Where should we go when Twitter dies? There are a lot of opinions to be had.
Rumors of Tumblr’s Sex Positivity Are Wildly Exaggerated
Shortly after Elon Musk purchased Twitter, Tumblr had announced updated Community Guidelines that, allegedly, permit the naked human form to appear in Tumblr content.
This apparently doesn’t include cartoon nudity. To wit:
https://twitter.com/LeafDubois/status/1589026084640940032
We can do better than Tumblr.
Cohost
Cohost is a somewhat new platform for posting. I have an account there (@soatok).
You can think of Cohost as the best parts of Twitter’s user experience, with the best parts of Tumblr, without any ads, tracking, or recommendation system (The Algorithm).
The premise of Cohost is to build around users, not profit.
Cohost is brought to you by a group calling themselves the Anti Software Software Club–a software company that hates the software industry:
we are a group of three developers and designers—and maybe more soon!—with very strong opinions about how to operate a software company. we’ve all left jobs at conventional tech companies to build cohost and we’re thrilled we finally get to share it with the world. you can read more about us, including our manifesto, on our main website. ASSC is not-for-profit and 100% worker owned.According to the Cohost website
It’s worth emphasizing that “not-for-profit” is most likely an aspiration and a tenet, not a legal designation. Cohost is an LLC. It would be an error to mistake it for a non-profit organization. The legal term “non-profit” almost always refers to 501(c)(3) organizations.
Personally, I don’t care at all about these distinctions. Some people do. I’m not a lawyer, and I actually find legal topics exhausting to the point of being physically painful. That’s not at an exaggeration.
It’s a neat project. If you want a centralized replacement for Twitter, Cohost is probably your best bet.
Mastodon
Mastodon is federated software, which feels in some ways more like Email or RSS than Twitter does. Moderation is local to your instance, rather than top-down like a centralized platform. Discovery is based on which instances peer with which instances.
There’s a lot to like about Mastodon. However, if you’re an artist that’s looking for a centralized watering hole where all your customers already are, Mastodon… is not that.
That being said, a lot of people are moving to Mastodon already. Now’s probably the best time to join.
Personally, I used to have a Mastodon account, but I didn’t really use it much, and then the instance that hosted my account shut down and I lost all my data. That experience killed my interest in Mastodon.
Telegram Channels
Pro: Furries already use Telegram, extensively.
Con: They’re now selling “collectible usernames” as NFTs
Wrap-Up
There are probably other platforms that are worth considering, but there are only so many hours in a day, and I have a day job.
If you find yourself deeply dissatisfied with the options presented, please feel free to explore others. Alternatively, you may wish to build a new platform in line with your own vision.
If you lack the skills to build your vision, grab a few friends and read through Furward Momentum together.
How to Architect the Porn-Friendly Social Media of Tomorrow
What do sex workers, porn artists, and fantasy sex toy companies have in common?
Mastercard doesn’t want to provide them services. Neither do PayPal nor Venmo.
Sex workers and artists are two of the groups most likely to be negatively impacted by Elon Musk’s ownership of Twitter.
https://twitter.com/woot_master/status/1518689141763936259
What would it take to build a social media platform that actually supports sex workers and NSFW artists? Well, a lot. But I’d like to at least provide a sketch for how such a platform might be architected.
Require Hardware Security Keys For All Users
Your platform should use WebAuthn instead of password authentication.
I recognize that this makes onboarding users difficult (due to a lack of availability of FIDO2-compatible hardware keys), but the security benefits are immensely worthwhile.
The best thing about WebAuthn is, when implemented correctly, your users become extremely phishing-resistant without requiring any diligence on their part.
Use End-to-End Encryption for Private Messages
Further reading: Going Bark: A Furry’s Guide to End-to-End Encryption.
We don’t need more surveillance capitalism. The less you know about your users, the better.
Consider An Invite-Only Design
Lobste.rs requires new users be invited by an existing user.
This is a great way to reduce the blast radius of platform abusers and their subsequent attempts at ban evasion: If the same person keeps inviting bad people, take away their invite privileges.
I chose a similar approach when I designed FAQ Off.
Don’t Mix Payments With Platforms
Simply put: The platform that users interact with should be mostly independent from the component that processes payments for the users of the platform.
By “mostly independent”, I mean they should be distinct legal entities, with no overlap in ownership, that operate in different countries. The only things that should be exchanged between the two are HTTP messages (over TLS) and API keys.
The payment gateway should accept multiple options (credit cards, PayPal, etc.), but never provide a custom “memo” field. Where possible, the invoice feature should be used (with the possibility of tipping left open).
If you permit users to fill in custom memos, they will inevitably leave a remark that flags the recipient’s account as porn/sex related.
This payment gateway will not just process payments and subscriptions; it will also act as a payment escrow service and amortize the risk of chargeback fraud over multiple content creators. (To that end, it should have a name that isn’t embarrassing on a bank statement.)
The incumbent payment gateways used by the porn industry should be avoided, for multiple reasons:
- They’re expensive
- The transactions they process get flagged a lot as fraud
- They’re often used by spammers, scammers, computer criminals, and deplatformed hate groups
Instead, you’d want your value proposition to be more about social media and payments between friends. The fact that you allow porn and sex work on your platform (which should be one of many platforms that use this payment gateway) needs to be a mere footnote.
Finally, consider very carefully whether or not to support cryptocurrency in your payments (or payouts) platform.
This List is Non-Exhaustive
These are just some considerations I can think of off-hand when imagining what a sex-positive social media platform would look like, if it were built in 2022.
The biggest challenges any platform faces will not be legal or technical; they will be social.
Twitter exploded in popularity after a few celebrities started using it. I don’t know how to replicate their success with a greenfield project, and I doubt anyone else does either.
In Summary
Elon Musk is probably going to kill Twitter. It would be really funny if we made this cataclysmically expensive for Elon Musk, personally.
There are a handful of alternative platforms that folks are already migrating to in anticipation of Twitter’s demise, but none is a clear winner.
Twitter’s death will put a lot of artists (especially porn artists) and sex workers in peril, so I sketched some ideas that would enable a Twitter alternative to better serve them.
Ultimately, the future remains uncertain. I don’t pretend to have answers, just ideas. If you think you know, or can do, better, I wish you the best of luck.
https://soatok.blog/2022/11/07/contemplating-the-future/
#ElonMusk #furries #furry #FurryFandom #Society #Twitter
Some of you may be surprised to learn that my fursona is not a fox, nor a wolf; nor is it a fictitious fox-wolf hybrid popular within the furry fandom (which is usually called a “folf”).No, my fursona is a dhole, which is a real species of endangered wild dogs from Southeast Asia.
The word “dhole” is only one syllable, with a silent H.
https://twitter.com/canemckeyton/status/1024198407429054469
The Furry Fandom needs more dhole fursonas.
Dholes Are Amazing
https://www.youtube.com/watch?v=ifcCNERGUZUDholes are very social creatures that live and hunt in large packs. But how they hunt is needlessly awesome: Where other canids (e.g. wolves) try to chase and then surround their prey, dholes spread out and use high-pitched whistles to coordinate their strikes over large distances.
Some other interesting notes from animal conservationalists over the years: Dholes have very low sexual dimorphism (so you generally cannot tell whether a dhole selected at random is male or female at a glance), and they’re known to do a handstand when they’re urinating.
https://twitter.com/Tikrekins/status/1176953841385951233
You can learn more about dholes and dhole conservation efforts here.
The Symbolism of Dhole Fursonas
If you’re trying to pick a species for your fursona, how do you know if a dhole is right for you?Art by SkiaSkai
Here’s a short list of values and traits you can derive from dholes and dhole behavior in the wild:
- Do you value and understand friendship in its purest form?
- Do you value cooperation (n.b. without power structures and hierarchies)?
- Do you enjoy communal living (with a chosen family of close friends and/or a polycule)?
- Are you clued into dog whistles? (Okay, this one’s kind of a dumb joke because dholes are called “whistling dogs”, but a lot of dhole furries I know are very clueful about the alt-right’s bullshit, so it’s fitting.)
- Do traditional notions of sex and gender not interest you in the slightest?
If you said yes to any of those questions, or if you simply can’t decide between fox or wolf and don’t feel like phoning it in with a fictitious hybrid, a dhole may be a good fursona choice for you.
Are Dhole Fursuits Beautiful?
Yes. Very yes.https://twitter.com/SparkleKreation/status/1039539876121608193
https://twitter.com/Millitrix01/status/1175111740473991168
https://twitter.com/RustiDhole/status/1276399918240931840
https://twitter.com/DamnitKnightly/status/1290751428206587904
Coming soon (probably 2021) to this section of the blog post: My fursuit.
https://soatok.blog/2020/08/10/all-about-dholes-and-dhole-fursonas/
#CuonAlpinus #dhole #dholes #furry #FurryFandom #fursona
Last year I wrote a grab-bag post titled, Don’t Forget To Brush Your Fur, because I’m terrible at SEO or making content easily discoverable.
In the same vein as that previous example, this is going to be in the style of Lightning Round talks at technology conferences.
Why are we doing this again?
I maintain a running list of things to write about, and cross ideas off whenever I cover a topic.
After a few months of doing this, I realize most of what remains is kinda interesting but not quite interesting enough to warrant a dedicated entry.
(Art by Lynx vs Jackalope)
Contents
- Asymmetric Key Wear-Out
- HMAC Wear-Out?
- Asymmetric Commitments
- Against “Fluffies”
- A Meditation on Furries and Cringe
- Furries and Blue State Privilege
Asymmetric Key Wear-Out
Last year, I wrote about cryptographic wear-out for symmetric encryption. That post has attracted quite a bit of feedback from folks requesting comparisons against other block cipher modes, etc. One topic that I didn’t see requested much, but is equally interesting, is how this reasoning can be applied to asymmetric cryptography (if at all).
Let’s get one thing clear: Cryptography keys don’t “wear out” in the same sense as a physical key might. What we’re talking about is an ever-increasing risk of a collision occurring in random nonces.
ECDSA Key Wear-Out
ECDSA signatures involve a one-time secret, k. The scalar multiplication of k and the base point for the curve is encoded as half of the signature (r), while its modular inverse is multiplied by the sum of the truncated message hash and the product of r and the secret key to produce the other half of the signature (s).
If your selection of k is biased, or k is ever reused for two different messages, you can leak the secret key.
Strictly speaking, for any given ECDSA curve, there is only one k value that corresponds to a given r for all users (n.b it’s not distinct per keypair).
This means that all users of e.g. ECDSA over NIST P-256 have to worry about a shared cryptographic wear-out: After 2^112 signatures, there is a 2^-32 chance of a single collision occurring.
Fortunately, the search space of possible k-values is enormous, and this will not impose a real-world operational risk in the near future. If you’re worried about multi-user attacks, P-384 gives you a wear-out threshold of 2^176 messages, which we’re probably never going to achieve.
RSA Key Wear-Out
In order to calculate the wear-out for an RSA message, you first have to begin with an attack model. Previously, we were looking at algorithms that would become brittle if a nonce was reused.
RSA doesn’t have nonces. You can’t attack RSA this way.
But let’s assume that such an attack did exist. What might the safety limit look like? There are two remaining possible considerations for RSA’s security against cryptographic wear-out: Key size and padding mode.
RSA private keys are two prime numbers (p, q). RSA public keys are the product of the two primes (n) and a public exponent (e) that must be coprime to (p-1)(q-1). (In practice, e is usually set to 3, 65537, or some other small prime.)
The security of RSA is subexponential to key size, based on the difficulty of integer factoring attacks and the requirement for p and q to be prime numbers.
This primeness restriction doesn’t apply to your message. The padding mode dictates your upper limit on message size; e.g., PKCS#1 v1.5 padding will take up at least 3 bytes:
- For encryption,
x = 0x00 || 0x02 || r || 0x00 || m, whereris random padding bytes (minimum 8 bytes). - For signatures,
x = 0x00 || 0x01 || 0xFF..FF || 0x00 || m. - In either case, the padding is always at least 11 bytes long.
So if you have 2048-bit RSA keys, you can encrypt or sign up to 245 bytes (1960 bits) with PKCS#1 v1.5 padding. This corresponds to a safety limit of 2^974 messages.
HMAC Wear-Out?
To keep things simple, the security of HMAC can be reduced to the collision risk of the underlying hash function.
If you’re trying to estimate when to rotate symmetric keys used for HMAC, take the birthday bound of the underlying hash function as your starting point.
- For SHA-256, you have a 50% chance of a collision after 2^128 messages. For a 2^-32 chance, you can get 2^112 messages out of a single key.
- For SHA-384, this is 2^176 messages.
- For SHA-512, this is 2^240 messages.
In either case, however, these numbers might as well be infinity.
Asymmetric Commitments
Did you know that fast MACs such as GHASH and Poly1305 aren’t random-key robust? This property can matter in surprising ways.
Did you know that ECDSA and RSA don’t qualify for this property either? This is related to the topics of malleability and exclusive ownership. You can learn more about this in the CryptoGotchas page.
Essentially, if a signature scheme is malleable or fails to provide exclusive ownership, it’s possible to construct two arbitrary (m, pk) pairs that produce the same signature.
Any nonmalleable signature scheme with exclusive ownership (i.e. Ed25519 with low-order point rejection and canonical signature checks, as provided by the latest version of libsodium) provides sufficient commitment–mostly due to how it uses a collision-resistant cryptographic hash function. (It’s also worth noting: HashEdDSA doesn’t. Isn’t cryptography fun?)
Generally, if you need random-key robustness, you want to explicitly make it part of your design.
Against “Fluffies”
In my blog post about the neverending wheel of Furry Twitter discourse, I mentioned the controversy around SFW spaces for underage furries.
Everything I said in that post is still accurate (go read it if you haven’t), but I want to emphasize something that maybe some people overlooked.
https://twitter.com/SoatokDhole/status/1426638694786682884
Underage furries calling themselves “fluffies” is a bad idea, for two reasons.
Divide and Conquer
The first reason is tactical, and not specific to what they’re calling themselves: If you label yourselves separately from the larger furry community, you make it much easier to be targeted–especially by propaganda. There’s a severely disturbed alt-right fringe to the furry fandom (dubbed alt-furry, the Furry Raiders, and so many other names) that would love nothing more than to sink their claws into younger furs.
It’ll start innocently enough (“Yay, you have your own space!”), but it will quickly accelerate (“Congrats on kicking those degenerates to the curb!”) to horrible places (“All LGBTQIA+ people are degenerates”), gliding on the wings of edgy humor.
This descent into madness is also known as the PewDiePipeline and all parents of furries should be made aware of it, lest it happen to their child:
https://www.youtube.com/watch?v=pnmRYRRDbuw
It bears emphasizing: This existence of a PewDiePipeline within the “fluffy” space is not predicated on the intentions of the proponents. They can have all the best intentions in the world and it will still happen to their microcosm.
https://twitter.com/ARCADEGUTS/status/1425687280983937027
Preventing this from happening will require an almost inhuman degree of vigilance and dedication to correcting discourse from going sour. None of us are omniscient, so I wouldn’t take that bet.
Pre-Existing Terminology
The second reason the “fluffies” label is a bad idea is more specific to the word “fluffies” in particular: It already refers to a very disturbing meme on 4chan from not-very-many years ago: Fluffy Abuse Threads.
I’m intentionally not including any videos or images of this topic. There just aren’t enough content warnings for how gross this content is.
By calling yourselves “fluffies”, the most deranged 4chan-dwellers and/or Kiwi Farms lurkers on the Internet will begin associate you with the “fluffy abuse” memes, and may even act accordingly. In their twisted minds, they may even rationalize their conduct as if somehow you’re consenting to the abuse, by virtue of what you call yourselves.
Look, I get it: When you’re young, the over-sexualization of the media can be very uncomfortable, and it’s natural to want to avoid it. Additionally, it’s only human to want your own special club with a special name to hang out with your exclusive (n.b. same-age) community.
But please think carefully about what you’re doing, how you’re doing it, and which adults you decide to trust.
Also: maybe talk to older queers and/or furries about the history of the Furry Fandom, Pride, and kink before you make dangerous moves that make you more vulnerable to the worst humanity has to offer? Even if you don’t agree with us, we don’t want to see you get hurt.
There definitely is room in the furry fandom for people who are not comfortable with sexual content, or simply don’t want to be inundated with it all the damn time. It doesn’t need to be an exclusive thing or concept; instead, it should be normalized.
Ultimately, there’s probably a lot of work to be done to ensure kids and families have a safe and enjoyable furry con experience during daylight hours without repressing the queer and sexual identities of consenting adults at night. The best way to get from here to there is to talk, not to isolate.
Otherwise, we’ll keep seeing occurrences like this:
https://twitter.com/PrincelyKaden/status/1426192114694692866
The onus here is going to be largely on furry convention staff and chatroom moderators to actually listen to people reporting abusive behavior. They haven’t always been good about that, and it’s time for change.
https://twitter.com/MegaplexCon/status/1425966589241970693
A Meditation on Furries and Cringe
Every once in a while, I get a comment or email like this one:
https://twitter.com/SoatokDhole/status/1360835077899436033
The biggest magnet for poorly-reasoned hate comments is, surprisingly, my tear-down of the “sigma male” meme.
You’d think the exposure of TheDonald’s non-CloudFlare IP address would draw more ire than having correct opinions on masculinity, but here we are.
Let’s talk about masculinity for a moment, guys.
There is nothing manlier than being your authentic self. Even if that means liking some “girly” things. Even if that means being soft and vulnerable at times. Even if that means actually conforming to some stereotypes perpetuated by toxic masculinity when it coincides with your likes and interests. You do you.
But this isn’t just true of the male gender. Authenticity is the epitome of humanity. There’s nothing that stops women and enbies from being ruthlessly themselves.
You can’t be authentic when you’re participating in Cringe Culture, which blindly tears large swaths of people down to stoke the feelings of superiority in the people who evade its blast.
People are weird. I’m weird. I don’t expect everyone to like me, nor do I want them to. (Parasocial relationships suck!)
It’s okay to be a little obsessed about something other people look down on just because you happen to like it. Just make sure you’re not eschewing your adult responsibilities. (We all have bills to pay and promises to keep to the people that matter to us.)
If people don’t like you because you suddenly revealed your fondness for classic video games, rock-tumbling, or linear algebra? Fuck ’em. May the bridges you burn light the way to people who will appreciate you for who you truly are.
I’ve been told my blog is “weapons grade cringe” before, because I dared talk about encryption while having what, to most adults, comes across as little more than a cartoon brand or company mascot.
Furries and Blue State Privilege
I sympathize with most queer people and/or furries for not wanting to subject themselves to the bigotry that runs rampant in Red States, but the ones who are jerks to other members of their community for living in those states, I can do without.
https://twitter.com/SarahcatFursuit/status/1413566747148435456
Being an asshole to someone because they live in, or are moving to, a state whose politics you dislike is equal parts stupid, selfish, and self-defeating:
- It’s stupid because there’s no reason for expressing prejudice or painting with broad brushes. For example: “Florida Furs are bad people” is an attack on the author of this blog.
- It’s selfish because not everyone who wants to leave these states has the resources or opportunity to do so, so all you’re doing is shining a spotlight on your own privilege. Way to show your entire ass to the community.
- It’s self-defeating because of the way the U.S. political system is architected:
If you wished for a genie to move every LGBTQIA+ person to the west coast of the United States, within a few years you’d essentially reduce support for LGBTQIA+ rights to approximately 6 out of 100 votes in the US Senate and 68 out of 435 in the House of Representatives.When you factor in who owns the land in the big tech cities (San Francisco, Seattle, etc.) and how much political and economic power they wield, it becomes very clear that your shaming of others for not boarding the bandwagon serves the interests of the worst of humanity: Landlords and venture capitalists.
Not a good move for people who claim to be progressive, and want to achieve progressive political outcomes nationwide.
The fact that some states have horrendous laws on the books, even worse bastards enforcing these laws, and somehow even more terrible politicians gatekeeping any meaningful progress from changing the system isn’t ever going to be improved from the outside.
I say all this, and I acknowledge Florida does suck in a lot of obvious ways: Our governor (Ron DeSantis) has a disposition that would actually be improved if he wore clown make-up to press appearances. We also have far too many furries that are anti-maskers, anti-vaxxers, or both.
https://twitter.com/SoatokDhole/status/1300911840000708608
But when furries go out of their way to shame someone, simply for living here? You’re not helping. Seriously stop and think about your priorities.
And maybe–just maybe–be surgically precise when you decide insults are warranted.
Now that I’ve flushed the blog post topic buffer, I’m fresh out of ideas. Let me know some topics that interest you in my Telegram group so I don’t get bored and eventually write Buzzfeed-quality crap like this:
https://soatok.blog/2021/08/16/lightning-round/
#asymmetricCryptography #ECDSA #Florida #furries #FurryFandom #HMAC #Politics #RSA #Society #wearOut
There are a lot of random topics I’ve wanted to write about since I started Dhole Moments, and for one reason or another, haven’t actually written about. I know from past experience with other projects that if you don’t occasionally do some housekeeping, your backlog eventually collapses under its own gravity and you can never escape from it.So, to prevent that, I’d like to periodically take some time to clean up some of those loose ends that collect over time.
Random-Access AEAD
AEAD stands for Authenticated Encryption with Associated Data. Typically, AEAD constructions involve a stream cipher (which may also be a block cipher in counter mode) and a message authentication code (which may also be an almost-universal hash function).AEAD modes are designed for one-shot APIs: Encrypt (then authenticate) all at once; (verify then) decrypt all at once. AES-GCM, ChaPoly, etc.
AEADs are less great at providing random access to the underlying plaintext. For example: If you’re encrypting a 240 GB file with AES-GCM, but you only need a 512 KB chunk at some arbitrary point in the file, you’re forced to choose between either:
- Authenticating the rest of the AES-GCM ciphertext, then decrypting only the relevant chunk. (Performance sucks.)
- Sacrificing integrity and decrypting the desired chunk with AES-CTR.
Being forced to choose between speed and security will almost certainly result in a loss of security. The incentives of software developers (especially with fly-by-night startup engineers) all-but-guarantee this outcome.
Consequently, there have been several implementations of streaming-friendly AEAD. The most famous of which is Phil Rogaway’s STREAM construction.
Source: Rogaway’s paper
The downside to STREAM is that it requires an additional T bytes (e.g. 16 for an 128-bit authentication tag) for each chunk of the plaintext.
A similar solution, as implemented in the AWS Encryption SDK, is to carefully separate plaintexts into equal-sized frames and have special rules governing IV/nonce selection. This lets you facilitate random access while still making the security of the whole system easy to reason about.
Can we do better than STREAM and message framing?
The most straightforward idea is to use a Merkle tree on the ciphertext with a stream cipher for extracting a distinct key for each leaf node. This can be applied to existing AEAD ciphertexts, out of band, to create a sort of deep authentication tag that can be used to authenticate any random subset of the message (provided you have the correct nonce/key).
However, I haven’t found the time to develop this idea into something that can be toyed with by myself and other researchers.
More Introductory Articles
Let’s face it:
Art by Riley
I’ve previously suggested an alternative strategy for programmers to learn cryptography. I’d like to do more posts covering introductory material for the topics I’m familiar with, so anyone who wants to actually employ my proposed strategy can carry themselves across the finish line.
Dissecting Dog-Whistles
Random fact: My fursona is a dhole–also known as a whistling dog.
Soatok is a dhole, not a fox. Art by Khia.
Coincidentally, I’m deeply fascinated by language, and planned to start a series analyzing dog-whistle language (especially the kind commonly used against queer subcultures).
However, the very nature of dog-whistle language provides a veneer of plausible deniability for the whistler’s intent, which makes it very difficult to address them in a meaningful way that doesn’t undermine your own credibility.
So, for the time being, this is on the back-burner.
Reader Questions
I’ve received quite a few questions via email and social media since I started this blog in April. The most obvious thing to do with these questions would be to periodically collate a bunch of them into a Questions and Answer style post.However! I have an open source projected called FAQ Off that is way more efficient at the Q&A format than a long-form blog post. If you’d like to see it in action, start here.
Art by Kyume
General Punditry
I make a lot of dumb jokes, typically involving puns and other wordplay. Most of these live in private Telegram conversations with other furries, but a few have leaked out onto Twitter over the years.Is automated vulnerability scanning a nessusity?— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) November 23, 2017
Nurse: "I suspect this patient attempted to shove a foreign object into their urethra for pleasure"
Doctor: "I believe your theory is sound"
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) June 25, 2018
A lot of them involve queer lingo.
People say it's lonely at the top.No wonder there's so many bottoms in this fandom 😛
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) December 30, 2019
BitTorrent users are thirsty bottoms. Always complaining about wanting more seed.
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) August 4, 2019
My RAID controller has big disk synergy
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) August 1, 2018
Some of them involve furry in-jokes.
Q) Why are foxes so prevalent in the furry fandom?A) We're a sub-culture not a dom-culture.
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) May 24, 2018
Intrusion detection systems are old hat. What we need is a protrusion detection system.
Introducing OwO
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) February 1, 2018
Some are just silly.
Using mined bitcoins to buy a pumpkin spice latte makes you an ASIC bitch, right?— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) February 6, 2018
So in gay male furry culture if you give into a booty call from your ex-boyfriend… does that mean you were craving the XD?
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) August 25, 2018
If SQL is pronounced "sequel" then PHP must be pronounced "fap".
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) July 23, 2019
What do you call a submissive dragon with a mathematics background who's already lubed up for you?
A sliding scale.
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) December 26, 2018
Did you hear about the clairvoyant babyfur that broke RSA?
Turns out, all you needed was a padding oracle.
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) October 1, 2017
I should look for my next partner in a nuclear chemistry lab.
I hear they're good at dating.
— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) December 8, 2016
In my humble opinion, there haven’t been nearly enough puns on this blog (unless the embedded tweets above count).
Normally, this is where I’d proclaim, “I shall rectify this mistake” and proceed to make an ass out of myself, but I don’t like forced and obvious puns.
A lot of furries get this wrong: “Pawesome” is not clever, unless you’re talking to someone with a marsupial fursona. Then maybe.
The best puns come in two forms: They’re either so clever that you never saw it coming, or they’re just clever enough that the punchline lands at the same time you realized a bad pun was even possible.
Only Soatok brand puns are 100% whole groan— Mastodon: soatok@furry.engineer, Cohost: soatok (@SoatokDhole) January 26, 2018
Miscellaneous / Meta
The past few blog posts touched a little on political subjects (especially How and Why America Was Hit So Hard By COVID-19, but this short-term trend actually started with my Pride Month post).At some point in the future, I may write a post dedicated to politics, but for the time being, it’s not really a subject I care enough about in and of itself to emphasize all the time.
Let me be clear: Being gay in America is inherently political. Developing technology is inherently political (although you don’t always realize it). Being a gay technologist, saying something politically significant is an inevitability.
But I’m not interested in the traditional roles and narratives that infect politics and political discourse. Labels are stupid and I’m not interested in being a Useful Idiot for anyone’s propaganda.
The most difficult thing about writing blog posts for me is coming up with a meaningful title. I’ve lost many hours due to the writer’s block that ensues.
The second most difficult thing for me is writing closing statements that aren’t totally redundant.
https://www.youtube.com/embed/l44OV2jlN7A?start=665&feature=oembed
George Carlin – “Count the Superfluous Redundant Pleonastic Tautologies” – Skip to 11:05 if WordPress breaks something
Some bloggers like to sign off like they’re writing an email. “Happy hacking!” and whatnot. To me, this feels forced and inauthentic, like a bad pun.So instead, here’s a totally sick piece of art I got from @MrJimmyDaFloof.
Furry artists are, like the rest of the fandom, amazing.
https://soatok.blog/2020/07/07/dont-forget-to-brush-your-fur/
Recently, there has been a lot of misinformation and propaganda flying around the American news media about the furry fandom. Unfortunately, this seems to be increasing with time.
Consequently, there are a lot of blanket statements and hot takes floating around social media right now about whether or not furries should talk with journalists.
That is to say, a lot of people are screaming, “Don’t ever talk to the press!”
I thought I’d offer my perspective, seeing as I did talk to journalists during the whole Ridgeland library incident.
But to explain my nuanced position, I need to explain a bit of background.
Never Say Never
My blog talks a lot about cryptography. You don’t need to understand anything about cryptography to get the point I’m going to make today, however.
Most information security professionals have hammered into their own minds to “never roll your own crypto”.
Taken to the logical extreme, this kind of advice would prevent the development of cryptography and make everyone’s communications vulnerable. This is obviously a bad outcome.
So why do professionals keep saying it?
99.99% of the time, the rule applies. If you’re building a line-of-business CRUD app, you don’t need to invent a new block cipher. Even if your cipher turns out to be very good, by whatever coincidence, it’s better to leave that to the experts.
In the minority of cases where someone needs to break the rule, they must do so knowing that they’re violating a norm. And the impetus is on them to justify this breakage; lest they suffer the consequences.
Usually, in cryptography, this just means “you aren’t taken seriously,” which is a pretty bad outcome.
In other areas of life, breaking a norm can mean ostracization or legal peril.
Back to Furries and the Media
When I see furries screaming, “Don’t talk to the press!” I’m reminded of how “Don’t roll your own crypto!” is practiced by the cryptography community.
Most of the time, it’s obviously a bad idea for furries to talk to the press, for a few obvious reasons:
- Random furries probably have no special training for dealing with the media, which means they’re easy to manipulate into spreading a false narrative
- Public communication is a skill that most of us don’t practice
- If you suffer from any kind of anxiety, the previous two reasons are exacerbated
Even if you’re a popular streamer or content creator, the kinds of questions they ask and how they present your answers to their audience is a different class from your fans and friends.
But should the rule for furries and the media be, “Never?”
Uncle Kage from AnthroCon says yes (with some nuance, in so many drunken words):
https://www.youtube.com/watch?v=KHZX0IvavEo
Meanwhile, Xydexx says no (with some nuance):
https://twitter.com/XydexxUnicorn/status/1666111194531332098
https://twitter.com/XydexxUnicorn/status/1666111788448923650
https://twitter.com/XydexxUnicorn/status/1666112045719203840
How you answer this question broadly depends on how much you trust your community.
Do you assume malice or incompetence from fellow furries? “Don’t ever talk to the press” likely sounds like sage advice to you.
Conversely, if you hold your community members in higher esteem, you’re more likely to encourage some conversations with some media outlets.
Regardless, there is one rule that must never be broken, but recently was.
Furries Must Never Contribute to Right-Wing Extremist Media like FOX News
Unfortunately…
Don’t do this. FOX News isn’t actually news; they argue as much in court.
Furry Press Checklist
If you’re going to talk to the press, you need to (at bare minimum) know the following:
- Which outlet, and what is their reputation?
- Who within that outlet are you talking with?
- What are you talking about?
- What questions or concerns do they believe their viewers have?
The most egregious incidents can be prevented by asking the first question and researching the outlet.
You should also know who you’re talking to, and whether or not they try to appeal to violent right-wing stochastic terrorists.
Many local news stations are okay, but specific journalists aren’t trustworthy. That’s why question 2 matters.
Regardless of the yellowness of the journalism you’re exposing yourself and all of the furry fandom to, you need to have a clear understanding of what’s being asked of you before you agree to any interviews.
This is a lot of homework and responsibility. If you’re not willing to do it, then don’t talk to the media.
There are better ways to get your thirty pieces of silver fifteen minutes of fame.
Epilogue
Of course, the person who went on FOX News is also a horrible person across every axis.
Not just this:
…but also this:
https://twitter.com/videah_/status/1667490374909149187
FOX News. Not even once.
https://soatok.blog/2023/06/06/on-furries-and-the-media/
#FOXNews #furries #furry #FurryFandom #media #Society
You’ve probably heard the rumors by now. It’s cropped up in Michigan, Kentucky, Nebraska, North Dakota, Wisconsin, and even Australia.The rumor is: Parents around the country are expressing “concerns” over schools allegedly permitting students that identify as cats use litter boxes in public schools.
You can hear this idea being parroted by Nebraska State Senator Bruce Bostelman, without an ounce of irony or self-awareness:
https://twitter.com/jonnykip21/status/1508485363177861124
Of course, it doesn’t matter how often or how thoroughly these allegations are debunked (and, make no mistake, they are debunked), that doesn’t stop people from spreading this false and damnable rumor on Facebook Groups like “Protect Nebraska Children”.
As a member of the furry community who also strongly opposes misinformation on the Internet, I feel it’s necessary and appropriate for me to expose the dark truths about this litter box story once and for all.
Who and What Are Furries?
https://www.youtube.com/watch?v=JPSQVRJuDTsFurries are members of the Furry Fandom, an art-centric participatory online community (with real-world conventions and events) consisting of people who enjoy anthropomorphic characters.
Characters like this!
(Art: LvJ)For one reason or another, furries are also a predominantly LGBTQIA+ community. If you took a large random sample of people, you’d expect at least 90% to be heterosexual and cisgender. This shouldn’t surprise anyone. But if you took a random sample of furries, that figure is now only 20%.
For this reason, furry hate was often used as a dog-whistle for homophobia in forums where overt homophobia was not permitted.
https://twitter.com/spacetwinks/status/728349066178998274
If you’d like to learn more about the furry fandom, I highly recommend the appropriately named 2020 documentary The Fandom by Ash Coyote.
https://www.youtube.com/watch?v=iv0QaTW3kEY
Are Furries in K-12 Public Schools?
Overwhelmingly, no. The average age of the furry fandom varies from survey to survey, but 26 years old seems like a good estimate for the median age for survey participants (as of 2020).
Source: FurScience, 2020 survey results
Interestingly, the median age of furries was only 20 in the year 2011, which suggests that the furry fandom is consistently getting older.
That isn’t to say that there aren’t any furries under the age of 18. We just don’t have any data on them today.
Second, due to ethical restrictions, the IARP is unable to study minors (as parental consent would be required, something we cannot reasonably expect to obtain if a person has not “come out” to their family as a furry).
This is the only scientific data we have, and it’s not perfect, but you can actually extrapolate a reasonable heuristic for the magnitude of underage furs based on the change in adult median age over time.Since the adults of the furry fandom are consistently getting older (median 20 in 2011, median 26 in 2020, which is a 6 year increase over 9 years), the proportion of people under 18 was likely at most 33% of the total furry population in a given year during this interval.
This upper limit assumes most underage furries continue to be furries in adulthood, a negligible mortality rate, and people are discovering the fandom younger than 18.
If a lot of furries discover the fandom after they turn 18, then 33% is probably unreasonably high.
If this proportion still holds true, then the median age for furries is still squarely in the realm of young adulthood, not childhood.
Do Furries Identify as Animals?
No, furries do not identify as animals in the way that these very dumb rumors would imply.People that identify as a non-human animal are called therians (or more broadly, otherkin). Most furries are not therians, but some are.
Do Furries That Identify as Cats Use Litter Boxes?
No, this is a damned lie with no basis in reality. Even Snopes debunked it.If you’re interested in the origins of this dumb rumor, Dogpatch Press has a deep dive into the history of it going all the way back to the 1990’s.
The Dark Truth About These Rumors
If it’s not true, why are Facebook Groups and GOP politicians spreading lies about furries and public school students all of the sudden?Unfortunately, the answer is transphobia.
https://twitter.com/KandissTaylor/status/1506603753008472064
There is an emerging generational culture war about transgender people.
To many older Americans, the idea that a person could be anything other than male or female seems absurd, and the notion that anyone could change their gender is uncomfortable (but science is consistently on trans people’s sides here).
Most younger people don’t carry the same prejudices as their parents’ and grandparents’ generations.
This litter box rumor is both a dog whistle for generalized queerphobia (as the majority of furry hate always has been) and a weak satire of non-binary gender identities. “If they can decide they’re neither male or female, what’s stopping them from identifying as a cat?” is the premise of this bigoted reasoning.
Before gay marriage was legal in America, there were a lot of online arguments put forth by evangelical Christians and Republicans that, “If you make gay marriage legal, soon you’ll have people wanting to marry their pets and we’ll have to legalize bestiality.”
Which, yes, is a very dumb slippery slope fallacy, but the current furry panic certainly echoes their same delusional beliefs about alternative lifestyles.
In short, the entire premise of the “furry litter-box in public schools” rumor is to bully nonbinary and/or transgender students through a dog-whistle, so they can evade being cancelled for overt bigotry.
These people are showing their whole ass when they spread these lies.
https://twitter.com/SoatokDhole/status/1506931766837321731
Also, it’s interesting that the people spreading these lies are Republicans, who claim to want to “protect children”, but are also in favor of child marriage.
What Can We Do About These Lies?
Your mission, should you choose to accept it, is to identify anyone in your life who believes these rumors (especially if they’re sharing lies from Facebook Groups that peddle misinformation), and then link them to this blog post.I don’t expect it to persuade everyone, but it can save you the effort of having to argue further with them. Just copy+paste the URL and move on with your day, knowing you did your part to tell them, “You’re wrong, shut the fuck up.”
Where Did This Hoax Originate?
Allegedly, this entire hoax about “furries being permitted to use litter boxes in public schools” was started as a prank by a user named Tracing Woodgrains, a contributor to the anti-trans podcast Blocked and Reported, hosted by Jesse Singal and Katie Herzog (alternative mirror).
(Art: LvJ)
So—what does it take to persuade Libs of TikTok to tilt at windmills, to spread a moral panic over a falsehood? How can hoaxers break past her fact-checking, with nary a red flag to be seen?A nonexistent man passed on a false tip on the basis of paper-thin evidence, then squirmed away at any attempts to nail down the concrete before finishing things off with a broken link to a Facebook group that did not exist.
So there you have it. This entire thing is not only unbelievable, but fabricated for the sake of trolls’ amusement.https://soatok.blog/2022/04/06/the-dark-truth-about-the-furry-protocol/
#demographics #falsehoods #furries #furry #FurryFandom #lies #litterBoxRumor #misinformation #Politics #rumors #Society
You’ve probably heard the rumors by now. It’s cropped up in Michigan, Kentucky, Nebraska, North Dakota, Wisconsin, and even Australia.
The rumor is: Parents around the country are expressing “concerns” over schools allegedly permitting students that identify as cats use litter boxes in public schools.
You can hear this idea being parroted by Nebraska State Senator Bruce Bostelman, without an ounce of irony or self-awareness:
https://twitter.com/jonnykip21/status/1508485363177861124
Of course, it doesn’t matter how often or how thoroughly these allegations are debunked (and, make no mistake, they are debunked), that doesn’t stop people from spreading this false and damnable rumor on Facebook Groups like “Protect Nebraska Children”.
As a member of the furry community who also strongly opposes misinformation on the Internet, I feel it’s necessary and appropriate for me to expose the dark truths about this litter box story once and for all.
Who and What Are Furries?
https://www.youtube.com/watch?v=JPSQVRJuDTs
Furries are members of the Furry Fandom, an art-centric participatory online community (with real-world conventions and events) consisting of people who enjoy anthropomorphic characters.
(Art: LvJ)
For one reason or another, furries are also a predominantly LGBTQIA+ community. If you took a large random sample of people, you’d expect at least 90% to be heterosexual and cisgender. This shouldn’t surprise anyone. But if you took a random sample of furries, that figure is now only 20%.
For this reason, furry hate was often used as a dog-whistle for homophobia in forums where overt homophobia was not permitted.
https://twitter.com/spacetwinks/status/728349066178998274
If you’d like to learn more about the furry fandom, I highly recommend the appropriately named 2020 documentary The Fandom by Ash Coyote.
https://www.youtube.com/watch?v=iv0QaTW3kEY
Are Furries in K-12 Public Schools?
Overwhelmingly, no. The average age of the furry fandom varies from survey to survey, but 26 years old seems like a good estimate for the median age for survey participants (as of 2020).
Interestingly, the median age of furries was only 20 in the year 2011, which suggests that the furry fandom is consistently getting older.
That isn’t to say that there aren’t any furries under the age of 18. We just don’t have any data on them today.
Second, due to ethical restrictions, the IARP is unable to study minors (as parental consent would be required, something we cannot reasonably expect to obtain if a person has not “come out” to their family as a furry).
This is the only scientific data we have, and it’s not perfect, but you can actually extrapolate a reasonable heuristic for the magnitude of underage furs based on the change in adult median age over time.
Since the adults of the furry fandom are consistently getting older (median 20 in 2011, median 26 in 2020, which is a 6 year increase over 9 years), the proportion of people under 18 was likely at most 33% of the total furry population in a given year during this interval.
This upper limit assumes most underage furries continue to be furries in adulthood, a negligible mortality rate, and people are discovering the fandom younger than 18.
If a lot of furries discover the fandom after they turn 18, then 33% is probably unreasonably high.
If this proportion still holds true, then the median age for furries is still squarely in the realm of young adulthood, not childhood.
Do Furries Identify as Animals?
No, furries do not identify as animals in the way that these very dumb rumors would imply.
People that identify as a non-human animal are called therians (or more broadly, otherkin). Most furries are not therians, but some are.
Do Furries That Identify as Cats Use Litter Boxes?
No, this is a damned lie with no basis in reality. Even Snopes debunked it.
If you’re interested in the origins of this dumb rumor, Dogpatch Press has a deep dive into the history of it going all the way back to the 1990’s.
The Dark Truth About These Rumors
If it’s not true, why are Facebook Groups and GOP politicians spreading lies about furries and public school students all of the sudden?
Unfortunately, the answer is transphobia.
https://twitter.com/KandissTaylor/status/1506603753008472064
There is an emerging generational culture war about transgender people.
To many older Americans, the idea that a person could be anything other than male or female seems absurd, and the notion that anyone could change their gender is uncomfortable (but science is consistently on trans people’s sides here).
Most younger people don’t carry the same prejudices as their parents’ and grandparents’ generations.
This litter box rumor is both a dog whistle for generalized queerphobia (as the majority of furry hate always has been) and a weak satire of non-binary gender identities. “If they can decide they’re neither male or female, what’s stopping them from identifying as a cat?” is the premise of this bigoted reasoning.
Before gay marriage was legal in America, there were a lot of online arguments put forth by evangelical Christians and Republicans that, “If you make gay marriage legal, soon you’ll have people wanting to marry their pets and we’ll have to legalize bestiality.”
Which, yes, is a very dumb slippery slope fallacy, but the current furry panic certainly echoes their same delusional beliefs about alternative lifestyles.
In short, the entire premise of the “furry litter-box in public schools” rumor is to bully nonbinary and/or transgender students through a dog-whistle, so they can evade being cancelled for overt bigotry.
These people are showing their whole ass when they spread these lies.
https://twitter.com/SoatokDhole/status/1506931766837321731
Also, it’s interesting that the people spreading these lies are Republicans, who claim to want to “protect children”, but are also in favor of child marriage.
What Can We Do About These Lies?
Your mission, should you choose to accept it, is to identify anyone in your life who believes these rumors (especially if they’re sharing lies from Facebook Groups that peddle misinformation), and then link them to this blog post.
I don’t expect it to persuade everyone, but it can save you the effort of having to argue further with them. Just copy+paste the URL and move on with your day, knowing you did your part to tell them, “You’re wrong, shut the fuck up.”
Where Did This Hoax Originate?
Allegedly, this entire hoax about “furries being permitted to use litter boxes in public schools” was started as a prank by a user named Tracing Woodgrains, a contributor to the anti-trans podcast Blocked and Reported, hosted by Jesse Singal and Katie Herzog (alternative mirror).
So—what does it take to persuade Libs of TikTok to tilt at windmills, to spread a moral panic over a falsehood? How can hoaxers break past her fact-checking, with nary a red flag to be seen?A nonexistent man passed on a false tip on the basis of paper-thin evidence, then squirmed away at any attempts to nail down the concrete before finishing things off with a broken link to a Facebook group that did not exist.
So there you have it. This entire thing is not only unbelievable, but fabricated for the sake of trolls’ amusement.
https://soatok.blog/2022/04/06/the-dark-truth-about-the-furry-protocol/
#demographics #falsehoods #furries #furry #FurryFandom #lies #litterBoxRumor #misinformation #Politics #rumors #Society
My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs.No more Angry Whoppers for you, mister!
…Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I know.A lot of people online claim they “hate furries”, but almost none of them quite understand how prolific our community is, let alone how important we are to the Internet. As Stormi the Folf puts it…
I guarantee you the internet would collapse in a most horrific manner if all the furries in the world got Thano's snapped.They *run* the internet in more ways than most people realize
— 🦊Stormi the Folf🐺 🔜FWA (@StormiFolf) April 23, 2020
Stormi is the Potato of Knowledge and Floof
What Stormi’s alluding to is true, and that’s a tale best told by an outsider to our community.Telecommunications as a whole, which also encompasses The Internet, is in a constant state of failure and just in time fixes and functionally all modern communication would collapse if about 50 people, most of which are furries, decided to turn their pager off for a day. https://t.co/k1UqOv5kpd— Ẑ͚͔͍̻̤̟ä̶̼̗̟͔́̿̾̓n̬͙̫̿͑͊̈̚d̡̰̭̞͖̟̖̟ͬ̚ê̺͖̂ͩ̀̉ͣrͪ̓ (@mmsword) November 28, 2019
Their follow-up tweet that elaborates on furry involvement is here.
So I’d like take the time to explain why nobody should ever underestimate the ingenuity or positivity of the furry community.The Furry Fandom Has Saved Lives
https://www.youtube.com/embed/3h9sO17CV9A?feature=oembed
This is just one of many anecdotes. You can find many more here.
Although the furry fandom is widely misunderstood, it’s difficult to overstate how many lives have been saved and enriched by our community.I wanted to share this touching moment. @Reo_Grayfox was telling me his story, and said those lines while staring straight into his fursuit's eyes. Hearing personal stories like this makes you appreciate the vastly diverse reasons why the furry fandom is essential to so many. pic.twitter.com/fD09Wmv6mf— Joaquín Baldwin (@joabaldwin) January 22, 2018
Furries Provide Much-Needed Comfort to Others
In 2016, refugees from the civil war in Syria ended up in a hotel in Canada. This would have been an utterly remarkable fact if it wasn’t the same hotel and weekend as the local furry convention, Vancoufur.The kids loved it.
This isn’t an isolated incident either. Our community is well-known for kindness and generosity in spades.https://charcoalthings.tumblr.com/post/132996328881/i-will-defend-furries-to-my-grave
https://wakor.tumblr.com/post/126072529744/ok-you-know-what
What’s there to hate?
The Furry Fandom is Collectively Pretty Bad-Ass
Art by RueMaw.
No, not like that.The fandom is bad-ass in as many ways as the fandom is incredibly diverse.
Image source and backstory of this meme: Dogpatch Press
90s furries built the Internet pic.twitter.com/Gicxme2HkT— SwiftOnSecurity (@SwiftOnSecurity) April 30, 2019
SwiftOnSecurity knows the truth about more than just corn.So one of my friends said furries pretty much run the US nuclear response communication networks. Just in case you're worried about Trump.— SwiftOnSecurity (@SwiftOnSecurity) November 12, 2016
Seriously.Some of the Most Talented People You’ll Ever Meet Are Furries
eSports Champions:https://www.youtube.com/embed/TWhrECl6zOY?feature=oembed
Musicians:
https://open.spotify.com/embed/album/4NlXsjKmcWegIfQEI0JzHK?utm_source=oembed
Artists and costume makers: I could literally link to hundreds of artists here. Follow me on Twitter; I retweet a lot of cute stuff.
Pretty much everything you could aspire to be that isn’t also terrible, if you look hard enough, you’ll find furries in the leaderboards having a fun time with it all.
The only reason to hate furries is thinly-veiled homophobia, because only about 25% of furries are heterosexual.
Why So Curious?
If I’ve made you curious about our community, and now you want to learn more about us, I’ve got you.https://www.youtube.com/embed/K2XeOxWW2oY?feature=oembed
Psychology Today: What’s the Deal with Furries?
Furry Fandom Documentary When?
https://www.youtube.com/embed/cF9DQQsUcs0?feature=oembedAsh Coyote is releasing a documentary about our subculture soon, titled The Fandom. You can find out more about it on her YouTube channel.
https://soatok.blog/2020/04/23/never-underestimate-the-furry-fandom/
#furries #furry #FurryFandom #hateMail #positivity #Society
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you continue to read this blog post.
To be very, very clear, this is work I’m doing independent of the W3C or any other standards organization and/or funding source (and they have their own ideas about how to approach it).Really, I’m doing my own thing and releasing my designs under a public domain-equivalent license so anyone (including the W3C grant awardees) can pick it up and use it, if they see fit.
But the work I’m doing has no official standing and is not representative of anyone (except maybe a lot of other furries interested in technology). They have, emphatically, never endorsed anything I’m doing. I have not talked with any of them about my ideas, nor has my name come up in any of their meeting notes.
My background is in applied cryptography and software security assessments, so I have strong opinions about how such software should be developed.
I’m being very up-front about this because I don’t want anyone to mistake my ideas for anything “official”.
Why spend your time on that?
My end goal is pretty straightforward.
Before Musk took it over, Twitter was wonderful for queer people. I’ve even heard it described as the most successful dating platform for the LGBTQIA+ community.
These days, it’s full of Nazis and people who think the ideal version of “free speech” means not being allowed to say the word “cisgender.” But I repeat myself.
The typical threat model for Twitter was: You have to trust the person you’re talking with, and the Twitter corporation, to keep your conversations (or nudes, if we’re being frank about it) private.
With the Fediverse, things are a little more complicated. Instance operators also have access to the plaintext versions of any Direct Messages between you and other participants.
And maybe you trust your instance operator… but do you trust your friends’? And do they trust yours?
If implemented securely, end-to-end encryption saves you from having to care about this injection of additional threat actors to consider.
If not implemented securely, it’s little more than security theater and should be ridiculed loudly.
So it’s natural and obvious for a person with my particular interests and skills to want to solve this problem.
Technological Decisions
When I started this project, I separated the end goal into 4 separate components:
- Client-side secret key management.
- Federated public-key infrastructure.
- Shared key agreement for group messaging.
- The actual bulk encryption techniques.
A lot of hobbyist projects over-index on the fourth component, rather than the actual hard problems. This is why so many doomed projects start with PGP, or implement weird “cipher cascades” to hedge against AES getting broken.
In reality, every component matters for the security of the whole system, but the bulk encryption is boring. It’s the well-tread path of any cryptosystem. The significantly harder parts are key management.
Political Decisions
Let’s not mince words: How you implement key management is inherently a political decision.
If that sounds counter-intuitive, meditate on this bit of wisdom for a while:
Repeat after me: all technical problems of sufficient scope or impact are actually political problems first.
Many projects, when confronted with the complexity of key management, are perfectly happy with “just write private keys to disk” or “put blind trust in AWS KMS.”
Or, more directly: “YOLO.”
With my Fediverse E2EE project, I wanted to minimize the amount of trust you have to place in others. (Especially, minimize the trust needed in Soatok!)
How Decisions Flow
Client-side secrets are the most visible area of risk to end users. Backing up and managing their own credentials, recovering from failure modes, the Mud Puddle test, etc.
Once each participant has secret keys managed (1), they can provide public keys to each other.
Public-key infrastructure (2) is how you decide trust relationships between parties. We’re operating in a federated environment, and want to minimize the amount of unchecked “authority” anyone has, so that complicates matters. But, if it wasn’t challenging, it would already be solved.
Once you’ve figured out a trust mechanism to tie a public key to an identity, you can try to agree on a shared symmetric key securely, even over an untrusted channel.
Key agreement for group messaging (3) is how you decide which shared key to use, and when, and who has access to this key and for how long.
And from there, you can actually encrypt shit (4).
It doesn’t really matter how much you boil the ocean on mitigating hypothetical weaknesses in AES if an adversary can muck with your key management.
Thus, it should hopefully be reasonable to divide the work up in this fashion.
But there is a fifth component; one that I am not qualified to comment on:
User experience.
The final deliverable for my participation in this project will be software libraries (and any necessary patches to server software) to facilitate secure end-to-end encryption between Fediverse users.
As for what that experience looks like? How it’s presented visually? What accessibility features are used, and how? How elements are organized and in what order they are displayed? Any quality-of-life design decisions that delight users and avoid dark patterns?
Yeah, sorry, I’m totally out of my depth here. That’s not my domain.
I will do my damnedest to not make security decisions that are inherently onerous towards making usable software.
(After all, security at the cost of usability comes at the cost of security.)
But I can’t promise that the experience will be totally seamless for everyone, all the time.
Lacking Ambition?
One of the things that’s been bothering me, as I work on out the finer details about this end-to-end encryption project, is that it seems to lack ambition.
Sure, I can talk your ear off for hours about the ins and outs of implementing end-to-end encryption securely, but we already have end-to-end encryption apps. So many private messengers.
How does “you can now have encrypted DMs in Mastodon” help people who can already use Signal or WhatsApp? Why should the people who aren’t computer nerds care about it at all?
What’s actually new or exciting about this work?
And, honestly, the best answer I can come up with is that it’s the first step.
Tech Freedom and You
Before the Big Data and cloud computing crazes took the technology industry by storm (or any of the messes that followed), most software was designed to work offline. That is, without Internet access.
With the growing ubiquity of Internet access (and mobile networks), the Overton window shifted towards always-on devices, edge computing, and no longer owning anything. Instead, consumers rent licenses to software that a third party can revoke on a whim.
The Free Software movement, for all of the very pronounced personality quirks associated with it today, foresaw this problem long before the modern Internet existed. Technologists, lawyers, and activists spent thousands of person-years of effort on trying to protect end users’ rights from greedy monopolies.
(I couldn’t not include this meme in this section.)
This isn’t a modern problem, by any stretch of the imagination.
Every year, our rights and digital freedoms are eroded by court decisions by corrupt judges, terrible legislature, and questionable leadership.
But the Electronic Frontier Foundation and its friends in other nations have been talking about this and fighting court battles since the 1990s.
Even if I somehow made some small innovation that benefited end users with allowing Fediverse users to message each other privately, that’s not really ambitious either.
From Sparks to Embers
As I was noodling over this, a friend of mine linked me to an article titled Rust Needs a Web Framework for Lazy Developers the other day.
It made me realize how much I miss the era when software was offline-first, even if it had online components. The past several years of Live Service Games has exhausted my tolerance more than anything else, but they’re not alone.
When I initially delineated my proposal into 4 components, my goal was to simplify the security analysis and make the threat models digestible.
But it occurred to me, recently, that by abstracting these components (especially the Federated Public Key Infrastructure design), a new era of cypherpunks and pirates could breathe new ambition into software projects that build atop the boring infrastructure I’m building.
Let’s Turn the Ambition Up To 11
Imagine peer-to-peer software that uses the Fediverse and/or onion routing technologies (similar to Tor) to establish peer-to-peer encrypted data tunnels between devices, with the Federated PKI as the source of truth for identity public keys so you always know you’re talking to the correct entity.
Now combine that with developer tools that make it easy for people to self-publish software (even if only through Tor Hidden Services), with an optional way to create a public portal (e.g., for a public-facing website).
You could even create a protocol for people with rack space and spare bandwidth to host said public portals, without biasing for a particular one.
This would allow technologists to build the tools for normal people to create an anti-corporate, decentralized network.
And you could do it without ever mentioning the word “blockchain” (though you may need to tolerate it if you want to prevent anti-porn groups like Exodus Cry from having any say in what we compute).
Finally, imagine that we build all of this in memory-safe languages.
Are you building this today?
In short: No, I’m not.
Ambitious ideas and cryptography should only intersect rarely. I’m focused on the cryptography.
Instead, I wanted to lay this rough sketch out there as a possibility that someone else–presumably more ambitious, charismatic, and/or resourceful–could easily pick up if they so choose.
More importantly, all of the hard parts of this would be solved problems by the time I finish with the end-to-end encryption project. (Most of them already exist, in fact!)
That’s what I meant above by “it’s the first step”.
Along the way to achieving my own goals, I’m building at least one useful building block. What the rest of the technology industry decides to do with it is up to the rest of us.
I can’t, and will not try, to do it alone.
There is a lot of potential for tech freedom that could benefit users beyond what they can get from the Fediverse today. I wanted to examine how some of these ideas could be useful for–
Rejected! What else you got?
Oh.
…
Okay, so y’know how a lot of video games (Undertale/Deltarune, Doki Doki Literature Club) try to make a highly immersive experience with many diegetic elements?
Let’s build an operating system, based on some flavor of Linux, that is in and of itself a game. People can write their own DLC by developing packages for that OS. The end deliverable will be a virtual machine, and in order to get it to work on Steam, we would install Docker or Kubernetes, but users will also be able to install it via VirtualBox.
Inevitably, someone will decide this OS is their new daily driver. Imagine the impact this would have on corporate IT the whole world over.
This is the worst idea in the history of bad ideas!
Oh, I can do worse. I can do so much worse.
I don’t know if I can top the various attempts to build a Message Authentication Code out of the insecure RC4 stream cipher, of course.
If you want ambition, you sacrifice wisdom.
If you want freedom, you sacrifice convenience.
If you want security, you sacrifice usability.
…
Or do you?
They Can’t All Be Winners
I have a lot of bad ideas, all the time. That’s the only reason I ever occasionally have moderately good ones.
My process of eliminating bad ideas is ruthless, and may cull some interesting or fun ones along the way. This is an unfortunate side-effect of being an effective security engineer.
I don’t actually think the ideas I’ve written above are that bad. I wrote them this way for comedic effect.
Rather, I’m just not actually sure they’re actually good, or worthwhile to invest time into.
Whether someone could build atop the work I’m doing to reclaim our Internet from the grip of massive technology corporations is, at best, difficult to classify.
I do not have the time, energy, or motivation to do the work already on my own plate and then explore these ideas fully.
Maybe someone reading this does?
If not, that’s cool. Ideas are allowed to just exist as idle curiosities. Not everything has to matter all the time.
The “ship a whole god damn OS as an indie
game” idea could be fun though.
https://soatok.blog/2024/10/12/ambition-the-fediverse-and-technology-freedom/
#endToEndEncryption #fediverse #FreeSoftware #OnlinePrivacy #Society #SoftwareFreedom #TechFreedom #Technology
In 2022, I wrote about my plan to build end-to-end encryption for the Fediverse. The goals were simple:
- Provide secure encryption of message content and media attachments between Fediverse users, as a new type of Direct Message which is encrypted between participants.
- Do not pretend to be a Signal competitor.
The primary concern at the time was “honest but curious” Fediverse instance admins who might snoop on another user’s private conversations.
After I finally was happy with the client-side secret key management piece, I had moved on to figure out how to exchange public keys. And that’s where things got complicated, and work stalled for 2 years.
Art: AJ
I wrote a series of blog posts on this complication, what I’m doing about it, and some other cool stuff in the draft specification.
- Towards Federated Key Transparency introduced the Public Key Directory project
- Federated Key Transparency Project Update talked about some of the trade-offs I made in this design
- Not supporting ECDSA at all, since FIPS 186-5 supports Ed25519
- Adding an account recovery feature, which power users can opt out of, that allows instance admins to help a user recover from losing all their keys
- Building a Key Transparency system that can tolerate GDPR Right To Be Forgotten takedown requests without invalidating history
- Introducing Alacrity to Federated Cryptography discussed how I plan to ensure that independent third-party clients stay up-to-date or lose the ability to decrypt messages
Recently, NIST published the new Federal Information Protection Standards documents for three post-quantum cryptography algorithms:
- FIPS-203 (ML-KEM, formerly known as CRYSTALS-Kyber),
- FIPS-204 (ML-DSA, formerly known as CRYSTALS-Dilithium)
- FIPS-205 (SLH-DSA, formerly known as SPHINCS+)
The race is now on to implement and begin migrating the Internet to use post-quantum KEMs. (Post-quantum signatures are less urgent.) If you’re curious why, this CloudFlare blog post explains the situation quite well.
Since I’m proposing a new protocol and implementation at the dawn of the era of post-quantum cryptography, I’ve decided to migrate the asymmetric primitives used in my proposals towards post-quantum algorithms where it makes sense to do so.
Art: AJ
The rest of this blog post is going to talk about technical specifics and the decisions I intend to make in both projects, as well as some other topics I’ve been thinking about related to this work.
Which Algorithms, Where?
I’ll discuss these choices in detail, but for the impatient:
- Public Key Directory
- Still just Ed25519 for now
- End-to-End Encryption
- KEMs: X-Wing (Hybrid X25519 and ML-KEM-768)
- Signatures: Still just Ed25519 for now
Virtually all other uses of cryptography is symmetric-key or keyless (i.e., hash functions), so this isn’t a significant change to the design I have in mind.
Post-Quantum Algorithm Selection Criteria
While I am personally skeptical if we will see a practical cryptography-relevant quantum computer in the next 30 years, due to various engineering challenges and a glacial pace of progress on solving them, post-quantum cryptography is still a damn good idea even if a quantum computer doesn’t emerge.Post-Quantum Cryptography comes in two flavors:
- Key Encapsulation Mechanisms (KEMs), which I wrote about previously.
- Digital Signature Algorithms (DSAs).
Originally, my proposals were going to use Elliptic Curve Diffie-Hellman (ECDH) in order to establish a symmetric key over an untrusted channel. Unfortunately, ECDH falls apart in the wake of a crypto-relevant quantum computer. ECDH is the component that will be replaced by post-quantum KEMs.
Additionally, my proposals make heavy use of Edwards Curve Digital Signatures (EdDSA) over the edwards25519 elliptic curve group (thus, Ed25519). This could be replaced with a post-quantum DSA (e.g., ML-DSA) and function just the same, albeit with bandwidth and/or performance trade-offs.
But isn’t post-quantum cryptography somewhat new?
Lattice-based cryptography has been around almost as long as elliptic curve cryptography. One of the first designs, NTRU, was developed in 1996.Meanwhile, ECDSA was published in 1992 by Dr. Scott Vanstone (although it was not made a standard until 1999). Lattice cryptography is pretty well-understood by experts.
However, before the post-quantum cryptography project, there hasn’t been a lot of incentive for attackers to study lattices (unless they wanted to muck with homomorphic encryption).
So, naturally, there is some risk of a cryptanalysis renaissance after the first post-quantum cryptography algorithms are widely deployed to the Internet.
However, this risk is mostly a concern for KEMs, due to the output of a KEM being the key used to encrypt sensitive data. Thus, when selecting KEMs for post-quantum security, I will choose a Hybrid construction.
Hybrid what?
We’re not talking folfs, sonny!Hybrid isn’t just a thing that furries do with their fursonas. It’s also a term that comes up a lot in cryptography.
Unfortunately, it comes up a little too much.
I made this dumb meme with imgflip
When I say we use Hybrid constructions, what I really mean is we use a post-quantum KEM and a classical KEM (such as HPKE‘s DHKEM), then combine them securely using a KDF.Post-quantum KEMs
For the post-quantum KEM, we only really have one choice: ML-KEM. But this choice is actually three choices: ML-KEM-512, ML-KEM-768, or ML-KEM-1024.The security margin on ML-KEM-512 is a little tight, so most cryptographers I’ve talked with recommend ML-KEM-768 instead.
Meanwhile, the NSA wants the US government to use ML-KEM-1024 for everything.
How will you hybridize your post-quantum KEM?
Originally, I was looking to use DHKEM with X25519, as part of the HPKE specification. After switching to post-quantum cryptography, I would need to combine it with ML-KEM-768 in such a way that the whole shebang is secure if either component is secure.But then, why reinvent the wheel here? X-Wing already does that, and has some nice binding properties that a naive combination might not.
So let’s use X-Wing for our KEM.
Notably, OpenMLS is already doing this in their next release.
Art: CMYKat
Post-quantum signatures
So our KEM choice seems pretty straightforward. What about post-quantum signatures?Do we even need post-quantum signatures?
Well, the situation here is not nearly as straightforward as KEMs.
For starters, NIST chose to standardize two post-quantum digital signature algorithms (with a third coming later this year). They are as follows:
- ML-DSA (formerly CRYSTALS-Dilithium), that comes in three flavors:
- ML-DSA-44
- ML-DSA-65
- ML-DSA-87
- SLH-DSA (formerly SPHINCS+), that comes in 24 flavors
- FN-DSA (formerly FALCON), that comes in two flavors but may be excruciating to implement in constant-time (this one isn’t standardized yet)
Since we’re working at the application layer, we’re less worried about a few kilobytes of bandwidth than the networking or X.509 folks are. Relatively speaking, we care about security first, performance second, and message size last.
After all, people ship Electron, React Native, and NextJS apps that load megabytes of JavaScript code to print, “hello world,” and no one bats an eye. A few kilobytes in this context is easily digestible for us.
(As I said, this isn’t true for all layers of the stack. WebPKI in particular feels a lot of pain with large public keys and/or signatures.)
Eliminating post-quantum signature candidates
Performance considerations would eliminate SLH-DSA, which is the most conservative choice. Even with the fastest parameter set (SLH-DSA-128f), this family of algorithms is about 550x slower than Ed25519. (If we prioritize bandwidth, it becomes 8000x slower.)
Adopted from CloudFlare’s blog post on post-quantum cryptography.
Between the other two, FN-DSA is a tempting option. Although it’s difficult to implement in constant-time, it offers smaller public key and signature sizes.
However, FN-DSA is not standardized yet, and it’s only known to be safe on specific hardware architectures. (It might be safe on others, but that’s not proven yet.)
In order to allow Fediverse users be secure on a wider range of hardware, this uncertainty would limit our choice of post-quantum signature algorithms to some flavor of ML-DSA–whether stand-alone or in a hybrid construction.
Unlike KEMs, hybrid signature constructions may be problematic in subtle ways that I don’t want to deal with. So if we were to do anything, we would probably choose a pure post-quantum signature algorithm.
Against the Early Adoption of Post-Quantum Signatures
There isn’t an immediate benefit to adopting a post-quantum signature algorithm, as David Adrian explains.The migration to post-quantum cryptography will be a long and difficult road, which is all the more reason to make sure we learn from past efforts, and take advantage of the fact the risk is not imminent. Specifically, we should avoid:
- Standardizing without real-world experimentation
- Standardizing solutions that match how things work currently, but have significant negative externalities (increased bandwidth usage and latency), instead of designing new things to mitigate the externalities
- Deploying algorithms pre-standardization in ways that can’t be easily rolled back
- Adding algorithms that are pre-standardization or have severe shortcomings to compliance frameworks
We are not in the middle of a post-quantum emergency, and nothing points to a surprise “Q-Day” within the next decade. We have time to do this right, and we have time for an iterative feedback loop between implementors, cryptographers, standards bodies, and policymakers.
The situation may change. It may become clear that quantum computers are coming in the next few years. If that happens, the risk calculus changes and we can try to shove post-quantum cryptography into our existing protocols as quickly as possible. Thankfully, that’s not where we are.
David Adrian, Lack of post-quantum security is not plaintext.
Furthermore, there isn’t currently any commitment from the Sigsum developers to adopt a post-quantum signature scheme in the immediate future. They hard-code Ed25519 for the current iteration of the specification.The verdict on digital signature algorithms?
Given all of the above, I’m going to opt to simply not adopt post-quantum signatures until a later date.Version 1 of our design will continue to use Ed25519 despite it not being secure after quantum computers emerge (“Q-Day”).
When the security industry begins to see warning signs of Q-Day being realistically within a decade, we will prioritize migrating to use post-quantum signature algorithms in a new version of our design.
Should something drastic happen that would force us to decide on a post-quantum algorithm today, we would choose ML-DSA-44. However, that’s unlikely for at least several years.
Remember, Store Now, Decrypt Later doesn’t really break signatures the way it would break public-key encryption.
Art: Harubaki
Miscellaneous Technical Matters
Okay, that’s enough about post-quantum for now. I worry that if I keep talking about key encapsulation, some of my regular readers will start a shitty garage band called My KEMical Romance before the end of the year.Let’s talk about some other technical topics related to end-to-end encryption for the Fediverse!
Federated MLS
MLS was implicitly designed with the idea of having one central service for passing messages around. This makes sense if you’re building a product like Signal, WhatsApp, or Facebook Messenger.It’s not so great for federated environments where your Delivery Service may be, in fact, more than one service (i.e., the Fediverse). An expired Internet Draft for Federated MLS talks about these challenges.
If we wanted to build atop MLS for group key agreement (like has been suggested before), we’d need to tackle this in a way that doesn’t cede control of MLS epochs to any server that gets compromised.
How to Make MLS Tolerate Federation
First, the Authentication Service component can be replaced by client-side protocols, where public keys are sourced from the Public Key Directory (PKD) services.That is to say, from the PKD, you can fetch a valid list of Ed25519 public keys for each participant in the group.
When a group is created, the creator’s Ed25519 public key is known. Everyone they invite, their software necessarily has to know their Ed25519 public key in order to invite them.
In order for a group action to be performed, it must be signed by one of the public keys enrolled into the group list. Additionally, some actions may be limited by permissions attached at the time of the invite (or elevated by a more privileged user; which necessitates another group action).
By requiring a valid signature from an existing group member, we remove the capability of the Fediverse instance that’s hosting the discussion group to meddle with it in any way (unless, for some reason, the server is somehow also a participant that was invited).
But therein lies the other change we need to make: In many cases, groups will span multiple Fediverse servers, so groups shouldn’t be dependent on a single instance.
Spreading The Load Across Instances
Put simply, we need a consensus algorithm to determine which instance hosts messages. We could look to Raft as a starting point, but whatever we land on should be fair, fault-tolerant, and deterministic to all participants who can agree on the same symmetric keying material at some point in time.To that end, I propose using an additional HKDF output from the Group Key Agreement protocol to select a “leader” for all instances involved in the group, weighted by the number of participants on each instance.
Then, every N messages (where N >= 1), a new leader is elected by the same deterministic protocol. This will be performed entirely client-side, and clients will choose N. I will refer to this as a sub-epoch, since it doesn’t coincide with a new MLS epoch.
Since the agreed-upon group key always ratchets forward when a group action occurs (i.e., whenever there’s a new epoch), getting another KDF output to elect the next leader is straightforward.
This isn’t a fully fleshed out idea. Building consensus protocols that can handle real-world operational issues is heavily specialized work and there’s a high risk of falling to the illusion of safety until it’s too late. I will probably need help with this component.
That said, we aren’t building an anonymity network, so the cost of getting a detail wrong isn’t measurable in blood.
We aren’t really concerned with Sybil attacks. Winning the election just means you’re responsible for being a dumb pipe for ciphertext. Client software should trust the instance software as little as possible.
We also probably don’t need to worry about availability too much. Since we’re building atop ActivityPub, when a server goes down, the other instances can hold encrypted messages in the outbox for the host instance to pick up when it’s back online.
If that’s not satisfactory, we could also select both a primary and secondary leader for each epoch (and sub-epoch), to have built-in fail-over when more than one instance is involved in a group conversation.
If messages aren’t being delivered for an unacceptable period of time, client software can forcefully initiate a new leader election by expiring the current MLS epoch (i.e. by rotating their own public key and sending the relevant bundle to all other participants).
Art: Kyume
Those are just some thoughts. I plan to talk it over with people who have more expertise in the relevant systems.
And, as with the rest of this project, I will write a formal specification for this feature before I write a single line of production code.
Abuse Reporting
I could’ve swore I talked about this already, but I can’t find it in any of my previous ramblings, so here’s a good place as any.The intent for end-to-end encryption is privacy, not secrecy.
What does this mean exactly? From the opening of Eric Hughes’ A Cypherpunk’s Manifesto:
Privacy is necessary for an open society in the electronic age. Privacy is not secrecy.A private matter is something one doesn’t want the whole world to know, but a secret matter is something one doesn’t want anybody to know.
Privacy is the power to selectively reveal oneself to the world.
Eric Hughes (with whitespace and emphasis added)
Unrelated: This is one reason why I use “secret key” when discussing asymmetric cryptography, rather than “private key”. It also lends towardsskandpkas abbreviations, whereas “private” and “public” both start with the letter P, which is annoying.With this distinction in mind, abuse reporting is not inherently incompatible with end-to-end encryption or any other privacy technology.
In fact, it’s impossible to create useful social technology without the ability for people to mitigate abuse.
So, content warning: This is going to necessarily discuss some gross topics, albeit not in any significant detail. If you’d rather not read about them at all, feel free to skip this section.
Art: CMYKat
When thinking about the sorts of problems that call for an abuse reporting mechanism, you really need to consider the most extreme cases, such as someone joining group chats to spam unsuspecting users with unsolicited child sexual abuse material (CSAM), flashing imagery designed to trigger seizures, or graphic depictions of violence.
That’s gross and unfortunate, but the reality of the Internet.
However, end-to-end encryption also needs to prioritize privacy over appeasing lazy cops who would rather everyone’s devices include a mandatory little cop that watches all your conversations and snitches on you if you do anything that might be illegal, or against the interest of your government and/or corporate masters. You know the type of cop. They find privacy and encryption to be rather inconvenient. After all, why bother doing their jobs (i.e., actual detective work) when you can just criminalize end-to-end encryption and use dragnet surveillance instead?
Whatever we do, we will need to strike a balance that protects users’ privacy, without any backdoors or privileged access for lazy cops, with community safety.
Thus, the following mechanisms must be in place:
- Groups must have the concept of an “admin” role, who can delete messages on behalf of all users and remove users from the group. (Signal currently doesn’t have this.)
- Users must be able to delete messages on their own device and block users that send abusive content. (The Fediverse already has this sort of mechanism, so we don’t need to be inventive here.)
- Users should have the ability to report individual messages to the instance moderators.
I’m going to focus on item 3, because that’s where the technically and legally thorny issues arise.
Keep in mind, this is just a core-dump of thoughts about this topic, and I’m not committing to anything right now.
Technical Issues With Abuse Reporting
First, the end-to-end encryption must be immune to Invisible Salamanders attacks. If it’s not, go back to the drawing board.Every instance will need to have a moderator account, who can receive abuse reports from users. This can be a shared account for moderators or a list of moderators maintained by the server.
When an abuse report is sent to the moderation team, what needs to happen is that the encryption keys for those specific messages are re-wrapped and sent to the moderators.
So long as you’re using a forward-secure ratcheting protocol, this doesn’t imply access to the encryption keys for other messages, so the information disclosed is limited to the messages that a participant in the group consents to disclosing. This preserves privacy for the rest of the group chat.
When receiving a message, moderators should not only be able to see the reported message’s contents (in the order that they were sent), but also how many messages were omitted in the transcript, to prevent a type of attack I colloquially refer to as “trolling through omission”. This old meme illustrates the concept nicely:
Trolling through omission.
And this all seems pretty straightforward, right? Let users protect themselves and report abuse in such a way that doesn’t invalidate the privacy of unrelated messages or give unfettered access to the group chats. “Did Captain Obvious write this section?”But things aren’t so clean when you consider the legal ramifications.
Potential Legal Issues With Abuse Reporting
Suppose Alice, Bob, and Troy start an encrypted group conversation. Alice is the group admin and delete messages or boot people from the chat.One day, Troy decides to send illegal imagery (e.g., CSAM) to the group chat.
Bob immediately, disgusted, reports it to his instance moderator (Dave) as well as Troy’s instance moderator (Evelyn). Alice then deletes the messages for her and Bob and kicks Troy from the chat.
Here’s where the legal questions come in.
If Dave and Evelyn are able to confirm that Troy did send CSAM to Alice and Bob, did Bob’s act of reporting the material to them count as an act of distribution (i.e., to Dave and/or Evelyn, who would not be able to decrypt the media otherwise)?
If they aren’t able to confirm the reports, does Alice’s erasure count as destruction of evidence (i.e., because they cannot be forwarded to law enforcement)?
Are Bob and Alice legally culpable for possession? What about Dave and Evelyn, whose servers are hosting the (albeit encrypted) material?
It’s not abundantly clear how the law will intersect with technology here, nor what specific technical mechanisms would need to be in place to protect Alice, Bob, Dave, and Evelyn from a particularly malicious user like Troy.
Obviously, I am not a lawyer. I have an understanding with my lawyer friends that I will not try to interpret law or write my own contracts if they don’t roll their own crypto.
That said, I do have some vague ideas for mitigating the risk.
Ideas For Risk Mitigation
To contend with this issue, one thing we could do is separate the abuse reporting feature from the “fetch and decrypt the attached media” feature, so that while instance moderators will be capable of fetching the reported abuse material, it doesn’t happen automatically.When the “reason” attached to an abuse report signals CSAM in any capacity, the client software used by moderators could also wholesale block the download of said media.
Whether that would be sufficient mitigate the legal matters raised previously, I can’t say.
And there’s still a lot of other legal uncertainty to figure out here.
- Do instance moderators actually have a duty to forward CSAM reports to law enforcement?
- If so, how should abuse forwarding to be implemented?
- How do we train law enforcement personnel to receive and investigate these reports WITHOUT frivolously arresting the wrong people or seizing innocent Fediverse servers?
- How do we ensure instance admins are broadly trained to handle this?
- How do we deal with international law?
- How do we prevent scope creep?
- While there is public interest in minimizing the spread of CSAM, which is basically legally radioactive, I’m not interested in ever building a “snitch on women seeking reproductive health care in a state where abortion is illegal” capability.
- Does Section 230 matter for any of these questions?
We may not know the answers to these questions until the courts make specific decisions that establish relevant case law, or our governments pass legislation that clarifies everyone’s rights and responsibilities for such cases.
Until then, the best answer may simply to do nothing.
That is to say, let admins delete messages for the whole group, let users delete messages they don’t want on their own hardware, and let admins receive abuse reports from their users… but don’t do anything further.
Okay, we should definitely require an explicit separate action to download and decrypt the media attached to a reported message, rather than have it be automatic, but that’s it.
What’s Next?
For the immediate future, I plan on continuing to develop the Federated Public Key Directory component until I’m happy with its design. Then, I will begin developing the reference implementations for both client and server software.Once that’s in a good state, I will move onto finishing the E2EE specification. Then, I will begin building the client software and relevant server patches for Mastodon, and spinning up a testing instance for folks to play with.
Timeline-wise, I would expect most of this to happen in 2025.
I wish I could promise something sooner, but I’m not fond of moving fast and breaking things, and I do have a full time job unrelated to this project.
Hopefully, by the next time I pen an update for this project, we’ll be closer to launching. (And maybe I’ll have answers to some of the legal concerns surrounding abuse reporting, if we’re lucky.)
https://soatok.blog/2024/09/13/e2ee-for-the-fediverse-update-were-going-post-quantum/
#E2EE #endToEndEncryption #fediverse #FIPS #Mastodon #postQuantumCryptography
Every hype cycle in the technology industry continues a steady march towards a shitty future that nobody wants.
Note: I know this isn’t unique to the tech industry, but I can’t write about industries I don’t work in, so this is what’s being covered.
The Road to Hell
Once upon a time, everyone was all hot and bothered about Big Data: Having lots of information–far too much to process with commodity software–was supposed to magically transform business.
How do you build technology that can process that much information at scale? Well, obviously, you just need to invest in The Cloud! (If you’re using the Cloud to Butt Plus Chrome extension, this entire blog post may be confusing to you.)
But don’t scrutinize the Cloud too long, you might miss your chance to invest in blockchain.
Blockchainiacs practically invented an entire constructed language of buzzwords. Things like “DeFi”, “Web3”, and so on. To anyone not accustomed to their in-signaling, it’s potent enough cringe to repel even the weirdest of furries.
But the only thing to know about blockchain is its proponents they like it when the line goes up, and every “innovation” in that sector was in service of the line going up.
Blockchain, of course, refers to cryptocurrency. The security of these digital currencies is based on expensive consensus mechanisms (e.g., Proof of Work). The incentives baked into the design of these consensus mechanisms led users to buy lots of GPUs in order to compete to solve numeric puzzles (a.k.a. “mining”).
For a while, many technologists observed that whenever the line actually goes down or a popular cryptocurrency decides to adopt a less wasteful consensus mechanism, the secondhand market gets flooded with used GPUs.
That all changed with the release of ChatGPT and other Large Language Models.
https://www.youtube.com/watch?v=AaU6tI2pb3M
Now GPUs are a hot commodity even when the price of Bitcoin goes down because tech company leaders are either malicious or stupid, and are always trying to appease investors that have more money than sense. It’s not just tech companies either.
“Our vision of [quick-service restaurants] is that an AI-first mentality works every step of the way.”Joe Park, CEO of Yum Brands (Taco Bell, Pizza Hut, KFC)
Of all these hype cycles, I suspect that the “AI” hype has more staying power than the rest, if for no other reason than it provides a hedge against the downside of previous hype cycles.
- Not sure to do with the exabytes of Big Data you’re sitting on? Have LLMs parse it all then convincingly lie to you about what it means.
- Expensive cloud bill? Attract more investor dollars by selling them on trying to build an Artificial General Intelligence out of hallucinating chatbots.
- Got a bunch of GPUs lying around from a failed crypto-mining idea? Use it to flagrantly violate intellectual property law to steal from artists with legal impunity!
This “AI” trend is the Human Centipede of technology.
(Yes, there are some valid use cases for the technology that underpins this hype. I’m focusing on Generative AI exclusively for this blog post, since that’s what a lot of the hype is centered around.)
So you can imagine how I felt when I went to add an image to a blog post draft one day and saw this:
There is no way to opt out of, or disable, this feature.
WordPress is not alone in its overt participation in this consumption of binary excrement.
Tech Industry Idiocy is Ubiquitous
EA’s CEO called generative AI the “very core of our business”, which an astute listener will find reminiscent of the time they claimed NFTs and blockchain were the future of the games industry at an earnings call.
Nevermind the fact that they’re actually in the business of publishing video games!
Mozilla Firefox 128.0 released a feature (enabled by default of course) to help advertisers collect data on you.
Per 404 Media, Snapchat reserves the right to use AI-generated images of your face in ads (also on by default).
At this point, even Rip Van fucking Winkle can spot the pattern.
Investors (read: fools with more money than sense) are dead set on a generative AI future, blockchain bullshit in everything, etc. Furthermore, there are a lot of gullible idiots that drank the Kool-Aid and feel like they’re part of the build-up to the next World Wide Web, so there’s no shortage of willing new CS grads to throw at these problems to keep the money flowing.
So we’re clearly well past the point that ridiculing the people involved will have any significant deterrence. The enshittification has spread too far to quarantine, and there are too many True Believers in the mix. Throw in a little bit of Roko’s Basilisk (read: Pascal’s wager for arrogant so-called “rationalists” who think they’re too smart to be Christian) and you’ve got a full-blown cargo cult on your hands.
What can we do about it? Beats me.
Sanity Check
I’m going to set aside the (extremely cathartic) attempts at shame and ridicule as a solution. Fun as they are, they fail to penetrate filter bubbles and reach the people they need to.
What’s your Bullshit Tech Score?
One way we could push back against this steady march towards a future where everything is enshittified, and the devices you paid for (with your hard-earned money) don’t respect your consent at all, is to turn the first of the buzz words we examined (Big Data) against these companies.
I’m proposing we could gather data about companies’ actual practices and build score-cards and leaderboards based on the following metrics:
- Does the company strategy involve generative AI?
- Does the company strategy involve selling NFTs?
- Does the company strategy involve stitching other unnecessary blockchain bullshit where it doesn’t belong?
- Does the company make questionable claims about quantum computers?
- Does the company choose default settings that hurt the user in the interest of increasing revenue (i.e., assuming consent without explicitly receiving it)?
- Does the company own any software patents?
- This includes purely “defensive” patents, in industries where their competitors abuse intellectual property law to stifle competition.
While these circumstances are understandable, we should be objective in our measurements.
- This includes purely “defensive” patents, in industries where their competitors abuse intellectual property law to stifle competition.
- Is the company completely bankrupt on innovation tokens?
- Does the company suffer from premature optimization (e.g., choosing MongoDB because they fear a relational database isn’t web-scale, rather than because it’s the right tool for the job)?
- Have any of the company’s leaders been credibly accused of sexual misconduct or violence?
- Sorry not sorry, Blizzard!
- Does the company routinely have crunch time (i.e., more than one week per quarter where employees are expected to work more than 40 hours)?
- Does the company enforce draconian return-to-office policies?
- Has the company threatened a security researcher with lawsuits in the past 10 years?
- Does the company roll its own cryptography without having at least one cryptographer on the payroll?
- (Okay, this one is purely for my own sanity, and probably not broadly applicable.)
A passing score is “No” to each of the above questions.
This proposal is basically the opposite of SSO Tax. Rather than shaming the losers (which there will assuredly be many), the goal would be to highlight companies that are reasonably sane to work for.
I’m aware that there are already companies like Forrester that try to do this, but with a much wider scope than the avoidance of bullshit.Furthermore, they’re incentivized to not piss off wealthy businessmen, so that they can keep their research business alive, whereas I don’t particularly care if tech CEOs get mad at being called a hypocritical hype-huffer.
I mean, what are they gonna do? Downvote me on Hacker News? I don’t work for them anyway.
In Over Our Heads
There may be other solutions available that will improve things somewhat. I’m not immune to failures of imagination.
Some solutions are incredibly contentious, though, and I don’t really want the headache.
For example: I’m sure that, if this blog post ever gets posted on a message board, someone in the peanut gallery will bring up unions as a mechanism, and others will fiercely shoot that idea down.
It’s possible that we, as an industry, are completely in over our heads. There’s too much bullshit, and too many perverse incentives creating ever-increasing amounts of bullshit, that escape is simply impossible.
Perhaps we’ve already crossed the excrement horizon.
Maybe Kurzweil was right about a Singularity after all?
Closing Thoughts
The main thing I wanted to convey today was, “No, you’re not alone, things are getting stupider,” to anyone who wondered if there was a spark of sanity left in the tech sector.
It’s not just the smarmy tech CEOs that are the problem. The rot has spread all the way to the foundations of many organizations. Hacker News, Lobsters, etc. are full of clueless AI maximalists that cannot see the harms they are inflicting.
It is difficult to get a [person] to understand something, when [their] salary depends on [their] not understanding it.Original quote by Upton Sinclair.
Though I am at a loss for how to tackle this problem as a community, acknowledging it exists is still important to me.
On WordPress and Generative AI
Years ago, I wrote on Medium, but got tired of the constant pressure to monetize my blog, so I decided to pay for a WordPress.com account. I write for myself, after all, and don’t expect any compensation for it.
Many of you will notice the “adblocker not detected” popup. That sums up how I feel about the adtech industry.
It’s disheartening that WordPress is pushing Generative AI bullshit to paying customers with no way to opt out of the feature. (Nevermind that it should be off-by-default and opted into.)
For now, I just refuse to use the feature and hope a lower adoption rate causes a project manager somewhere in Automattic to sweat. They’re somewhat notorious for being led by stubborn assholes who don’t listen to critics (even on security matters).
I’ll also continue to credit the artists that made the furry art I include in my blog posts, because supporting artists is the exact opposite of supporting generative AI.
If you’re looking for a furry artist to commission, first read this, and then maybe consider the artists whose work I’ve featured over the years.
New Avenues of Bullshit
If I may be so bold as to make a predication: In the distant future, I expect to see more Quantum Computing related bullshit.
Though currently constrained to the realm of grifters, NIST’s recent standardization of post-quantum cryptography is likely to ignite a lot of questionable technology companies.
Whether any of this quantum bullshit catches on at the same scale as tech industry hype remains to be seen.
If any does, I promise to handle each instance with the same derision as the bullshit I discovered in DEFCON’s Quantum Village.
https://soatok.blog/2024/09/18/the-continued-trajectory-of-idiocy-in-the-tech-industry/
#Cryptocurrency #Society #Technology
Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how people treat biological sex–and then reading to see if you were right or not. Most of the time, you don’t even have to read past the headline to know where the author stands.Unfortunately, the topic of cryptocurrency is complicated in ways only nerds could envision. And I’m not even talking about the cryptography involved when I say that.
(Art by Khia.)
Cryptocurrency is one of those cans I keep kicking down the road, lest all of its worms escape. I’m neither an enthusiast who wants to pump dogecoin to the moon, nor a detractor who thinks that the idea of digital cash is inherently stupid.
https://twitter.com/FiloSottile/status/1380576100888281094
The “crypto means cryptography” trope exists because, after Bitcoin’s first price hike, a shitload of speculative investors flooded cryptography forums and drowned out the usual participants’ discussions. I’ve previously said that some gatekeeping is necessary for the maintenance group identity, and that the excess of this minimum amount is what creates toxicity. Unfortunately, this trope has far exceeded the LD50 for healthy discourse.
Some of my friends make their living working on cryptocurrency projects–as researchers, mathematicians, programmers, security engineers, and so on. A lot of the interesting cryptography breakthroughs we’ll see in the next 10-15 years will be, at least in part, the result of cryptographers working in the cryptocurrency space. It’s difficult to talk about zero-knowledge proofs without acknowledging some of the kick-ass research the Electric Coin Company has done in order to launch their privacy-preserving cryptocurrency, and that’s only one example.
Here’s cryptographer Jean-Phillipe Aumasson, whose employer is launching a regulated cryptocurrency marketplace:
https://twitter.com/veorq/status/1384045994413678598
If you’re not familiar with JP’s work, he wrote several cryptography books (including Serious Cryptography), contributed to several hash functions (SipHash, BLAKE2, and BLAKE3), and initiated the Password Hashing Competition that resulted in Argon2.
However, there’s also a lot of bullshit in the cryptocurrency space.
- Years of securities fraud enabled by “Initial Coin Offerings” (ICOs) on the Ethereum blockchain. Most famously: Bitcoiin (yes, with two I’s) whose spokesman was bad movie star, Steven Seagal.
- The plague of hacked Twitter accounts pretending to be Elon Musk, perpetuating a “give me some $ and I’ll give you more back” scam that’s sadly effective.
- The whole cryptoart / NFT debacle.
- Litanies of startups trying to “use blockchain to solve X problem” without ever asking if the problem warrants a blockchain in the first place.
- Every microgram of drama related to John McAfee.
And those are just the items I can list off, off the top of my head. The awfulness surrounding cryptocurrency is like a fractal: The deeper you look at it, the more shit you see.
Cryptocurrency Subculture: A Tale of Too Shitty
The world’s most successful cryptocurrency to date, Bitcoin, was created in 2008 by an anonymous cryptographer who liked to be known as Satoshi Nakamoto and distributed on metzdowd.com, a mailing list created by a group of cryptoanarchists that called themselves “cypherpunks”.At the risk of being overly reductive, cryptoanarchists are people who believe strongly in a right to privacy and therefore the right to use cryptography to protect communications from others–be it governments, corporations, or jealous ex-lovers. The cypherpunks were a group of cryptoanarchists that also wrote code. It’s a wordplay on “cyberpunk”.
It’s difficult to speculate about the intentions or politics of Satoshi Nakamoto, considering they said very little of substance about their private beliefs, and no longer answer emails from random strangers. However, given their presence on metzdowd, it’s reasonable to propose they were at least sympathetic to the cypherpunks’ cause.
Most outspoken cryptocurrency enthusiasts today are not like Satoshi Nakamoto. They don’t understand or frankly give a shit about complex, nuanced points about privacy and the government machinations underpinning public safety–let alone how that intersects with the racist history of the institutions charged with keeping the public safe. They’re largely anarcho-capitalists who want to make as much money as they can and, in turn, pay as little as possible in taxes.
How do you make money in cryptocurrency?
By obtaining some amount of a coin, then convincing other people to buy it to drive up the demand, and therefore the price, and then sell at a later date. Then you can sell your coins at a higher price than you paid (either directly, or through energy costs from “mining”) and pocket your profits.Don’t let the name fool you: anarcho-capitalists (a.k.a. ancaps) aren’t anarchists (and furthermore, cryptocurrency-manic ancaps aren’t cryptoanarchists). Here’s a helpful video to disambiguate the terms involved:
https://www.youtube.com/watch?v=OOTlxsn8tWc
If I said that large swaths of the cryptocurrency community was generally shitty, I would not be the first to make this observation. The earliest Bitcoin events were caricatures of the kind of toxic sexist excess that dominates chauvinistic power fantasies. (“When lambo?”)
It’s not just the bad politics or the stark contrast between cryptocurrency in practice and cryptocurrency as envisioned by the earliest architects on the metzdowd cryptography mailing list.
Last year I wrote about a dumb attack against the second hash function used by the cryptocurrency, IOTA. After I wrote this story, my Twitter mentions and DMs were flooded with astroturfing attempts by IOTA enthusiasts. Nearly a year later, most of those have been deleted–presumably because of an account suspension.
https://twitter.com/HapaRekk/status/1283485380004597760
Before IOTA, Monero enthusiasts used to engage in bad faith with anyone that dared criticize their favorite cryptocurrency project on Reddit or Hacker News.
To be clear: I don’t think that cryptocurrency projects or their developers are ever necessarily responsible for the behavior of their users. Sometimes you find toxic assholes like Sergey Ivancheglo (the IOTA developer that threatened security researchers) at the helm, and then immediately jettison it until they leave (to great fanfare of the non-toxic part of their community).
I don’t want to overstate my case here. A lot of blockchainiacs are just downright awful people. The absolute worst. But I’ve found over the years that, the less a person talks about cryptocurrency as a financial endeavor (e.g. speculative trading), the less likely they are to be shitty. It’s not a law of the universe, but it’s a useful measuring stick.
But with all that in mind, an obvious question emerges.
If there’s so much awful shit surrounding cryptocurrency, why would furries (a subculture that constantly receives endless helpings of flak from society at large) ever venture near cryptocurrency?
The Politics Inherent to Furry Identity
Art by Swizz.
A lot of Americans like to think of themselves as “Free Speech” proponents. Some of them get all sweaty over whether or not they should be allowed to broadcast, and profit from, bigoted or hateful content laden with slurs.
And yet, the most censored people in American society are, without a doubt, sex workers. And you rarely hear any so-called “Free Speech” proponents give an iota of shit about the plight of sex workers. They can’t even freely engage in commerce here.
Sex work is explicitly banned by most financial service providers, such as PayPal. It’s exceedingly difficult for sex workers to make ends meet without constantly having to worry about their accounts being frozen and funds inaccessible.
There are a lot of reasons why the plight of sex workers is so bad in America. At the top of the list is the intersection of conservative politics and evangelical Christianity, which overall condemns healthy and consensual expressions of human sexuality. (Ever noticed how the only people who think they have a “sex addiction” are religious or right-wing? Not a coincidence.)
Do you know who else is a target of evangelicals and conservatives?
Furries, as you might know, are widely considered an LGBTQIA+ subculture (although not all of us are LGBTQIA+; only about 80%). But we’re more than just an LGBTQIA+ subculture. We’re also a vibrant community filled with skilled artists. Some of this art is pornographic in nature. It turns out, when queer people aren’t forced into the closet, they tend to embrace shameless authenticity and celebrate their romantic and sexual attractions with pride.
https://twitter.com/Pinboard/status/992819169593716737
A few years ago, the Death Eaters in Congress passed two bills (FOSTA and SESTA) that were advertised as an attempt to crack down on “sex trafficking”.
In practice, these laws killed Pounced.org–the only furry “dating” site at the time that wasn’t a sketchy cash grab (FurryMate, FurFling, etc.). Pounced.org died because the cost to avoid being criminally prosecuted under these laws was so exorbitant that they couldn’t sustain the website anymore, and it probably wasn’t the only small dating site to be killed by poor legislation. Only the big players could really have front-loaded these costs.
Which leads to the meat of this issue…
Why Furries Might Be Interested in Cryptocurrency
Cryptocurrency can be very attractive to members of the furry fandom because of the bullshit baked into the societies and cultures we exist in.Cryptocurrency promises to be permissionless and decentralized; to bank the unbanked. If you make your living filling up someone else’s spank bank, the idea of creepy rich white men not being able to exercise targeted censorship against you or your family is, frankly, irresistible.
“Can’t use PayPal for your trade? Just setup a cryptocurrency wallet and give a different address to each of your clients, and instructions on how to access some vaguely reputable cryptocurrency exchange.”
Granted, most furries aren’t sex workers or porn artists, but some of our friends are, and we want to see them protected. But there’s another threat that cryptocurrency promises to alleviate: Chargeback fraud.
The prevalence of chargeback fraud is why I always tip artists. It helps to offset some of the harm caused by shitty behavior.
(Art by Khia)This is the usual story (although exceptions do exist) I heard from my artist friends:
Someone under 18 decides they want to commission an artist they cannot personally afford, so they steal their parent’s credit card and use it to pay for a commission. Later–often after the work has been completed and delivered to the client–their parent notices the unauthorized charge on their credit card, and issues a chargeback.
Not only does this steal from the artist, but it incurs a $35 fee and increases the risk of their account being permanently suspended by their payment provider–thereby preventing them from accessing the funds paid to them by legitimate customers.
“Thanks for the free art! Now you’re at least $35 poorer and maybe lost your only lifeline out of perpetual poverty.”— Assholes
And thus, the Siren Song repeats once again!Cryptocurrency doesn’t prevent chargeback fraud, but it does shift the risk from independent artists that have no capital or political power and onto billion dollar financial institutions like Coinbase.
Once the cryptocurrency has been transferred from the Coinbase wallet to the furry artist, it cannot be unspent. Bad faith behavior might still happen, but the artist doesn’t risk their livelihood because of it.
And that’s why, when furry auction site The Dealer’s Den announced a plan to rebuild with “Blockchain Technology”, I didn’t even bat an eye. It seems like an obvious solution to a pervasive unsolved problem to me.
Sure, it’d be great if we could solve this problem with sensible civil policy. But when is that going to finally happen? After all, we’re talking about the same governments that bungled COVID-19 last year, and the AIDS crisis last century, and so on…
https://www.youtube.com/watch?v=aJtvKSUPICA
However, and this bears emphasizing, the CryptoArt / NFT trend is not a valid reason to get involved in cryptocurency! As I said on Twitter:
https://twitter.com/SoatokDhole/status/1370045499122843654
https://twitter.com/SoatokDhole/status/1370046285798064128
https://twitter.com/SoatokDhole/status/1370047071949033472
https://twitter.com/SoatokDhole/status/1370047509314297862
So, super long preamble aside, what I thought I’d do today is talk a bit about cryptocurrency and how to engage with the topic responsibly, especially if you’re trying to mitigate the damage of the systems we inherited.
Cryptocurrency For Furries
I’m going to be very light on technical jargon, in the interests of accessibility, but at the risk of being imprecise.No two cryptocurrencies are created equal. If you’re hoping to use one to mitigate systemic harms to our community, I implore you to learn the technical details in depth.
Decentralized Consensus
Cryptocurrencies can be classified by something called their consensus mechanism, which is how they can maintain a consistent ledger without being centralized. It doesn’t really matter, for the purpose of this article, how any of them work. I’m happy to dive into that in a future blog post, should anyone want it.What you need to know is that Proof-of-Work (PoW) consensus algorithms are designed to maximize energy waste across the entire cryptocurrency network. That’s how it maintains its security against different kinds of esoteric-sounding attacks.
When you “mine” a Proof-of-Work cryptocurrency, what you’re doing is solving a computationally hard puzzle (e.g. find a number that, when combined with the previous block’s hash and your address and hashed, produces a specific number of leading 0 bits determined by an algorithm to ensure this happens at a set average frequency of time), which results in the entire network agreeing that your address gets the “block reward” (a fixed amount of whatever currency) plus transaction fees.
Cryptocurrency discussions frequently invite conversations about the environmental impact of mining. Proof-of-Work is the cause for this excess energy use which certainly contributes to global climate change.
So, if you’re going to get involved with cryptocurrency without contributing to global climate disaster, you’re going to want to avoid Proof-of-Work cryptocurrencies. There are several other options to choose from.
Proof-of-Stake is popular among my cryptocurrency nerd friends, although it receives a fair bit of criticism from experts (especially the “nothing at stake” problem). Ask your cryptographer. It’s probably not me.
On-Chain Privacy
The vaunted “blockchain” is a public, transparent record of all transactions.When you use a cryptocurrency like Bitcoin, it’s sort of like tweeting your financial activities for the world to see.
“But nobody knows who owns this address,” Bitcoin maximalists might argue. To which I point out: Nobody is supposed to know your sockpuppet Twitter accounts either, but when you use them to harass someone right after they block your main account, we know it’s you.
The people whom this applies to know who they are, and should stop.
(Art by Khia)Some cryptocurrencies, like Zcash, try to provide something like TLS for your transactions. When you use shielded Zcash addresses, the transaction amounts and recipients are encrypted, and this ciphertext is accompanied by a zero-knowledge proof to ensure the total amount in the shielded and unshielded pools remains consistent.
I highly implore you to choose a cryptocurrency that has on-chain privacy, especially if your target audience includes queer people and/or sex workers.
Mainstream Appeal
Finding a privacy-preserving cryptocurrency that doesn’t equate to Global Warming Bucks is a tall order, but if you want people to actually use a cryptocurrency, it needs to be accessible.By accessible, I mean available on all the mainstream cryptocurrency exchange platforms (Coinbase, Binance, Bitfinex, etc.).
This might sound like pointless gatekeeping, but remember: They have the money and lawyers to negotiate with the economic powerhouses of the world, while sex workers and furry artists do not.
Cryptographic Security
Any regular reader of Dhole Moments probably saw this section coming a mile away, but an important consideration for a cryptocurrency to build upon is whether or not it’s actually secure.This is where things get tricky. Weird or poor choices in cryptographic algorithm don’t seem to matter much.
Bitcoin uses ECDSA over Koblitz curves. IOTA shipped two broken hash functions, threatened researchers, and then tried to claim the first broken hash function was backdoored for “copy protection”. The CryptoNote currencies (n.b. Monero) tried to build on EdDSA but introduced a double spend attack.
I’m certainly not qualified to audit an entire cryptocurrency and say “yes/no” on its security. But any cryptocurrency you consider should at least pass a smoke test from your cryptographer.
Which Cryptocurrency Should I Choose?
If you’re looking for a cryptocurrency that’s secure, accessible, privacy-preserving, and doesn’t waste a fuck ton of energy all the time, the short answer is that there is none. You’re going to have to make a trade-off.
Shocking, I know.
(Art by Khia)I’m sure there are cryptocurrency projects that use privacy-preserving technologies without a Proof-of-Work algorithm, and their design and implementation might even be secure! But, to date, I’m not aware of any such projects that also have mainstream accessibility on large exchange platforms.
You’ll notice that I didn’t mention price volatility in my list above. There’s two reasons for that:
- I’m not a financial expert. For all I know, price volatility might be something you want out of your cryptocurrency, especially if you’re LARPing a day trader.
- It’s hard enough to make this choice without adding more complications to the formula.
If Zcash ever adopted a consensus algorithm that wasn’t Proof-of-Work, it’d be a shoe-in for me to recommend. It checks all the other boxes neatly and is one of the most interesting cryptography projects on the Internet, after all.
In the meantime, maybe some other project will fill this niche and become widely accessible for everyone. There’s a lot of exciting and/or scary things happening with cryptocurrency research.
If you’re stuck with a hard decision, honestly, just do the best you can and be very transparent about the trade-offs you’re making and why you’re making them. Then ask a friend or expert to check your reasoning before you commit to it. “Do nothing” also needs to be publicly considered, no matter how absurd it might seem.
Disclaimers and Other Remarks
I do not work with cryptocurrency in my dayjob. I’d like to say that, consequently, I don’t have a conflict of interest, but all humans have subconscious biases, and a lot of my favorite people in cryptography do work in or with cryptocurrency. I want my friends to be able to continue to do awesome work without feeling ashamed.https://twitter.com/cryptolexicon/status/1331712883403722752
Thus, I don’t care if you invest in Bitcoin or Dogecoin or whatever. Shoot for the moon while you awoo at the moon. Just be careful; for every winner, there’s at least one loser.
Fact: Dholes are also known as “Whistling Dogs”
(Art by Khia)I’m a fan of transparency logs–which are often compared to blockchains, but without the currency aspect. If you’re not familiar, read up on Trillian and Chronicle. Notably, Trillian is the backbone of Certificate Transparency, which helps keep the CA infrastructure honest and consequently makes HTTPS safer for everyone.
https://soatok.blog/2021/04/19/a-furrys-guide-to-cryptocurrency/
#Cryptocurrency #furries #furry #furryArtists #FurryFandom #Politics #Society
I need everyone to understand something: This doesn’t matter.
Dhole Moments is not the official outlet of anything that will affect you or your daily life. It carries no financial weight or political power. It doesn’t represent any company, organization, or government agency.
To be a little more blunt: It’s overwhelmingly likely that nothing I write here will ever directly be on the final exam for any course you study. Your academic, career, romantic, and life success will not depend on my musings in any significant way.
Even if one of my blog posts should become popular, it will be (at best) a blip on most people’s radar for a fleeting moment, and then promptly forgotten about, because at the end of the day it doesn’t matter.
The same can be said about its author, of course!
Let me emphasize: That’s not a depressing statement, it’s simply reality.
I don’t matter.
The world was here for billions of years before me, and it will continue for a heck of a long time after I die.
There are billions of people on Earth and an utterly unknowable number of life-supporting planets in our universe. (With any luck, it’s a large number!)
Even among the people alive here and now, I consistently fail to muster any significance or impact on the world. If I had never been born, the world be largely indistinguishable from how it appears today.
Profound Disagreement
Sometimes I encounter people that behave as though I do matter (usually not for good reasons).
In some instances, they believe I hold any significant status to the technology or furry communities, and hope to influence matters by changing my mind on something.
Nevermind the furries with hundreds of thousands of followers on Twitter and YouTube that go to several big conventions every year, let’s bother some guy with a WordPress blog that talks about cryptography!How misguided fools make decisions
Some malicious people even seem to think successfully attacking me will somehow hurt furries as a whole. Not so!
If I were so influential or important, I’d have put an end to the endless cycle of furry discourse years ago.
(While I’m at it, I’d also make proper hygiene and deodorant use mandatory for furry conventions, and put a stop to the jerks that use Bluetooth speakers to annoy everyone else. None of those things have happened, so at least you can know I’m utterly powerless here.)
“Well, nothing matters then, right?”
No, that’s not what I’m getting at.
Like, sure, from a purely objective perspective, you could argue that nothing truly matters. But this sort of nihilism creates a vacuum from which you are free to decide what matters to you, since “mattering” isn’t pre-determined before you make that choice.
You may decide that humanity matters to you. You may decide that equality matters to you. You can also decide that sex, money, and popularity are important to you. But it’s your choice to make, and it’s your life to live.
But to be clear, when I say ,”I don’t matter,” I’m not being depressed or a nihilist.
It’s nothing so extreme.
I just don’t have the unwarranted self-importance that people sometimes project onto each other online.
Parasocial relationships are endemic to Furry.
When I wrote, Furries Are Losing the Battle Against Scale, I was tempted to analyze how the growing pains of the furry fandom (as exhibited by the explosive exponential growth of furry convention attendance) would exacerbate the risk of parasocial relationships.
But let’s be real: The problem has already manifested years ago, and too many furries seem unwilling to confront it before it hurts people.
Here’s two YouTubers talking about extreme examples:
https://www.youtube.com/watch?v=jf7Viqpg1Jo
https://www.youtube.com/watch?v=99iG3XLKeUw
Humans are a social species. It’s natural to want to want to bond with people that like the same things you do. It’s inevitable that people will generally be drawn towards “popular” accounts, due to the sheer orientation of the social graphs that we exist on.
But some people utterly fail to keep things in context.
As I mentioned previously, I occasionally receive communications from someone I don’t know that expect me to wield some imagined, profound influence over others.
This comes in many forms, from “since you helped stop a bigoted mayor from killing a library over LGBTQ+ books, I need you to push my crowdfund for something wholly unrelated” to “you should write about [topic] because it’s important to [specific community]” to, most recently, over 100 queries about the security of esoteric messaging apps that virtually nobody uses (I wish I was exaggerating).
Individually, these range from harmless to mildly annoying. In aggregate, they’re exhausting because they’re predicated on a false premise that I have some sort of power or influence anywhere, which implies on some level that I must matter at all.
This is demonstrably false.
My blog regularly discusses cryptography topics, so if that sentiment had any truth to it, you’d expect me to come up in any cryptography papers, ever.
Yet, if you try to search for “Soatok” on the IACR website, you will not find any results.
It’s not just that I don’t have any papers written, it’s that nobody has cited anything I’ve written in an IACR paper, either.
Though my blog provides mild entertainment to some cryptographers, it doesn’t actually matter to the cryptography community one bit.
“But what about papers published under your legal name?”
There are none, but it’s difficult for anyone to verify without me disclosing my legal name–which is a bit of information that certainly doesn’t matter.
Nobody with half a brain would give a shit if they knew it anyway.
Over the years, I’ve had several people try to dox me, because they project some imagined importance onto me that simply doesn’t exist.
Though I may be biased here, I can’t help but feel like their time and energy would be better spent trying to unmask the people who are actively causing harm to others, rather than an unimportant tech blogger.
After all, their reward for success would be a resounding “meh” from anyone that has even heard of Soatok before.
I’m nothing special.
Most of the people reading this right now could, with a few years of focused study, get to the point that you can run circles around me in my own field.
And that’s to say nothing about the fields you might find your talents more naturally align with than mine.
Nothing I do requires being a genius or uniquely talented in any way.
I am not someone that anyone should look up to. It’s a level playing field. The only difference between us is that I’ve put in the time to be near the peak of my career, and many of you are just starting out.
With enough time and focus, you can cross that distance too. And if you do, rather than look up to me at all, you can gaze laterally to see just another peer in the industry.
This is true of everything I do, not just tech stuff! There are a lot of furry bloggers worth tuning into. I highly recommend perusing that list, and seeing some of the writing from other furry bloggers. Many of them are friends of mine.
And that’s not to mention all the things I’m bad at. You can throw a stone at any random sampling of furries and hit at least one artist that completely obliterates me in any contest of talent or skill.
If you think about that for long enough, it becomes comical. The Furry Fandom wouldn’t exist without artists, yet there are people that think my untalented ass matters?
Art: CMYKat
Look inwards.
Over the years, I’ve expressed this sentiment of not mattering to a few people, and eventually they concluded that not mattering doesn’t actually matter because they still think I have some admirable qualities that they enjoy.
And that’s valid, but consider this: Any admirable trait you think I have is something you could easily cultivate in yourself.
Furthermore, anything admirable that anyone thinks they’re seeing in me is really just them identifying what they value–whether in themselves or in others.
At that point, why not cut out the middleman and just work to develop those traits in yourself?
You certainly don’t need me for that.
Why write about all this?
There were a few unrelated incidents recently that prompted me to think about these topics.
As mentioned above, I’ve received a lot of queries from complete strangers that made varying levels of demands to me. Some of these unsolicited pokes, I would later discover, were from the Matrix developer community. They also weren’t very respectful of boundaries.
Presumably because I wouldn’t tolerate being harassed by strangers like this, someone suggested that I was a narcissist.
Art: CMYKat
On an issue totally unrelated to messaging apps, I was also recently accused of being a “clout-chaser” by someone whose last interaction with me was over half a decade ago and involved demanding I deal with a user saying dumb and hurtful things in Furry Technologists group.
This last contact came during a time that everyone on my team was working 17-hour days to resolve a security issue at work ahead of a 90 day disclosure deadline. This security incident led to a coworker I deeply respect to burn out of the tech industry, and is just now starting to recover from it (from the best I can tell, anyway).
When I told this person I was busy (a bit of an understatement) and suggested they should talk to a different admin, they left the group, concluded that I endorsed those dumb and hurtful things, and insisted that I’m “comfortable with racists and transphobes” to anyone that would listen to them.
So, obviously, it’s tempting for me to discard their words as the ignorant ramblings of a hater, but I’d be remiss if I didn’t at least consider the possibility that I come across as egotistical.
There’s a bit of a pattern here, but it’s not all in the same vein.
Some of my friends fall vaguely into the “content creator” bucket, and they’ve been talking about parasocial relationships a lot lately. One of them expressed a wish that more people talk about it.
But, y’know, it’s hard for a somewhat-famous person to talk about parasocial relationships, since, if you boil the entire idea of “fame” down, parasocial relationships are its fundamental component.
How do you even respond to that?
Full disclosure: I’m not really sure what the venerable “normal” person would do when confronted with the notion that they’re arrogant.
I’ve seen a lot of people pull the ostrich defense, usually under the guise of “touching grass and disengaging” (and never again confronting the issue).
I’ve seen others beat their chest to “disprove” the accusations (which never goes how they want it to), presumably out of some sort of desire to protect their reputation.
My reaction was to laugh, because of how strange the idea is to me. I’ve long since come to the understanding that I don’t matter.
Consequently, I took some time to reflect about what it would look like if I were totally egocentric, and then contrast that with my own recent behavior to see if there was any overlap.
One thing I discovered is that I’ve held my own insignificance too close to the chest, out of fear of miscommunicating and leading people into assuming I’m depressed. So, this post strives to correct that error.
And it isn’t just that I don’t matter, it’s that I shouldn’t matter to most people.
Limits
I’ve mentioned Dunbar’s number before, back when I wrote on Medium. The linked article also discusses the word “popufur” a lot.
I have many close friends, and virtually none of them read this blog; not because they aren’t supportive of me, my hobbies, etc. but because they get the same information and experience in person, so it’d be sort of redundant. (Also, most of them aren’t furries! They respect my hobby as something that’s not their cup of tea, and that hasn’t been a problem.)
As a flawed, mortal being, I cannot maintain hundreds of close friendships. Sorry, it’s far beyond my capabilities.
Look at the people in your own life that matter to you. Your families (chosen or hereditary), friends, romantic partners, neighbors, people you work with, etc.
I don’t belong in that picture.
Neither do most “popufurs”, “influencers”, or other synonyms for “minor celebrity”. And a lot of those people actually have credentials or accomplishments that society values.
TL;DR
This blog doesn’t matter. Its author doesn’t matter. Pretending otherwise is a regrettable error. It’s also okay to not matter.
The header image combines furry stickers made by CMYKat and AJ.
https://soatok.blog/2024/09/09/doesnt-matter/
Many of the most annoying and pervasive problems with the furry fandom–from the cyclical nature of Twitter discourse to the increasingly frustrating issue of furry convention main hotel registrations selling out immediately after opening–are entirely predictable if you know even a little bit of mathematics.And it’s going to get worse. If you don’t believe me, read on.
“But Soatok, my whole thing is being a dumb animal online. Why would I know any mathematics?”
This video from Colorado professor Albert Bartlett is a must-watch:
https://www.youtube.com/watch?v=kZA9Hnp3aV4
Gimme the Numbers
WikiFur has historical data on furry convention attendance. Let’s start with the list of furry conventions with the highest attendance in their most recent year.
Convention Year Location Attendance Midwest FurFest 2023 Rosemont, Illinois 15,547 Furry Weekend Atlanta 2024 Atlanta, Georgia 15,021 Anthrocon 2023 Pittsburgh, Pennsylvania 13,644 Furry Fiesta 2024 Dallas, Texas 8,001 Further Confusion 2024 San Jose, California 5,826 Megaplex 2023 Orlando, Florida 5,189 Anthro New England 2024 Boston, Massachusetts 4,482 A sample of the top attended furry conventions.
Note: We can make a similar analysis for most furry conventions that have historical data available.For ease, I’m going to focus on the more popular events.
Additionally, I’m going to take the average of percentages just to smooth out the variability Year-over-Year and make simpler statements.
Using averages like this is normally a risky move, especially if a statistician might one day read your work and get cross with you. I’ve provided more granular data in a Google Sheet.
- Anthrocon saw an average of 14.2% growth year-over-year since 2000. If you only focus on the past decade (which includes a dip during the pandemic), their growth rate was 12.6%.
- Midwest FurFest grew by an average of 17.9% since 2000 and 17.8% since 2014 (omitting the cancelled year).
- Furry Weekend Atlanta grew by an average of 26.3%, or 25.9% if you only look at 2015-2024.
- Texas Furry Fiesta saw an overall growth rate of 31.8% since its first year (2009), and a growth rate of 17.4% over the past decade.
- Megaplex was grew 24.6% each convention, with a 25.2% growth since 2014.
Okay, if you haven’t watched the video and aren’t good a math, that maybe sounds like sustainable, healthy growth for a community, right?
Well, let’s use the past 10 year average growth rate to make some predictions.
- AnthroCon attendance grows by 12.6%, which corresponds to an attendance doubling in 5.5 years.
- Midwest FurFest? Doubles in 3.9 years.
- Furry Weekend Atlanta? 2.7 years!
- Texas Furry Fiesta? 4 years.
- Megaplex? 2.7 years!
If the growth rate keeps up, for example, we can expect Furry Weekend Atlanta to have approximately 60,000 attendees by 2035 (11 conventions in the future).
If you think the FWA elevator wait times were long this year, just let the current growth rate keep up. Especially if their staff are short-sighted enough to sign a multi-year contract with the current convention hotel.
What About Furries That Don’t Go to Conventions?
We see exponential growth in the furry fandom outside of convention attendance, too.https://twitter.com/Dragoneer/status/1766121415156146610
I’m sure there are many other data sources we can consider, but the conclusion is likely to be the same elsewhere.
What Do The Numbers Mean?
Simply put: The furry community is growing at a break-neck exponential speed.
Art: AJ_LovesDinos
We are seeing year-over-year growth rates exceeding 10% (a benchmark which represents a doubling time of 7 years, as that video up above was fond of pointing out).
Given that the world population is growing at 0.8%, it may be tempting to assume that, in a few short decades, the entire world will be furry. That is not the case.
Exponential growth cannot continue forever. You will always run headfirst into some sort of carrying capacity or limiting factor that impedes growth. Every exponential curve eventually becomes an S-curve.
Where Are We Headed?
Based on the numbers presented above, let’s think about what risks the furry community could be aimlessly blundering into right now.I must stress that this is not a realistic threat model of the future, but an examination at what could go wrong.
Awareness of the risks could be sufficient to actually mitigate them before they manifest.
Or perhaps these words will fall upon deaf ears, and things could go more-or-less exactly as I will describe in this section.
Or maybe I’m entirely too optimistic and things will get much, much worse than I can imagine.
This is all to say: The future isn’t written yet, so who the fuck knows?
But we can make a somewhat educated guess on the trajectory we’re on. So let’s do that.
Know Your Limits
What limiting factors could the furry fandom’s explosive growth encounter in the near future?That’s a broad question to ponder, but one possibility that comes to mind is that while there is an exponential growth in furry participation (i.e., convention attendance), there is not an accompanying exponential growth in the quantity of conventions themselves.
(Nor of convention staff, for that matter!)
The demand for convention attendance is a bull market, but the supply is more-or-less static.
THIS IS NOT SUSTAINABLE.
If things continue at the same pace they’re currently marching, conventions will become increasingly overcrowded. But the problems will not stop with just that.
Rooms at the main convention hotel will become accessible only for the wealthier and/or more technically savvy, rather than for all furries.
Convention registration costs will rise, to little benefit for attendees. Some of that money will be spent on big, non-fandom performances from celebrity headliners, which will drive some non-furries to attend as well, further exacerbating the crowds.
All kinds of systemic, structural issues in society at large will become more pronounced within our community.
Registration, elevators, the dealers den and artist alley, and even the fucking stairwells will have unreasonable lines of people waiting to use them.
When confronted with this stress, people will take out their anger–which is caused by a complex mess of factors stemming from this relatively simple mathematical observation–on comparatively simpler targets. Slightly more literal than usual scape goats, if you will.
A lot of ageist, classist, ableist discourse will emerge from the fault lines of our ever-expanding community.
There will be calls for more gatekeeping, rooted in nostalgia for simpler times when there were fewer of us to try to accommodate.
Convention staff will eventually buckle under an exponentially rising amount of pressure. People will burn out. It won’t be pretty.
Meanwhile, Drama YouTubers (or whatever platform or vestige they adopt in the future) will be collectively increasing Orville Redenbacher’s quarterly sales with the content they can farm from this discontent.
“That sounds bad; surely other furries are aware of this explosive growth?”
Of course, but they mostly think it’s a good thing. For example:https://www.youtube.com/watch?v=JumV2UQf43A
What Can We Do About It?
I don’t know.I agonized for a long time about how to write this section, and I don’t have any good answers.
I mean, sure, I have some ideas that might help in some way. A couple of them are:
- Embrace Virtual Reality. It’s much easier to scale up VR servers on the fly than it is to just accommodate thousands more furries. No reg line to deal with, either.
- Focus On Smaller, Local Events. While it’s kind of cool that tens of thousands of furries will descend on the same city for a weekend to attend the same convention, it would also be cool if there were more local events. Not just weekly or monthly meet-ups, either. I’m thinking of picnics, barbecues, etc. “Think global, act local,” as it were.
However, neither idea does anything to alleviate the fear of missing out that can accompany large conventions.
Additionally, artists may depend on large conventions as a way to network and grow their audience, which is necessary to make their commission income sustainable. These ideas wouldn’t really help them at all.
Solving this problem is outside my wheelhouse. I’m not a social scientist, by any means, and this feels like the sort of problem they would be more successful at tackling than a computer security and math nerd.
Who knows? Maybe to an expert in another field, the solution is more obvious and known to be effective.
Or maybe nobody really knows, and we’ll have to make something up as we go.
Internet meme; source unknown
Regardless, being aware of the problem is the first step towards solving it. So if I can do nothing else, I hope to ensure that the folks that enjoy my blog are made aware.Beyond that. my plan is to let people more qualified think about what (if anything) to actually do about this potential mess.
Until next time.
More Coverage of This Topic
Woofles, cited above, wants to help solve some of these problems:https://www.youtube.com/watch?v=fKW0qdJJbTA
Beta Eta Delota read the original version of this blog post and added his commentary:
https://www.youtube.com/watch?v=tu2xQQBp_Lo
Finn the Panther has ideas (some specific to Midwest FurFest):
https://www.youtube.com/watch?v=_eI_2lDrGq4&t=476s
https://soatok.blog/2024/05/30/furries-are-losing-the-battle-against-scale/
#doublingTime #exponentialEquations #furry #FurryFandom #Mathematics #population #Society
Many of the most annoying and pervasive problems with the furry fandom–from the cyclical nature of Twitter discourse to the increasingly frustrating issue of furry convention main hotel registrations selling out immediately after opening–are entirely predictable if you know even a little bit of mathematics.
And it’s going to get worse. If you don’t believe me, read on.
“But Soatok, my whole thing is being a dumb animal online. Why would I know any mathematics?”
This video from Colorado professor Albert Bartlett is a must-watch:
https://www.youtube.com/watch?v=kZA9Hnp3aV4
Gimme the Numbers
WikiFur has historical data on furry convention attendance. Let’s start with the list of furry conventions with the highest attendance in their most recent year.
| Convention | Year | Location | Attendance |
|---|---|---|---|
| Midwest FurFest | 2023 | Rosemont, Illinois | 15,547 |
| Furry Weekend Atlanta | 2024 | Atlanta, Georgia | 15,021 |
| Anthrocon | 2023 | Pittsburgh, Pennsylvania | 13,644 |
| Furry Fiesta | 2024 | Dallas, Texas | 8,001 |
| Further Confusion | 2024 | San Jose, California | 5,826 |
| Megaplex | 2023 | Orlando, Florida | 5,189 |
| Anthro New England | 2024 | Boston, Massachusetts | 4,482 |
A sample of the top attended furry conventions.
Note: We can make a similar analysis for most furry conventions that have historical data available.
For ease, I’m going to focus on the more popular events.
Additionally, I’m going to take the average of percentages just to smooth out the variability Year-over-Year and make simpler statements.
Using averages like this is normally a risky move, especially if a statistician might one day read your work and get cross with you. I’ve provided more granular data in a Google Sheet.
- Anthrocon saw an average of 14.2% growth year-over-year since 2000. If you only focus on the past decade (which includes a dip during the pandemic), their growth rate was 12.6%.
- Midwest FurFest grew by an average of 17.9% since 2000 and 17.8% since 2014 (omitting the cancelled year).
- Furry Weekend Atlanta grew by an average of 26.3%, or 25.9% if you only look at 2015-2024.
- Texas Furry Fiesta saw an overall growth rate of 31.8% since its first year (2009), and a growth rate of 17.4% over the past decade.
- Megaplex was grew 24.6% each convention, with a 25.2% growth since 2014.
Okay, if you haven’t watched the video and aren’t good a math, that maybe sounds like sustainable, healthy growth for a community, right?
Well, let’s use the past 10 year average growth rate to make some predictions.
- AnthroCon attendance grows by 12.6%, which corresponds to an attendance doubling in 5.5 years.
- Midwest FurFest? Doubles in 3.9 years.
- Furry Weekend Atlanta? 2.7 years!
- Texas Furry Fiesta? 4 years.
- Megaplex? 2.7 years!
If the growth rate keeps up, for example, we can expect Furry Weekend Atlanta to have approximately 60,000 attendees by 2035 (11 conventions in the future).
If you think the FWA elevator wait times were long this year, just let the current growth rate keep up. Especially if their staff are short-sighted enough to sign a multi-year contract with the current convention hotel.
What About Furries That Don’t Go to Conventions?
We see exponential growth in the furry fandom outside of convention attendance, too.
https://twitter.com/Dragoneer/status/1766121415156146610
I’m sure there are many other data sources we can consider, but the conclusion is likely to be the same elsewhere.
What Do The Numbers Mean?
Simply put: The furry community is growing at a break-neck exponential speed.
We are seeing year-over-year growth rates exceeding 10% (a benchmark which represents a doubling time of 7 years, as that video up above was fond of pointing out).
Given that the world population is growing at 0.8%, it may be tempting to assume that, in a few short decades, the entire world will be furry. That is not the case.
Exponential growth cannot continue forever. You will always run headfirst into some sort of carrying capacity or limiting factor that impedes growth. Every exponential curve eventually becomes an S-curve.
Where Are We Headed?
Based on the numbers presented above, let’s think about what risks the furry community could be aimlessly blundering into right now.
I must stress that this is not a realistic threat model of the future, but an examination at what could go wrong.
Awareness of the risks could be sufficient to actually mitigate them before they manifest.
Or perhaps these words will fall upon deaf ears, and things could go more-or-less exactly as I will describe in this section.
Or maybe I’m entirely too optimistic and things will get much, much worse than I can imagine.
This is all to say: The future isn’t written yet, so who the fuck knows?
But we can make a somewhat educated guess on the trajectory we’re on. So let’s do that.
Know Your Limits
What limiting factors could the furry fandom’s explosive growth encounter in the near future?
That’s a broad question to ponder, but one possibility that comes to mind is that while there is an exponential growth in furry participation (i.e., convention attendance), there is not an accompanying exponential growth in the quantity of conventions themselves.
(Nor of convention staff, for that matter!)
The demand for convention attendance is a bull market, but the supply is more-or-less static.
THIS IS NOT SUSTAINABLE.
If things continue at the same pace they’re currently marching, conventions will become increasingly overcrowded. But the problems will not stop with just that.
Rooms at the main convention hotel will become accessible only for the wealthier and/or more technically savvy, rather than for all furries.
Convention registration costs will rise, to little benefit for attendees. Some of that money will be spent on big, non-fandom performances from celebrity headliners, which will drive some non-furries to attend as well, further exacerbating the crowds.
All kinds of systemic, structural issues in society at large will become more pronounced within our community.
Registration, elevators, the dealers den and artist alley, and even the fucking stairwells will have unreasonable lines of people waiting to use them.
When confronted with this stress, people will take out their anger–which is caused by a complex mess of factors stemming from this relatively simple mathematical observation–on comparatively simpler targets. Slightly more literal than usual scape goats, if you will.
A lot of ageist, classist, ableist discourse will emerge from the fault lines of our ever-expanding community.
There will be calls for more gatekeeping, rooted in nostalgia for simpler times when there were fewer of us to try to accommodate.
Convention staff will eventually buckle under an exponentially rising amount of pressure. People will burn out. It won’t be pretty.
Meanwhile, Drama YouTubers (or whatever platform or vestige they adopt in the future) will be collectively increasing Orville Redenbacher’s quarterly sales with the content they can farm from this discontent.
“That sounds bad; surely other furries are aware of this explosive growth?”
Of course, but they mostly think it’s a good thing. For example:
https://www.youtube.com/watch?v=JumV2UQf43A
What Can We Do About It?
I don’t know.
I agonized for a long time about how to write this section, and I don’t have any good answers.
I mean, sure, I have some ideas that might help in some way. A couple of them are:
- Embrace Virtual Reality. It’s much easier to scale up VR servers on the fly than it is to just accommodate thousands more furries. No reg line to deal with, either.
- Focus On Smaller, Local Events. While it’s kind of cool that tens of thousands of furries will descend on the same city for a weekend to attend the same convention, it would also be cool if there were more local events. Not just weekly or monthly meet-ups, either. I’m thinking of picnics, barbecues, etc. “Think global, act local,” as it were.
However, neither idea does anything to alleviate the fear of missing out that can accompany large conventions.
Additionally, artists may depend on large conventions as a way to network and grow their audience, which is necessary to make their commission income sustainable. These ideas wouldn’t really help them at all.
Solving this problem is outside my wheelhouse. I’m not a social scientist, by any means, and this feels like the sort of problem they would be more successful at tackling than a computer security and math nerd.
Who knows? Maybe to an expert in another field, the solution is more obvious and known to be effective.
Or maybe nobody really knows, and we’ll have to make something up as we go.
Regardless, being aware of the problem is the first step towards solving it. So if I can do nothing else, I hope to ensure that the folks that enjoy my blog are made aware.
Beyond that. my plan is to let people more qualified think about what (if anything) to actually do about this potential mess.
Until next time.
More Coverage of This Topic
Woofles, cited above, wants to help solve some of these problems:
https://www.youtube.com/watch?v=fKW0qdJJbTA
Beta Eta Delota read the original version of this blog post and added his commentary:
https://www.youtube.com/watch?v=tu2xQQBp_Lo
Finn the Panther has ideas (some specific to Midwest FurFest):
https://www.youtube.com/watch?v=_eI_2lDrGq4&t=476s
https://soatok.blog/2024/05/30/furries-are-losing-the-battle-against-scale/
#doublingTime #exponentialEquations #furry #FurryFandom #Mathematics #population #Society
While the furry fandom can be a wonderful place and a force for good in the world, the topics that tend to circulate on Furry Twitter are somewhat seasonal: They repeat every so often–usually sparked by someone saying or doing something shitty–and never actually lead to a productive result.Let’s look at a few of these reoccurring topics and suggest actual solutions, rather than reactionary hot takes that only add fuel to an already out-of-control fire.
Safe Spaces for Underage Furries
https://twitter.com/BoozyBadger/status/1275443221624057856Once upon a time, there was a movement called Burned Furs: A right-wing puritanical effort to rid the early furry fandom of its adult side. If you take the time to read about these clowns, you’ll hear a lot of the same arguments that alt-right trolls make today, except now they use the word “degenerate” to describe anything vaguely LGBTQ+.
As a result, most adult furries are generally wary of the creation of a “safe space” for strictly-SFW furry content, because it always gets co-opted by homophobes and the “sex is evil” variety of bigot. There’s also the concern that if you put all of the minors in one place, it will inevitably become a flytrap for creeps looking for their next victim.
There absolutely should be room for furries–of any age (asexual folks are valid too)–that only serves work-safe (i.e. non-sexualized) content. However, these spaces should be curated by people with a generally sex-positive mindset.
Why Should Sex-Positive Adults Moderate Non-Sexualized Spaces?
Let’s learn from history, please, so as to not repeat its follies.If the horror known as conversion therapy has proven nothing else, it’s that telling LGBTQ+ kids that sex is evil is only going to lead to misery and suicide.
(No, I’m not pulling punches on this one. Religious nuts just love to drive queer people to suicide, and only 20% to 25% of furries are heterosexual.)
Nature abhors a vacuum. If you don’t step in, someone else will. If someone else is incentivized to do so, they probably won’t have the kids’ best interests in mind. Neither anti-sex puritans nor would-be sexual predators should be given access, let alone influence.
Neither should right-wing extremists, such as “alt-furry” (a movement of imbeciles who follow someone’s fursona named “Foxler”–literally “Fox Hitler”–yet try to insist they aren’t Nazis; yeah right).
What Should Be Done?
Art by circuitslime.
First, accept that a lot of furries are underage and shouldn’t be exposed to adult content–even if for no other reason than legal risk. (If anyone objects to that, you should feel very concerned about being alone with them.) Furthermore, there are some adults that don’t want to be exposed to NSFW content either.
Being sex-positive isn’t the same thing as being horny. Sex-positivity requires an understanding and respect for consent and boundaries. If someone doesn’t want to see your lewd art or photos, don’t go out of your way to make sure they see it (i.e. sending it to them directly).
Have an After Dark social media account for 18+ users? Block minors that try to follow you (and consider making your account private then screening your follow requests to filter out minors).
However, I don’t think we necessarily need a separate “label” for SFW furry content. Labels make you more susceptible to being coopted by perverse motives.
Worksafe furry groups on Signal/WhatsApp/Telegram/Discord/etc. are all valid.
If you’re underage and yearn for a SFW space for your furry fandom participation, talking to Moms of Furries is probably the best way to get started. Unlike random furries, their entire schtick is “make the fandom easier for parents to understand, and safer for their kids to play in”.
The threat model is complicated, the lines are blurred, and there’s a lot of shades of gray, but ultimately just letting people have worksafe spaces in the fandom is a good thing.
Just don’t let anyone try to convince the folks in those spaces that people who do enjoy the adult side of the fandom are bad and deserve to be shunned. That’s the anti-sex puritan bullshit I’ve talked about.
Murrsuits / Pup Hoods / etc.
Like clockwork, a pocket of furries (usually the same agitators mentioned in the previous section) will surface with some sort of hatred/shaming towards murrsuits, pup hoods, and other harmless sources of fun and self-expression.(A murrsuit, by the way, is a fursuit that’s specifically intended for use in sexual encounters, and usually has extra zippers for the wearer’s privates.)
The exact nature of their outrage changes with the season. Some folks (like the dumb narcissistic troll who once created a database of murrsuit owners) make unsubstantiated claims about health/cleanliness with sexual fluids and murrsuits.
Others are lazy, and make general hand-wavy statements that strike a moral chord with most people, but don’t actually make sense when you think about them for very long. Their structure looks like this:
- If some people have sex in their fursuits, then fursuits are sex toys.
- You shouldn’t have sex toys around kids!
This is a lazy attempt to manipulate the listener, for two reasons:
- If some people have sex in their fursuits, that doesn’t actually make fursuits sex toys– and even if it somehow did, it still doesn’t make it so for people who don’t have sex in their fursuits.
- Lots of people have sex while wearing clothing. Wouldn’t the same logic applied to fursuits apply here too? And if so, are you arguing for everyone being naked around children? I sure fucking hope not.
Similar arguments are often raised about pup hoods, because of their apparent BDSM/kink connotations.
If they’re being worn in a non-lewd, tasteful manner (i.e. nobody’s genitals are being exposed, there’s no visible “bondage”, etc.), there’s nothing special about the anti-pup hood arguments. Same shit, different day.
What Should Be Done?
Simple: People really need to get over their fear of sex.When you see someone trying to shame another adult for having a sexuality, tell them to fuck off and leave the other person alone.
People with healthy sex lives don’t owe you anything, except a baseline for hygiene that literally every murrsuiter I know already exceeds without ever having to be told. There’s no action item here.
Sexual Abusers
They aren’t welcome; get the fuck out! I don’t care how their victims are classified: You aren’t allowed to be a part of our fandom if you perpetrate or support sexual abuse.Underage, non-human, whatever. Leave.
Begone! (Art by Khia)
Sexual abuse isn’t actually part of the Discourse we’re examining. Call those fuckers out and don’t let them back in. You’re doing good work by cleaning house.
Sometimes, you’ll come across a furry who decries the fact that their sexual abuser friends got “cancelled” by “cancel culture” and “social justice warriors”. These putzes ought to be loaded into a rocket and fired into the sun too.
Also: Kero the Wolf is guilty and people who still believe his innocence, or attempt to downplay the severity of his heinous acts, are doing a disservice to the entire fandom. (Or they’re also animal abusers, in which case, they can get yeeted too.)
Babyfurs
There is a very stark difference between babyfurs (people who mix AB/DL with furry) and pedophiles.The former is a harmless kink that involves adults roleplaying.
The latter is a sexual disorder that leads to the victimization of children.
Whenever babyfurs come up in the Furry Twitter Discourse, what’s really happening is the anti-sex crowd is trying to hope you won’t realize these are two very different ideas, and that your well-deserved disgust for one will automatically translate into hatred for the other.
Don’t be fooled.
(Hey, it’s not my thing either, but if it’s safe and between consenting adults, who the fuck are either of us to judge?)
A Word on “Just Fantasy”
Apologists for artistic depictions of pedophilic and zoophilic acts will often try to defend themselves by insisting it’s “just fantasy” and isn’t hurting anyone because no one’s consent was violated.While it’s true that research currently indicates that these kinds of pornography may not be correlated at all with sex crimes, and only the minority of sexual abuse is committed by a stranger, this is not an article discussing what should or should not be legal.
Take that up with the Justice system. I’m not interested in debating what the law “should” be.
The fact that this type of content is usually illegal, and taken very seriously by authorities (to the point of threatening our right to encrypt), is a premise for this discussion, not a conclusion.
And because it often is illegal (see: the Miller test), the furry fandom should not embrace it. Full stop.
I frankly don’t care what a therapist might advise someone with these attractions. That’s between them and their patients. Sexual abuse must not be tolerated, and possessing materials that depict sexual abuse (whether against animals or children) are legally perilous.
It’s also not the furry fandom’s job to be the forerunners of the debate about the social acceptability of art depicting child or animal exploitation fantasies. If that’s your cause, go find a new shield.
It’s not appropriate for anyone to expect a community that already struggles with unfair assumptions and connotations of sexuality to move before the rest of society on any issue even vaguely related to sex crimes.
Feral Art and Characters
Some artists have feral art styles (i.e. standing on four legs rather than two; no thumbs).Feral characters with human sentience are still furry, even if you can superficially relate feral furry art to the kind of content that animal abusers might seek.
As always, there’s a reasonable litmus test available for judging this kind of content:
The Harkness test, made by BeakieHelmet.
Note: The Harkness Test wasn’t created by an academic institution and there is no peer-reviewed pedigree behind it, but it’s sufficient for our purposes. If you don’t like it, design a better one and get it peer-reviewed. Until then, we can continue to phone it in with the Harkness Test and not make perfect the enemy of good.
Neither pedophile (“cub”) nor bestiality/zoophilia art are okay, because they normalize sexual abuse. Cub art in particular is bad, because it has used by perpetrators to groom people into participating (usually as a victim, but sometimes as a co-conspirator).
Ban cub art. Ban artistic depictions of zoophilia.
But don’t extend the bans to encompass babyfur art (which is AB/DL, not underage characters) nor feral art (which is an art style, not actual animals being portrayed).
If you cannot distinguish cub from babyfur, you shouldn’t be leading any moral crusades on social media or cancelling people, because you’re going to inevitably harm a lot of innocent people if you do.
Same goes for feral/zoo.
What About Pokemon Fursonas (Pokesonas)?
Some furries argue that Pokemon-based fursonas–and any art thereof–is inherently non-furry and therefore any lewd art of their characters is gross and problematic. This warrants a closer look.Many Pokemon are clearly at, or above, human intelligence (i.e. the psychic types). Furthermore, the fact that Meowth from the anime learned human speech and can directly translate what other Pokemon are saying implies that it is possible to communicate affirmative consent, in the framework of established lore.
Speaking of which: the canon lore for the Pokemon franchise confirms the existence of human-Pokemon marriage (source).
When you combine these observations, it’s pretty clear that Pokemon are generally capable the Harkness test, so these “Pokemon yiff is zoophilia” takes are either arguing for a special case (i.e. either a specific species of Pokemon lacks the sentience that the rest seem to, or the characters involved are violating boundaries), or they’re intentionally engaging in social manipulation to push an agenda.
Also, they’re fictitious creatures. Splitting hairs over this is really petty compared to the harm real people inflict on real animals.
The NSFW Feral Art Acceptability Matrix
If you’re in doubt about whether a piece of NSFW art passes the Harkness test, consult the following table (while being pessimistic; if you can’t tell whether a character is a feral fursona or a dumb animal, always assume the worst):
Human Anthro Feral Animal Human ✔️ ✔️ Ehhh* ❌ Anthro ✔️ ✔️ ✔️ ❌ Feral Ehhh* ✔️ ✔️ ❌ Animal ❌ ❌ ❌ Ehhh* This table assumes informed, enthusiastic consent, between adults.
* It might pass the test but it’s still kinda weird for humans to be depicting it in art. Be very careful that you’re not producing material that inadvertently promotes sexual abuse and/or aids groomers.Update (2020-06-28)
I’ve actually gotten a lot of grief from two camps over this section of the post.One camp wants all feral art to be banned because of a “slippery slope” fallacy, and they believe my argument here doesn’t go far enough.
The other wants all feral art to be allowed because they believe “people can distinguish between fantasy and reality”, and believes my argument goes too far.
People who dig their heels in on extreme, opposite positions will never be made to agree. Neither this blog post nor a painstakingly-researched scientific study will sway their minds, and I have no desire to even try.
I am neither a puritanical moral crusader nor an apologist for sexual abuse. If you are, know now that I will not amend this post to further your agenda.
Consent is what ultimately matters, and since animals and children cannot consent, all art portraying either sexually is harmful.
But if the art doesn’t portray animals or children, it’s fair game (even if you or I personally dislike it). There are much bigger fish to fry than a (largely) harmless fantasy; what are your priorities?
Popufurs
Before I started this blog, I used to write articles on Medium. My most popular one tackled the topic of “popufurs” directly. Go read it.https://www.youtube.com/watch?v=sEJ3usS7bb4
Furries Over the Age of 30
One of the dumbest talking points that recurs on Furry Twitter is the “gay death” discourse, cheaply repackaged for furries. So you get a lot of dumb takes like this:https://twitter.com/JamesCerulo/status/1349071850265972737
The entire concept of Gay Death is stupid, and has roots in the kind of vain heteronormativity that produces dumb memes like this one:
https://twitter.com/SoatokDhole/status/1371862131117801480
Here’s the simple solution to this age discourse whenever it comes up:
- You can be a furry at any age and it doesn’t fucking matter
- Underage furries shouldn’t be in adult spaces (but can certainly claim their own spaces, and that’s totally fine as long as it’s not being used solely to perpetuate the kind of puritanical bullshit that often drives LGBT youth to suicide; see above)
- The greater the gap between your age and another person’s, the more conscientious you should be about leading them on or taking advantage of them in any way
Let’s be real: We’re all nerdy weirdos and anyone who tries to treat the fandom like a high school popularity contest is totally missing the point of a fandom full of nerdy weirdos. Just stop.
If you’ve read this far, consider yourself fully briefed on the recurring topics in Furry Twitter discourse.
If another topic starts rearing its head often enough, I’ll either update this page or write a sequel article to cover the new badness.
https://twitter.com/ArcticSkyWolf/status/1349372061198778368
https://soatok.blog/2020/06/24/resolving-the-reoccurring-discourse-on-furry-twitter/
#antiFurryBullying #furry #FurryFandom #recurringTopics #SocialMedia #Twitter
I quit my job towards the end of last month.
When I started this blog, I told myself, “Don’t talk about work.” Since my employment is in the rear view mirror, I’m going to bend that rule for once. And most likely, only this one time.
Why? Since I wrote a whole series about how to get into tech for as close to $0 as possible without prior experience, I feel that omitting my feelings would be, on some level, dishonest.
Refusing Forced Relocation
I had been hired in 2019 for the cryptography team at a large tech company. I was hired as a 100% remote employee, with the understanding that I would work from my home in Florida.
Then a pandemic started to happen (which continues to be a mass-disabling event despite what many politicians proclaim).
The COVID-19 pandemic forced a lot of people who preferred to work in an office setting to sink-or-swim in a remote work environment.
In early 2020, you could be forgiven for imagining that this new arrangement was a temporary safety measure that we would adopt for a time, and then one day return to normal. By mid 2022, only people that cannot let go of their habits and traditions continued to believe that we’d ever return to the “normal” they knew in 2019.
As someone who had been working remote since 2014, as soon as the shift happened, many of my peers reached out to me for advice on how to be productive at home. This was an uncomfortable experience for many of them, and as someone who was comfortable in a fully virtual environment, I was happy to help.
By early 2021, I was considered to not only be a top performer, but also a critical expert for the cryptography organization. My time ended up split across three different teams, and I was still knocking my projects out of the park. But more importantly, junior employees felt comfortable approaching me with questions and our most distinguished engineers sought my insight on security and cryptography topics.
It became an inside joke of the cryptography organization, not to let me ever look at someone else’s source code on a Friday, because I would inevitably find at least one security issue, which would inevitably ruin someone’s weekend. I suppose the reasoning was that, if the source code in question belonged to a foundational software package, it carried the risk of paging the entire company as we tried to figure out how to mitigate the issue and upstream the fix.
(I never once got earnestly reprimanded for finding security bugs, of course.)
I can’t really go into detail about the sort of work I did. I don’t really want to name names, either. But I will say that I woke up every day excited and motivated. The problems were interesting, the people were wonderful, and there was an atmosphere of respect and collaboration.
Despite the sudden change in working environment for most of the cryptography organization in response to COVID-19, we were doing great work and cultivating the same healthy and productive work environment that everyone fondly remembered pre-pandemic.
And then the company’s CEO decided to make an unceremonious, unilateral, top-down decision (based entirely on vibes from talking to other CEOs, rather than anything resembling facts, data, or logic):
Everyone must return to the office, and virtual employees must relocate. Exceptions would be few, far between, and required a C-level to sign off on it. Good luck getting an exception before your relocation decision deadline.
Hey, tech workers, stop me if you’ve heard this one before.
To the credit of my former managers, they sprung this dilemma on me literally the day before I went to a hacker conference–a venue full of hiring managers and technical founders.
On Ultimatums
If I had to give only one bit of advice to anyone ever faced with an ultimatum from someone with power over them (be it an employer or abusive romantic partner), it would be:
Ultimately, never choose the one giving you an ultimatum.
If your employer tells you, “Move to an expensive city or resign,” your best move will be, in the end, to quit. Notice that I said, in the end.
It’s perfectly okay to pretend to comply to buy time while you line up a new gig somewhere else.
That’s what I did. Just don’t start selling your family home or looking at real estate listings, and definitely don’t accept any relocation assistance (since you’ll have to return it when you split).
Conversely, if you let these assholes exert their power over you, you dehumanize yourself in submission.
(Yes, you did just read those words on a blog written by a furry.)
If you take nothing else away from this post, always keep this in mind.
From Whence Was This Idiocy Inspired?
Nothing happens in a vacuum.
When more tech workers opted to earn their tech company salaries while living in cheaper cost-of-living houses, less tech worker money circulated to big city businesses.
This outflow of money does hurt the local economies of said cities, including the ones that big tech companies are headquartered in. In some cases, this pain has jeopardized a lot of the tax incentives that said companies enjoy.
That’s why we keep hearing about politicians praising the draconian way that the return-to-office policies are being enforced.
At the end of the day, incentives rule everything around us.
Companies have to kowtow to the government in order to reduce their tax bill (and continue pocketing record profits–which drive inflation–while their workers’ wages stagnate).
This outcome was incredibly obvious to everyone that was paying attention; it was just a matter of when, not if.
Signs of Things to Come
Do you know who was really paying attention? The top talent at most tech companies.
After I turned in my resignation, I received a much larger outpour of support from other very senior tech workers than I ever imagined.
Many of them admitted that they were actively looking for new roles; some of them for the first time in over a decade.
Many of them already have new gigs lined up, and were preparing to resign too. Some of those already have.
Others are preparing to refuse to comply with either demand, countering the companies’ ultimatums with one of their own: Shut up or fire me.
What I took from these messages is this: What tech companies are doing is complete bullshit, and everyone knows it, and nobody is happy about it.
With all this in mind, I’d like to issue a prediction for how this return-to-office with forced relocation will play out, should companies’ leaders double down on their draconian nature.
My Prediction
Every company that issued forced relocation ultimatums to their pre-pandemic remote workers will not only lose most (if not all) their top talent in the next year, but they will struggle to hire for at least the coming decade.
The bridge has been burnt, and the well has been poisoned.
Trust arrives on foot, but leaves on horseback.Dutch proverb
The companies that issued these ultimatums are not stupid. They had to know that some percentage of their core staff would leave over their forced relocation mandates. Many described it as a “soft layoff” tactic.
But I don’t think they appreciate the breadth or depth of the burn they’ve inflicted. Even if they can keep their ships from sinking, the wound will fester and their culture will not easily recover. This will lead to even more brain drain.
Who could blame anyone for leaving when that happens?
Unfortunately, there is a class of people that work in tech that will bear the brunt of the ensuing corporate abuse: H-1B visa employees, whose immigration status is predicated on their ongoing employment. Their ability to hop from abusive companies onto lifeboats is, on the best of days, limited.
And that? Well, that’s going to get ugly.
There’s still time for these companies to slam the brakes on their unmitigated disaster of failed leadership before it collapses the whole enterprise.
If I were a betting dhole, I wouldn’t bet money on most of them doing that.
Their incentives aren’t aligned that way yet, and when they finally are, it will be far too late.
Toward New Opportunities
As for me, I’m enjoying some well-earned downtime before I start my new remote job.
I wasn’t foolish enough to uproot my life and everyone I love at some distant corporate asshole’s whims, but I also wasn’t impulsive enough to jump ship without a plan.
That’s as much as I feel comfortable saying about myself on here.
If you’re facing a similar dilemma, just know that you’re not alone. Savvy companies will be taking advantage of your current employer’s weakness to pan for gold, so to speak.
You are not trapped. Your life is your own to live. Choose wisely.
Addendum
After I posted this, it made the front page of Hacker News and was subsequently posted in quite a few places. After reading some of the comments, I realize a few subtleties in my word choice didn’t come across, so I’d like to clarify them.
When I say “RTO is bullshit”, I don’t mean “office work is bullshit” or anything negative about people that prefer in-person office work. I mean “the forced relocation implementation of transitioning a whole company to never-remote (a.k.a. RTO) is bullshit”.
If working in an office is better for you, rock on. I don’t have any issue with that. The bullshit is the actions taken by company’s leadership teams in absence of (or often in spite of) hard data on remote work versus in-person work. The bullshit is changing remote worker’s employment agreements without their consent and threatening “voluntary resignation” as the only alternative (even though that’s pretty obviously constructive dismissal).
When I discussed ultimatums above, I’m specifically referring to actual ultimatums, not colloquial understandings of the word. If you can talk with the person and negotiate with them, it’s not a goddamn ultimatum. What I was faced with was an actual ultimatum: Comply or suffer. I chose freedom.
Hope that helps.
Regarding some of the other comments, I come from the “I work to live” mindset, not the “I live to work” mindset. My opinions won’t resonate with everyone. That’s okay!
Update: I wrote a follow-up to this post to address a lot of bad comments I saw on HN and Reddit.
https://soatok.blog/2023/10/02/return-to-office-is-bullshit-and-everyone-knows-it/
#business #businessEthics #forcedRelocation #returnToOffice #Society #techIndustry #Technology #ultimatums #work
I probably don’t need to remind anyone reading this while it’s fresh about the current state of affairs in the world, but for the future readers looking back on this time, let me set the stage a bit.The Situation Today
(By “Today”, I mean early May 2020, when I started writing this series.)In the past two months, over 26 million Americans have filed for unemployment, and an additional 14 million have been unable to file.
Federal Reserve chairman, Jerome Powell, says we’re in the worst economy ever.
In a desperate bid of economic necromancy, many government officials want to put millions more Americans at risk of COVID-19 before we can develop a vaccine and effective treatment. And we still don’t even know the long-term effects of the virus.
I’m not interested in discussing the politics of this pandemic or who to blame; I’ll leave that to everyone else with an opinion. Instead, I want to acknowledge two facts that most people probably already know:
- This was mostly avoidable with competent leadership and responsible preparation
- Most of us have rough times ahead of us
I can’t do anything about the first point (although most people are focused on it), but I want to try to alleviate the second point.
What This Series is About
Whether you lost your job and need an income to survive, or you’re one of the essential workers wanting to avoid being sacrificed by politicians for the sake of economic necromancy, I wrote this guide to help you transition into a technology career with little-to-no tech experience.This is not a magic bullet! It will require time, focus, and effort.
But if you follow the advice on the subsequent posts in this series, you will at least have another option available to you. The value of choice, especially when you otherwise have none, is difficult to overstate.
I am not selling anything, nor are there ads on these pages.
This entire series is released under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Why Work in Tech?
Technology careers aren’t everyone’s cup of tea, and they might be far from your first choice, but there are a couple of advantages that you should be aware of especially during this pandemic and lockdown:
- Most technology careers can be performed remotely.
- Most technology careers pay well.
The first point is especially important for folks living in rural areas hit hard by a lack of local employment opportunities.
A lot of the information and suggestions contained in this series may be applicable to other domains. However, my entire career has been in tech, so I cannot in good conscience speak to the requirements to gain employment in those industries.
Why Should We Trust You?
You shouldn’t. I encourage you to take everything I say with a grain of salt and fact-check any claims I make. Seriously.My Background
I’m currently employed as a security engineer for a cryptography team of a larger company, although I don’t even have a Bachelor’s degree. I’ve worked with teams of all sizes on countless technology stacks.I have been programming, in one form or another, since I was in middle school (about 18 years ago), although I didn’t start my professional career until 2011. I’ve been on both sides of bug bounty programs, including as my fursona. A nontrivial percentage of the websites on the Internet run security code I wrote under my professional name.
Art by Khia
My Motivation
Over the past few years, I’ve helped a handful of friends (some of them furries) transition into technology careers. I am writing this series, and distributing it for free because I want to scale up the effort I used to put into mentoring.I’m writing this series under my furry persona, and drenching the articles with queer and furry art, to make it less palatable to bigots.
Art by Kerijiano
Series Contents
- Building Your Support Network and/or Team
- Mapping the Technology Landscape
- Learning the Fundamental Skills
- Choosing Your Path
- Starting and Growing an Open Source Project
- Building Your C.V.
- Getting Your First Tech Job
- Starting a Technology Company
- Career Growth and Paying It Forward
The first three entries are the most important.
The header art for this entire series was created by ScruffKerfluff.
https://soatok.blog/2020/06/08/furward-momentum-introduction/
Before I get into this story, I feel it’s important that you know where I’m coming from. But if you don’t care about that, feel free to skip the Background section.
Background
My blog, Dhole Moments, has always been available online for free and without any kind of advertisements. The only thing I might ever “promote” here are other furry bloggers, free and open source software projects, and anything cool happening in the furry fandom–and I won’t ever do so for monetary gain.
The ability to freely share my knowledge and experience with others is one of the privileges granted to me by modern technology. I’m further privileged to be able to afford to live through my career in computer security, and to never be desperate enough to have to choose between personal integrity and survival.
To be clear: My resistance to compensation here is simply to avoid perverse incentives, not to throw shade at people who lack the privileges I do.
It has to be known that I’ve been pretty open about my stance against paid promotions, from my 2020 year in review blog post to the absence of any payment information (Ko-Fi, PayPal.me, Patreon, etc.) on my blog. I certainly have those things, but they’re utterly divorced from what I’m doing here.
My attitude about gratitude towards anything useful I write on this blog (e.g. the Furward Momentum series) is simple: Pay it forward. (And if you can’t pay it forward, what good would a sense of debt do you? People care. You’re worth caring about.)
If you still have money burning a hole in your pocket, just make sure you generously tip the next furry artist you commission.
An Internet Marketer Offered Me $100 to Betray Myself and My Community
In March 2021, I received an email from someone named CJ Hankins, who purported to be an Outreach Executive of Wise Marketing (although their name is suspiciously absent from their “Meet the Team” page).
If you’d like to independently verify the authenticity of these messages, I’ve dumped the .eml files with DMARC headers into a zip file (including my replies).
In this email, CJ Hankins offered to pay me $100 to publish an article on this blog.
Hi,We have read your content on soatok.blog and would very much like to contribute an original article for your consideration. The said content would be exclusively written for your site.
Within the article, we would place a reference to one of our clients and for this request, we are able to pay $100 (via PayPal).
Please let us know if this is something you would be interested in.
We are ready to send a draft or a sample piece for your perusal.
Yours sincerely,
CJ[signature snipped]
P.S. Message sent through Gmail due to technical issues with my primary work email account.
If I were anyone else blogging about cryptography, I’d probably ignore the email entirely. If I felt generous, I might politely decline. If they persisted, I might reply with a hearty “fuck off” and setup a filter to ensure any subsequent emails from their company skip my inbox.
That’s the mature, professional, adult thing to do.
But wouldn’t it be funny if they tried to write an article in my usual style–complete with my usual smattering of art of my fursona throughout the prose?
So, naturally, I replied.
Hi CJ,Do you have a draft available for what you would like to publish?
I’m also curious how well your intended post will fit with the usual style of my usual blog posts.
Thanks,
Soatok
(Background image derived from Johis’ work.)
If you’ll notice, I didn’t commit to any sort of agreement in my reply. I asked if they had a sample available and expressed curiosity.
Their reply came nearly a week later, and I need to emphasize something in their next email, so I’ll make it bold. (In the original email, it isn’t.)
Hi Soatok,We are very happy you have gotten in touch. Here are the details of the next steps.
A professionally written and edited draft will be sent for your approval in the next few weeks. Please let us know if you have specific editorial requests or guidelines you want us to follow. Or if you feel the topic needs some work or adjusting. We will be ready to make any changes you see fit.
In the article we will need to mention our Online Gaming client. Another point is that the live article cannot have any label. If this is in breach of your guidelines, don’t hesitate to get in contact so we can figure out if there is any other way forward.
Warm regards,
CJP.S. Message sent through Gmail due to technical issues with my primary work email account.
Up until this point, I had already suspected that this outreach was an attempt at what marketers call native advertising. What I didn’t expect was for them to try to get their targets to deceive their audience.
If you’re not familiar with native advertising, this Last Week Tonight video is worth watching for a primer.
https://www.youtube.com/watch?v=E_F5GxCwizc
Even when clearly labelled, native advertising is deceptive, but in sort of a gray area way: If you’re keen enough to notice the label, you’ll realize you’re reading an ad. If you’re not, you might get fooled, but you only have yourself to blame for not being perceptive enough. This is kind of a bullshit argument, but humans are good at rationalizing their misdeeds.
Native advertising without any sort of label? That’s indefensible, even by the above bullshit argument’s standards.
I did not reply to CJ’s email, and they went quiet for a few weeks, until they finally delivered the proposed article for me to publish.
Hi Soatok,I hope you are well and have had a good week. The reason for this email is that I now have the article to put on your site. Please see attached Word document file.
Please make any small changes to the text that you see fit, but we do ask that you keep the tone of the article and do not alter any of the anchor text. This article was written exclusively for your website and is not a duplicate.
If you agree to put this article on your blog/homepage, please do so as you usually would so that it appears at the top of the page before eventually being replaced by a newer article.
Please publish the content if everything meets your satisfaction. We will then do a final check and immediately transfer the agreed fee via Paypal.
If you have any concerns or questions let me know.
Cheers,
The attached word document was titled, How Cryptocurrency is Making Online Gaming Safer. The purpose of the deceptive advertisement was to promote an online gambling platform from a company called Foxy Games. (The document is included with the emails if you’re curious.)
(Cropped screenshot of the Foxy Games website, which breaks archive.org.)
Who’s Running This Shitshow?
Foxy Games is operated by ElectraWorks Limited, which (in a twist that will surprise no one) was hit with a fine in 2018 for repeatedly breaching advertising standards.
However, Foxy Games is also a brand owned by the Entain Group. This split ownership model makes it difficult to pin down who’s exactly responsible for the unethical behavior we’re seeing here.
To make matters more frustrating, as noted above, CJ claims to work for a marketing firm (Wise Marketing) that doesn’t list them on their personnel page.
Even if we assume CJ is an actual employee of Wise Marketing, there’s no evidence that ElectraWorks Limited or the Entain Group is aware of the unethical behavior of their vendors.
But let’s be real (and, disclaimer, what follows is just my speculation):
This sort of corporate model, combined with the use of third parties, sure seems carefully constructed to minimize legal liability without actually complying with regulations.
The vendors do the dirty work. If one gets caught, then, at worst, the client simply terminates their contract and maybe issues a banal press release insisting they didn’t know and do not condone this behavior, and then proceed to change nothing else.
The fact that CJ Hankins isn’t listed could be explained by any of the following hypotheses:
- The webmaster is lazy and doesn’t update the team page frequently.
- CJ doesn’t actually work for them (either as an employee or contractor).
- Wise Marketing wants some sort of legal deniability to keep their contract with e.g. their client related to Foxy Games.
I don’t know which one is more likely to be true; it’s anyone’s guess, really. I’m sure the “my work email isn’t working so I’m using gmail” is totally legit.
Is Cryptocurrency Making Online Gaming Safer, Though?
Cryptocurrency is not making online gaming safer. Also, there’s a huge difference between online gaming (e.g. World of Warcraft) and online gambling (which they insist on referring to with “gaming” as a euphemism for gambling, which is stupid and I refuse to do that).
I could speculate further on many reasons why cryptocurrency would be an attractive subject for gambling companies, but I ultimately think it has a lot more to do with blockchain hype and reaching new audiences than anything more strategic (e.g. avoiding retributive chargebacks from gambling addicts who bleed their bank accounts dry and run up a massive credit card debt trying to win big).
Bloggers Beware
For reasons I’ve explained above, I have no temptation to accept their offer of $100 to deceptively promote an online gambling client through an unmarked native advertisement on this blog.
However, I’m certainly not the only blogger they approached with this sort of offer. And I certainly won’t be the last.
A lot of people do blog because they want to make money online, and these kind of marketing opportunities can be incredibly enticing especially if you’re in a financially desperate situation.
But is $100 really worth sacrificing your personal integrity forever?
Is it worth it to unethically promote a platform whose operators have a history of repeatedly breaching the advertising standards of the UK’s Gambling Commission?
Personally, I’d rather pursue a career drawing erotic furry art for random people with increasingly specific kinks than deal with this nonsense.
Closure
As I started writing the draft for this blog post, CJ sent me another email.
Hi Soatok,How are you? I sent our proposed article “How Cryptocurrency is Making Online Gaming Safer” last week. Did you receive it? If not, kindly let me know and I’ll be happy to resend the copy.
I look forward to hearing from you again. Have a great day!
My response (which will be sent as soon as this post goes live) is as follows.
Hi CJ,In my previous response I had expressed curiosity and asked for a sample. I didn’t expect you to deliver the entire completed article for review without further discussion.
Upon review of this article, I must admit that it doesn’t live up to my strict editorial standards of bad furry puns or fursona art between paragraphs.
Given the reason above, I don’t wish to move forward with this transaction, and I’m not interested in the $100. However, since you put forth the time to write this post, I just might share it with the world for free.
Regards,
Soatok
Here’s hoping the entire internet marketing industry puts me on a “do not contact” list after this.
https://soatok.blog/2021/05/18/avoiding-the-frigid-hellscape-of-online-marketing/
#entainGroup #marketing #nativeMarketing #onlineGambling #Society #unethicalBehavior
Dhole Moments
Writings about information security, cryptography, software, and humanity, from a member of the furry fandom.From the Furry Fandom…
Featured Furries
Can’t get enough of blog posts written by furries? This post aims to curate some of the other blogs written by furries that are worth sharing with my regular readers. Many (but not all) of these furry blogs are focused on technology in some way. Background Information Many years ago, I wrote a post titled…July 21, 2024August 15, 2024
Soa Talks (Latest Posts)
Ambition, The Fediverse, and Technology Freedom
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you continue to read this blog post. To be very, very clear, this is work I’m doing independent of the W3C or any other standards organization…October 12, 2024October 12, 2024
Why are furry conventions offering HIV testing to attendees?
Spoiler: It’s nothing scandalous or bad. Every once in a while, someone posts this photo on Twitter to attempt to dunk on furries: Over the years, I’ve seen this discourse play out several times. The people that post this photo usually don’t elaborate on why they think this photo is meaningful, they just let it…September 30, 2024October 3, 2024
Cryptographic Innuendos
Neil Madden recently wrote a blog post titled, Digital Signatures and How to Avoid Them. One of the major points he raised is: Another way that signatures cause issues is that they are too powerful for the job they are used for. You just wanted to authenticate that an email came from a legitimate server, but now…September 20, 2024September 20, 2024
Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In Florida, we sometimes also receive Silver Alerts, which indicates that an Alzheimer’s or dementia patient has gone missing. (Florida has a lot of old and retired people.)
To my surprise, it was neither of those things. Instead, it was a Blue Alert–a type of alert I had never seen before. Apparently nobody else had seen it either, because a local news site published a story explaining what Blue Alerts even are for their confused readers.
What’s a Blue Alert?
A Blue Alert is an involuntary message, communicated over the emergency alert infrastructure, to perform the equivalent of a Twitter call-out thread on a suspected cop-killer or cop-abductor.
Blue Alerts are opt-out, not opt-in, and you cannot turn them off without also disabling other types of emergency alerts. Even on newer phones which offer greater granularity with the types of emergency alerts to receive, there is no specific flag to disable Blue Alerts and leave all the other types turned on.
Blue Alerts Are Security Theater
Blue Alerts do not provide any meaningful benefit towards public safety, and actually make us less safe.
If someone just killed a cop, do you really expect random untrained citizens to get involved? We already know how that worked out for the armed and trained professionals.
https://twitter.com/cel_decicco/status/1408127188671647748
If law enforcement wants an uncritical platform to broadcast their lies and omissions with no questions (or only softball questions that presuppose the frame that they’re telling the truth), they already have every major media outlet in their locale. They don’t need the Blue Alerts to get the word out, or to advertise a cash reward for information leading to an arrest. They already have channels for that.
Why are Blue Alerts a thing? The best reason I’ve been able to discern is: Because the surviving families of deceased law enforcement officers want to feel like their loss is taken seriously. The need to “do something”–even when that something is meaningless, or even harmful, but still looks like a solution–is the essence of Security Theater.
But Blue Alerts aren’t as harmless as a mere expression of sheer self-entitlement over the rest of us unimportant proles.
Blue Alerts actually serve to make our society less safe by increasing Alarm Fatigue, which negatively impacts public safety by making people less focused when an alert comes in.
Alternatively, some people will actively disable Blue Alerts to prevent alarm fatigue. But, as stated above, there’s no way to disable them in isolation without also disabling other emergency alerts, which puts them at risk of being uninformed of an actual severe or extreme emergency.
Making the public less safe goes against the very predicate for why police forces exist in most states.
(Art by Khia.)
Blue Alerts Are Copaganda (in Practice)
This one needs a bit of explaining. I’m going to focus on Florida, because it’s familiar to me.
Blue Alerts were created in Florida in 2011 via an executive order by then-governor Rick Scott. According to Spectrum News 9, only three alerts have been issued since the system was created.
(Anecdote: I’ve had my own mobile phone since 2008 and never once received one until last week.)
The Florida Department of Law Enforcement identifies four criteria for a Blue Alert to be issued:
- A law enforcement officer must have been: seriously injured; killed by a subject(s); or become missing while in the line of duty under circumstances causing concern for the law enforcement officer’s safety.
- The investigating agency must determine that the offender(s) poses a serious risk to the public or to other law enforcement officers, and the alert may help avert further harm or assist in the apprehension of the suspect.
- A detailed description of the offender’s vehicle or other means of escape (vehicle tag or partial tag) must be available for broadcast to the public.
- The local law enforcement agency of jurisdiction must recommend issuing the Blue Alert.
That fourth requirement gives law enforcement a lot of discretion in deciding whether or not to issue a Blue Alert.
That power to arbitrarily decide whether or not to send one might explain why, despite having 2 cops killed in 2020 and 4 cops killed in 2018 due to shooting incidents (both in Florida alone, and I do not have access to data earlier than 2018), a Blue Alert wasn’t emitted for any of those incidents.
Gee, I wonder if something else could have happened last week to prompt law enforcement to exercise a rarely-used tool in their toolbelt?
What Happened Before June 2021’s Blue Alert
I’m not particularly clued into the specific events of the shooting that issued the Blue Alert, but there was a particularly embarrassing incident for law enforcement in Florida the day before that was starting to gain a lot of attention.
Florida Highway Patrol tased a teenage boy in his girlfriend’s yard. And it was starting to get national media coverage.
Content Warning: Do not watch this video if violence–especially police violence–might cause you severe discomfort or trigger an involuntary psychological response to past trauma:
https://www.youtube.com/watch?v=n4wSkqQlA9o
I do not have, nor will I claim to have, any specific evidence that proves that the cops used the shooting in Volusia County, Florida as an excuse to trigger the surprising Blue Alert to confuse and distract the populace.
However, all cops are bastards, so I certainly suspect them of doing such a thing to cover for their buddies.
And since their mere suspicion is generally sufficient justification for cops to violate the Fourth Amendment with wild abandon, it’s only fair that my suspicion be sufficient to launch an investigation into their motives.
Just kidding!
We know the system is stilted in cops’ favor, which is why there’s a Blue Alert when a cop gets killed, but not a Stasi Alert when cops decide to murder an American citizen.
In Conclusion
Blue Alerts are not actionable for their recipients, and make the public less safe. Additionally, they provide the police yet another propaganda tool that I suspect they already used once to distract the public from an embarrassing news story.
Here’s what needs to happen:
- Mobile Operating System developers need to create a dedicated toggle to disable Blue Alerts without disabling other emergency alerts.
- These toggles need to be easier to find and configure.
These aren’t political solutions, merely technological ones, but as a security engineer, that’s all I can offer.
https://soatok.blog/2021/07/02/blue-alerts-security-theater-and-copaganda/
#ACAB #BlueAlerts #Florida #police #policeState #Politics #publicSafety #SecurityTheater #Society #Technology
Last week, Floridians were startled by an emergency alert sent to all of our cell phones. Typically when this sort of alert happens, it’s an Amber Alert, which means a child was abducted. In Florida, we sometimes also receive Silver Alerts, which indicates that an Alzheimer’s or dementia patient has gone missing. (Florida has a lot of old and retired people.)To my surprise, it was neither of those things. Instead, it was a Blue Alert–a type of alert I had never seen before. Apparently nobody else had seen it either, because a local news site published a story explaining what Blue Alerts even are for their confused readers.
What’s a Blue Alert?
A Blue Alert is an involuntary message, communicated over the emergency alert infrastructure, to perform the equivalent of a Twitter call-out thread on a suspected cop-killer or cop-abductor.Blue Alerts are opt-out, not opt-in, and you cannot turn them off without also disabling other types of emergency alerts. Even on newer phones which offer greater granularity with the types of emergency alerts to receive, there is no specific flag to disable Blue Alerts and leave all the other types turned on.
Blue Alerts Are Security Theater
Blue Alerts do not provide any meaningful benefit towards public safety, and actually make us less safe.If someone just killed a cop, do you really expect random untrained citizens to get involved? We already know how that worked out for the armed and trained professionals.
https://twitter.com/cel_decicco/status/1408127188671647748
If law enforcement wants an uncritical platform to broadcast their lies and omissions with no questions (or only softball questions that presuppose the frame that they’re telling the truth), they already have every major media outlet in their locale. They don’t need the Blue Alerts to get the word out, or to advertise a cash reward for information leading to an arrest. They already have channels for that.
Why are Blue Alerts a thing? The best reason I’ve been able to discern is: Because the surviving families of deceased law enforcement officers want to feel like their loss is taken seriously. The need to “do something”–even when that something is meaningless, or even harmful, but still looks like a solution–is the essence of Security Theater.
But Blue Alerts aren’t as harmless as a mere expression of sheer self-entitlement over the rest of us unimportant proles.
Blue Alerts actually serve to make our society less safe by increasing Alarm Fatigue, which negatively impacts public safety by making people less focused when an alert comes in.
Alternatively, some people will actively disable Blue Alerts to prevent alarm fatigue. But, as stated above, there’s no way to disable them in isolation without also disabling other emergency alerts, which puts them at risk of being uninformed of an actual severe or extreme emergency.
Making the public less safe goes against the very predicate for why police forces exist in most states.
(Art by Khia.)Blue Alerts Are Copaganda (in Practice)
This one needs a bit of explaining. I’m going to focus on Florida, because it’s familiar to me.Blue Alerts were created in Florida in 2011 via an executive order by then-governor Rick Scott. According to Spectrum News 9, only three alerts have been issued since the system was created.
(Anecdote: I’ve had my own mobile phone since 2008 and never once received one until last week.)
The Florida Department of Law Enforcement identifies four criteria for a Blue Alert to be issued:
- A law enforcement officer must have been: seriously injured; killed by a subject(s); or become missing while in the line of duty under circumstances causing concern for the law enforcement officer’s safety.
- The investigating agency must determine that the offender(s) poses a serious risk to the public or to other law enforcement officers, and the alert may help avert further harm or assist in the apprehension of the suspect.
- A detailed description of the offender’s vehicle or other means of escape (vehicle tag or partial tag) must be available for broadcast to the public.
- The local law enforcement agency of jurisdiction must recommend issuing the Blue Alert.
That fourth requirement gives law enforcement a lot of discretion in deciding whether or not to issue a Blue Alert.
That power to arbitrarily decide whether or not to send one might explain why, despite having 2 cops killed in 2020 and 4 cops killed in 2018 due to shooting incidents (both in Florida alone, and I do not have access to data earlier than 2018), a Blue Alert wasn’t emitted for any of those incidents.
Gee, I wonder if something else could have happened last week to prompt law enforcement to exercise a rarely-used tool in their toolbelt?
What Happened Before June 2021’s Blue Alert
I’m not particularly clued into the specific events of the shooting that issued the Blue Alert, but there was a particularly embarrassing incident for law enforcement in Florida the day before that was starting to gain a lot of attention.Florida Highway Patrol tased a teenage boy in his girlfriend’s yard. And it was starting to get national media coverage.
Content Warning: Do not watch this video if violence–especially police violence–might cause you severe discomfort or trigger an involuntary psychological response to past trauma:
https://www.youtube.com/watch?v=n4wSkqQlA9o
I do not have, nor will I claim to have, any specific evidence that proves that the cops used the shooting in Volusia County, Florida as an excuse to trigger the surprising Blue Alert to confuse and distract the populace.
However, all cops are bastards, so I certainly suspect them of doing such a thing to cover for their buddies.
And since their mere suspicion is generally sufficient justification for cops to violate the Fourth Amendment with wild abandon, it’s only fair that my suspicion be sufficient to launch an investigation into their motives.
Just kidding!
We know the system is stilted in cops’ favor, which is why there’s a Blue Alert when a cop gets killed, but not a Stasi Alert when cops decide to murder an American citizen.
In Conclusion
Blue Alerts are not actionable for their recipients, and make the public less safe. Additionally, they provide the police yet another propaganda tool that I suspect they already used once to distract the public from an embarrassing news story.Here’s what needs to happen:
- Mobile Operating System developers need to create a dedicated toggle to disable Blue Alerts without disabling other emergency alerts.
- These toggles need to be easier to find and configure.
These aren’t political solutions, merely technological ones, but as a security engineer, that’s all I can offer.
https://soatok.blog/2021/07/02/blue-alerts-security-theater-and-copaganda/
#ACAB #BlueAlerts #Florida #police #policeState #Politics #publicSafety #SecurityTheater #Society #Technology
Earlier today, I made a Twitter shitpost that confused a lot of folks from the UK.
https://twitter.com/SoatokDhole/status/1403437113962545152
Now, anyone can be forgiven for not knowing what AES-GCM-SIV is, or for being confused by the grammar of the meme. But the source of confusion was the word “nonce”.
Let’s talk about what the word “nonce” means in cryptography, what it means in the UK, and why the UK is completely wrong.
(Art by Khia.)
What “Nonce” Means to Cryptographers
The word nonce means number to be used only once.
In some texts, you might see it written as 
If a cryptographic protocol uses a nonce, typically its security depends on the number never being reused with a given key. (It’s fine if two different people use the same nonce, as long as their keys are different.)
Simple, concise, reasonable. I can explain this definition to a fifth grader and they’ll understand it immediately.
I don’t even have to dive into the origins or etymology of the term for it to be understandable. No problems here.
What “Nonce” Means to UK Residents
To a British person, the word nonce means a child molester.
Okay, that escalated quickly. How the hell did they arrive at that definition?
Well, it turns out, the UK slang usage of the word “nonce” is derived from “nance”–derived from “nancy” or “nancyboy”, which is a homophobic and/or transphobic slur.
If you’re not familiar with the discourse of LGBTQIA+ rights, one of the common refrains of homophobes and right-wing extremists (two groups whose Venn diagram is nearly a circle) is that queer people are going to target children.
When I was in school, the way they phrased it was, “Because they cannot reproduce, they must recruit.“
So it doesn’t exactly require the world’s greatest cryptanalysts to figure out how a word associated with gender noncomformity and/or homosexuality would evolve into a synonym for sexual offender in the UK’s vernacular.
Thus, the British usage of the term “nonce” is propping up a lot of hateful and ignorant ideology. Whenever you use the word “nonce” to describe sexual abusers, you’re being incidentally queerphobic. Maybe consider not doing that?
If you really want to insult someone, or imply they’re a threat to the safety of children, just call them a a friend of Jimmy Savile. Or if you want to go low-brow, just call them a paedo. Everyone understands “paedo”!
Why Not Just “Initialization Vector”?
A lot of people in cryptography who are aware of the British slang (but probably not its origins, until now) try to side-step their use of the word “nonce” by calling it an “initialization vector” instead; often abbreviated as IV.
This isn’t helpful for two reasons other than etymology and connotation.
- Initialization vector means different things to cryptographic constructions (i.e. block cipher modes) than to cryptographic primitives (i.e. hash function internals).
- When talking about constructions, the security requirements of an initialization vector are subtly different than a nonce.
- Nonces: Never repeat for a given key. (CTR, GCM, etc.)
- IVs: Never repeat and be unpredictable. (CBC, etc.)
A lot of cryptography libraries arbitrarily choose one term for their APIs, regardless of the mode used. For brevity, iv is tantalizingly convenient (but so is n), so you often see IV shoehorned everywhere.
For hash functions, the initialization vector is a constant that never changes. For block ciphers, it should always change (and, contrasted with a counter nonce, be an unpredictably random value). This makes the expected security properties of the term needlessly ambiguous.
A nonce is always intended to used once, and never reused.
There are already more than enough overloaded terms in cryptography (n.b. Galois/Counter Mode or Google Cloud Messaging? NaCl or Native Client?).
What About ECDSA Nonces?
ECDSA doesn’t really have a nonce, it has a one-time secret that MUST NOT ever repeat. This variable is called 
- It has to be a secret (where nonces and IVs can be public).
- You can’t even have a biased distribution of bits in
Calling the ECDSA k-value a “nonce” is a bad habit that many of us are guilty of, but it’s truly not a nonce.
Which Usage Has Deeper Historical Roots?
The UK slang is much younger than the cryptography (and broader) use of the word “nonce”, which originates from Middle English and means “occurring, used, or made only once or for a special occasion”.
If you’re someone who values that sort of thing, the UK slang still loses out to how cryptographers use the word.
Which Usage Is More Popular?
Almost nobody outside the UK uses the word “nonce” in a bad way. The overwhelming majority of the English-speaking world doesn’t agree with the UK. See also: Nonce word.
This term has been used in cryptography literature since at least 1978.
https://twitter.com/ciphergoth/status/1526668466614312966
In Closing
When a cryptographer talks about a nonce, the meaning of the term is clear, obvious, and NOT thinly-veiled queerphobia that crept into the local slang. It’s also more in line with how the word is used in non-cryptographic contexts outside the UK.
The UK usage of the word “nonce” is worse than the cryptographer usage, and therefore they should cede the word’s meaning to cryptographers.
(Y’know, unless you value queerphobic rhetoric that highly.)
(Art by Khia.)
Why Does This Even Matter?
Most of the time, when I’m discussing nonces in a cryptography or security context, it’s incredibly clear what I mean by the word. But I frequently have to explain to folks that hail from the UK that, no, I’m not talking about sexual offenders.
https://soatok.blog/2021/06/11/on-the-word-nonce-in-cryptography-and-the-uk/
#cryptography #etymology #nonce #Society #UK
There seems to be a lot of interest among software developers in the various cryptographic building blocks (block ciphers, hash functions, etc.), and more specifically how they stack up against each other.Today, we’re going to look at how some symmetric encryption methods stack up against each other.
If you’re just looking for a short list of cryptographic “right answers”, your cheat sheet can be found on Latacora’s blog.
Comparisons
- AES-GCM vs. ChaCha20-Poly1305
- AES-GCM vs. XChaCha20-Poly1305
- AES-GCM vs. AES-CCM
- AES-GCM vs. AES-GCM-SIV
- AES-GCM vs. AES-SIV
- AES-GCM-SIV vs. AES-SIV
- AES-GCM vs. AES-CBC
- AES-GCM vs. AES-CTR
- AES-CBC vs. AES-CTR
- AES-CBC vs. AES-ECB
- AES vs. Blowfish
- ChaCha vs. Salsa20
- ChaCha vs. RC4
- Cipher Cascades
AES-GCM vs. ChaCha20-Poly1305
- If you have hardware acceleration (e.g. AES-NI), then AES-GCM provides better performance. If you do not, AES-GCM is either slower than ChaCha20-Poly1305, or it leaks your encryption keys in cache timing.
- Neither algorithm is message committing, which makes both unsuitable for algorithms like OPAQUE (explanation).
- AES-GCM can target multiple security levels (128-bit, 192-bit, 256-bit), whereas ChaCha20-Poly1305 is only defined at the 256-bit security level.
- Nonce size:
- AES-GCM: Varies, but standard is 96 bits (12 bytes). If you supply a longer nonce, this gets hashed down to 16 bytes.
- ChaCha20-Poly1305: The standardized version uses 96-bit nonces (12 bytes), but the original used 64-bit nonces (8 bytes).
- Wearout of a single (key, nonce) pair:
- AES-GCM: Messages must be less than 2^32 – 2 blocks (a.k.a. 2^36 – 32 bytes, a.k.a. 2^39 – 256 bits). This also makes the security analysis of AES-GCM with long nonces complicated, since the hashed nonce doesn’t start with the lower 4 bytes set to 00 00 00 02.
- ChaCha20-Poly1305: ChaCha has an internal counter (32 bits in the standardized IETF variant, 64 bits in the original design).
- Neither algorithm is nonce misuse resistant.
Conclusion: Both are good options. AES-GCM can be faster with hardware support, but pure-software implementations of ChaCha20-Poly1305 are almost always fast and constant-time.
AES-GCM vs. XChaCha20-Poly1305
- XChaCha20 accepts 192-bit nonces (24 bytes). The first 16 of the nonce are used with the ChaCha key to derive a subkey, and then the rest of this algorithm is the same as ChaCha20-Poly1305.
- To compare AES-GCM and ChaCha20-Poly1305 for encryption, see above.
- The longer nonce makes XChaCha20-Poly1305 better suited for long-lived keys (i.e. application-layer cryptography) than AES-GCM.
Conclusion: If you’re using the same key for a large number of messages, XChaCha20-Poly1305 has a wider safety margin than AES-GCM. Therefore, XChaCha20-Poly1305 should be preferred in those cases.
AES-GCM vs. AES-CCM
AES-GCM is AES in Galois/Counter Mode, AES-CCM is AES in Counter with CBC-MAC mode.Although I previously stated that AES-GCM is possibly my least favorite AEAD, AES-CCM is decidedly worse: AES-GCM is Encrypt-then-MAC, while AES-CCM is MAC-then-encrypt.
Sure, CCM mode has a security proof that arguably justifies violating the cryptographic doom principle, but I contend the only time it’s worthwhile to do that is when you’re building a nonce-misuse resistant mode (i.e. AES-GCM-SIV).
A lot of cryptography libraries simply don’t even implement AES-CCM; or if they do, it’s disabled by default (i.e. OpenSSL). A notable exception is the Stanford Javascript Cryptography Library, which defaults to AES-CCM + PBKDF2 for encryption.
Conclusion: Just use AES-GCM.
AES-GCM vs. AES-GCM-SIV
AES-GCM-SIV encryption runs at 70% the speed of AES-GCM, but decryption is just as fast. What does this 30% encryption slowdown buy? Nonce misuse resistance.
Nonce misuse resistance is really cool. (Art by Swizz)
The algorithms are significantly different:
- AES-GCM is basically AES-CTR, then GMAC (parameterized by the key and nonce) is applied over the AAD and ciphertext. (Encrypt then MAC)
- AES-GCM-SIV derives two distinct keys from the nonce and key, then uses POLYVAL (which is related to GHASH) over the AAD and message with the first key to generate the tag. Then the tag used to derive a series of AES inputs that, when encrypted with the second key, are XORed with the blocks of the message (basically counter mode). (MAC then Encrypt)
AES-GCM is a simpler algorithm to analyze. AES-GCM-SIV provides a greater safety margin. However, like AES-GCM, AES-GCM-SIV is also vulnerable to the Invisible Salamanders attack.
So really, use which ever you want.
Better security comes from AES-GCM-SIV, better encryption performance comes from AES-GCM. What are your priorities?
https://twitter.com/colmmacc/status/986286693572493312
Conclusion: AES-GCM-SIV is better, but both are fine.
AES-GCM vs. AES-SIV
At the risk of being overly reductionist, AES-SIV is basically a nonce misuse resistant variant of AES-CCM:
- Where AES-CCM uses CBC-MAC, AES-SIV uses CMAC, which is based on CBC-MAC but with a doubling step (left shift then XOR with the round constant).
- AES-SIV is MAC then encrypt (so is AES-CCM).
- AES-SIV uses AES-CTR (so does AES-CCM).
If you need nonce misuse resistance, AES-SIV is a tempting choice, but you’re going to get better performance out of AES-GCM.
AES-GCM also has the added advantage of not relying on CBC-MAC.
Conclusion: Prefer AES-GCM in most threat models, AES-SIV in narrower threat models where nonce misuse is the foremost security risk.
AES-GCM-SIV vs. AES-SIV
If you read the previous two sections, the conclusion here should be obvious.
- AES-GCM-SIV is slightly better than AES-GCM.
- AES-GCM is better than AES-SIV.
Conclusion: Use AES-GCM-SIV.
AES-GCM vs. AES-CBC
Just use AES-GCM. No contest.AES-GCM is an authenticated encryption mode. It doesn’t just provide confidentiality by encrypting your message, it also provides integrity (which guarantees that nobody tampered with the encrypted message over the wire).
If you select AES-CBC instead of AES-GCM, you’re opening your systems to a type of attack called a padding oracle (which lets attackers decrypt messages without the key, by replaying altered ciphertexts and studying the behavior of your application).
If you must use AES-CBC, then you must also MAC your ciphertext (and the initialization vector–IV for short). You should also devise some sort of key-separation mechanism so you’re not using the same key for two different algorithms. Even something like this is fine:
- encKey := HmacSha256(“encryption-cbc-hmac”, key)
- macKey := HmacSha256(“authentication-cbc-hmac”, key)
- iv := RandomBytes(16)
- ciphertext := AesCbc(plaintext, iv, encKey)
- tag := HmacSha256(iv + ciphertext, macKey)
For decryption you need a secure compare function. If one is not available to you, or you cannot guarantee it will run in constant time, a second HMAC call with a random per-comparison key will suffice.
There is no possible world in which case unauthenticated AES-CBC is a safer choice than AES-GCM.
AES-CBC + HMAC-SHA256 (encrypt then MAC) is message-committing and therefore can be safely used with algorithms like OPAQUE.
The Signal Protocol uses AES-CBC + HMAC-SHA2 for message encryption.
AES-GCM vs. AES-CTR
Just use AES-GCM. No contest.Unlike AES-GCM, AES-CTR doesn’t provide any message integrity guarantees. However, strictly speaking, AES-GCM uses AES-CTR under the hood.
If you must use AES-CTR, the same rules apply as for AES-CBC:
- encKey := HmacSha256(“encryption-ctr-hmac”, key)
- macKey := HmacSha256(“authentication-ctr-hmac”, key)
- nonce := RandomBytes(16)
- ciphertext := AesCtr(plaintext, nonce, encKey)
- tag := HmacSha256(nonce + ciphertext, macKey)
For decryption you need a secure compare function.
AES-CTR + HMAC-SHA256 (encrypt then MAC) is message-committing and therefore can be safely used with algorithms like OPAQUE.
AES-CBC vs. AES-CTR
If you find yourself trying to decide between CBC mode and CTR mode, you should probably save yourself the headache and just use GCM instead.That being said:
AES-CTR fails harder than AES-CBC when you reuse an IV/nonce.
AES-CBC requires a padding scheme (e.g. PKCS #7 padding) which adds unnecessary algorithmic complexity.
If you have to decide between the two, and you have a robust extended-nonce key-splitting scheme in place, opt for AES-CTR. But really, unless you’re a cryptography engineer well-versed in the nuances and failure modes of these algorithms, you shouldn’t even be making this choice.
AES-CBC vs. AES-ECB
Never use ECB mode. ECB mode lacks semantic security.Block cipher modes that support initialization vectors were invented to compensate for this shortcoming.
Conclusion: If you’re trying to decide between these two, you’ve already lost. Rethink your strategy.
AES vs. Blowfish
A lot of OpenVPN configurations in the wild default to Blowfish for encryption. To the authors of these configuration files, I have but one question:
Why?! (Art by Khia)
Sure, you might think, “But Blowfish supports up to 448-bit keys and is therefore more secure than even 256-bit AES.”
Cryptographic security isn’t a dick-measuring contest. Key size isn’t everything. More key isn’t more security.
AES is a block cipher with a 128-bit block size. Blowfish is a block cipher with a 64-bit block size. This means that Blowfish in CBC mode is vulnerable to birthday attacks in a practical setting.
AES has received several orders of magnitude more scrutiny from cryptography experts than Blowfish has.
Conclusion: Use AES instead of Blowfish.
ChaCha vs. Salsa20
Salsa20 is an eSTREAM finalist stream cipher. After years of cryptanalysis, reduced round variants of Salsa20 (specifically, Salsa20/7 with a 128-bit key) were found to be breakable. In response to this, a variant called ChaCha was published that increased the per-round diffusion.That is to say: ChaCha is generally more secure than Salsa20 with similar or slightly better performance. If you have to choose between the two, go for ChaCha.
Conclusion: Your choice (both are good but ChaCha is slightly better).
ChaCha vs. RC4
Don’t use RC4 for anything! What are you doing?
My reaction when I read that the CIA was using a modified RC4 in their Assassin malware instead of a secure stream cipher, per the Vault7 leaks. (Art by Khia)
RC4 was a stream cipher–allegedly designed by Ron Rivest and leaked onto a mailing list–that has been thoroughly demolished by cryptanalysis. RC4 is not secure and should never be relied on for security.
Conclusion: Use ChaCha. Never use RC4.
Cipher Cascades
A cipher cascade is when you encrypt a message with one cipher, and then encrypt the ciphertext with another cipher, sometimes multiple times. One example: TripleSec by Keybase, which combines AES and Salsa20 (and, formerly, Twofish–an AES finalist).Cipher cascades don’t meaningfully improve security in realistic threat models. However, if your threat model includes “AES is broken or backdoored by the NSA”, a cipher cascade using AES is safer than just selecting a nonstandard cipher instead of AES. However, they’re necessarily slower than just using AES would be.
If you’re worried about this, your time is better spent worrying about key management, side-channel attacks, and software supply chain attacks.
Conclusion: Avoid cipher cascades, but they’re better than recklessly paranoid alternatives.
Symmetric Encryption Rankings
So with all of the above information, can we rank these algorithms into tiers?
Art by Riley
Sort of! Although it’s based on the above analyses, ranking is inherently subjective. So what follows is entirely the author’s opinion of their relative goodness/badness.
S XChaCha20-Poly1305, AES-GCM-SIV A AES-GCM, ChaCha20-Poly1305 B AES-SIV C AES-CTR + HMAC-SHA2, AES-CBC + HMAC-SHA2 D AES-CCM F Any: AES-ECB, RC4, Blowfish
Unauthenticated: AES-CBC, AES-CTR, Salsa20, ChaChaSoatok’s ranking of symmetric encryption methods
https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/#AEAD #AES #AESGCM #AESGCMSIV #ChaCha20Poly1305 #ciphers #comparison #cryptography #encryption #NMRAEAD #ranking #SecurityGuidance #streamCiphers #symmetricCryptography #symmetricEncryption #XChaCha20Poly1305
Normally when you see an article that talks about cryptocurrency come across your timeline, you can safely sort it squarely into two camps: For and Against. If you’re like me, you might even make a game out of trying to classify it into one bucket or the other from the first paragraph–sort of like how people treat biological sex–and then reading to see if you were right or not. Most of the time, you don’t even have to read past the headline to know where the author stands.
Unfortunately, the topic of cryptocurrency is complicated in ways only nerds could envision. And I’m not even talking about the cryptography involved when I say that.
Cryptocurrency is one of those cans I keep kicking down the road, lest all of its worms escape. I’m neither an enthusiast who wants to pump dogecoin to the moon, nor a detractor who thinks that the idea of digital cash is inherently stupid.
https://twitter.com/FiloSottile/status/1380576100888281094
The “crypto means cryptography” trope exists because, after Bitcoin’s first price hike, a shitload of speculative investors flooded cryptography forums and drowned out the usual participants’ discussions. I’ve previously said that some gatekeeping is necessary for the maintenance group identity, and that the excess of this minimum amount is what creates toxicity. Unfortunately, this trope has far exceeded the LD50 for healthy discourse.
Some of my friends make their living working on cryptocurrency projects–as researchers, mathematicians, programmers, security engineers, and so on. A lot of the interesting cryptography breakthroughs we’ll see in the next 10-15 years will be, at least in part, the result of cryptographers working in the cryptocurrency space. It’s difficult to talk about zero-knowledge proofs without acknowledging some of the kick-ass research the Electric Coin Company has done in order to launch their privacy-preserving cryptocurrency, and that’s only one example.
Here’s cryptographer Jean-Phillipe Aumasson, whose employer is launching a regulated cryptocurrency marketplace:
https://twitter.com/veorq/status/1384045994413678598
If you’re not familiar with JP’s work, he wrote several cryptography books (including Serious Cryptography), contributed to several hash functions (SipHash, BLAKE2, and BLAKE3), and initiated the Password Hashing Competition that resulted in Argon2.
However, there’s also a lot of bullshit in the cryptocurrency space.
- Years of securities fraud enabled by “Initial Coin Offerings” (ICOs) on the Ethereum blockchain. Most famously: Bitcoiin (yes, with two I’s) whose spokesman was bad movie star, Steven Seagal.
- The plague of hacked Twitter accounts pretending to be Elon Musk, perpetuating a “give me some $ and I’ll give you more back” scam that’s sadly effective.
- The whole cryptoart / NFT debacle.
- Litanies of startups trying to “use blockchain to solve X problem” without ever asking if the problem warrants a blockchain in the first place.
- Every microgram of drama related to John McAfee.
And those are just the items I can list off, off the top of my head. The awfulness surrounding cryptocurrency is like a fractal: The deeper you look at it, the more shit you see.
Cryptocurrency Subculture: A Tale of Too Shitty
The world’s most successful cryptocurrency to date, Bitcoin, was created in 2008 by an anonymous cryptographer who liked to be known as Satoshi Nakamoto and distributed on metzdowd.com, a mailing list created by a group of cryptoanarchists that called themselves “cypherpunks”.
At the risk of being overly reductive, cryptoanarchists are people who believe strongly in a right to privacy and therefore the right to use cryptography to protect communications from others–be it governments, corporations, or jealous ex-lovers. The cypherpunks were a group of cryptoanarchists that also wrote code. It’s a wordplay on “cyberpunk”.
It’s difficult to speculate about the intentions or politics of Satoshi Nakamoto, considering they said very little of substance about their private beliefs, and no longer answer emails from random strangers. However, given their presence on metzdowd, it’s reasonable to propose they were at least sympathetic to the cypherpunks’ cause.
Most outspoken cryptocurrency enthusiasts today are not like Satoshi Nakamoto. They don’t understand or frankly give a shit about complex, nuanced points about privacy and the government machinations underpinning public safety–let alone how that intersects with the racist history of the institutions charged with keeping the public safe. They’re largely anarcho-capitalists who want to make as much money as they can and, in turn, pay as little as possible in taxes.
How do you make money in cryptocurrency?
By obtaining some amount of a coin, then convincing other people to buy it to drive up the demand, and therefore the price, and then sell at a later date. Then you can sell your coins at a higher price than you paid (either directly, or through energy costs from “mining”) and pocket your profits.
Don’t let the name fool you: anarcho-capitalists (a.k.a. ancaps) aren’t anarchists (and furthermore, cryptocurrency-manic ancaps aren’t cryptoanarchists). Here’s a helpful video to disambiguate the terms involved:
https://www.youtube.com/watch?v=OOTlxsn8tWc
If I said that large swaths of the cryptocurrency community was generally shitty, I would not be the first to make this observation. The earliest Bitcoin events were caricatures of the kind of toxic sexist excess that dominates chauvinistic power fantasies. (“When lambo?”)
It’s not just the bad politics or the stark contrast between cryptocurrency in practice and cryptocurrency as envisioned by the earliest architects on the metzdowd cryptography mailing list.
Last year I wrote about a dumb attack against the second hash function used by the cryptocurrency, IOTA. After I wrote this story, my Twitter mentions and DMs were flooded with astroturfing attempts by IOTA enthusiasts. Nearly a year later, most of those have been deleted–presumably because of an account suspension.
https://twitter.com/HapaRekk/status/1283485380004597760
Before IOTA, Monero enthusiasts used to engage in bad faith with anyone that dared criticize their favorite cryptocurrency project on Reddit or Hacker News.
To be clear: I don’t think that cryptocurrency projects or their developers are ever necessarily responsible for the behavior of their users. Sometimes you find toxic assholes like Sergey Ivancheglo (the IOTA developer that threatened security researchers) at the helm, and then immediately jettison it until they leave (to great fanfare of the non-toxic part of their community).
I don’t want to overstate my case here. A lot of blockchainiacs are just downright awful people. The absolute worst. But I’ve found over the years that, the less a person talks about cryptocurrency as a financial endeavor (e.g. speculative trading), the less likely they are to be shitty. It’s not a law of the universe, but it’s a useful measuring stick.
But with all that in mind, an obvious question emerges.
If there’s so much awful shit surrounding cryptocurrency, why would furries (a subculture that constantly receives endless helpings of flak from society at large) ever venture near cryptocurrency?
The Politics Inherent to Furry Identity
A lot of Americans like to think of themselves as “Free Speech” proponents. Some of them get all sweaty over whether or not they should be allowed to broadcast, and profit from, bigoted or hateful content laden with slurs.
And yet, the most censored people in American society are, without a doubt, sex workers. And you rarely hear any so-called “Free Speech” proponents give an iota of shit about the plight of sex workers. They can’t even freely engage in commerce here.
Sex work is explicitly banned by most financial service providers, such as PayPal. It’s exceedingly difficult for sex workers to make ends meet without constantly having to worry about their accounts being frozen and funds inaccessible.
There are a lot of reasons why the plight of sex workers is so bad in America. At the top of the list is the intersection of conservative politics and evangelical Christianity, which overall condemns healthy and consensual expressions of human sexuality. (Ever noticed how the only people who think they have a “sex addiction” are religious or right-wing? Not a coincidence.)
Do you know who else is a target of evangelicals and conservatives?
Furries, as you might know, are widely considered an LGBTQIA+ subculture (although not all of us are LGBTQIA+; only about 80%). But we’re more than just an LGBTQIA+ subculture. We’re also a vibrant community filled with skilled artists. Some of this art is pornographic in nature. It turns out, when queer people aren’t forced into the closet, they tend to embrace shameless authenticity and celebrate their romantic and sexual attractions with pride.
https://twitter.com/Pinboard/status/992819169593716737
A few years ago, the Death Eaters in Congress passed two bills (FOSTA and SESTA) that were advertised as an attempt to crack down on “sex trafficking”.
In practice, these laws killed Pounced.org–the only furry “dating” site at the time that wasn’t a sketchy cash grab (FurryMate, FurFling, etc.). Pounced.org died because the cost to avoid being criminally prosecuted under these laws was so exorbitant that they couldn’t sustain the website anymore, and it probably wasn’t the only small dating site to be killed by poor legislation. Only the big players could really have front-loaded these costs.
Which leads to the meat of this issue…
Why Furries Might Be Interested in Cryptocurrency
Cryptocurrency can be very attractive to members of the furry fandom because of the bullshit baked into the societies and cultures we exist in.
Cryptocurrency promises to be permissionless and decentralized; to bank the unbanked. If you make your living filling up someone else’s spank bank, the idea of creepy rich white men not being able to exercise targeted censorship against you or your family is, frankly, irresistible.
“Can’t use PayPal for your trade? Just setup a cryptocurrency wallet and give a different address to each of your clients, and instructions on how to access some vaguely reputable cryptocurrency exchange.”
Granted, most furries aren’t sex workers or porn artists, but some of our friends are, and we want to see them protected. But there’s another threat that cryptocurrency promises to alleviate: Chargeback fraud.
(Art by Khia)
This is the usual story (although exceptions do exist) I heard from my artist friends:
Someone under 18 decides they want to commission an artist they cannot personally afford, so they steal their parent’s credit card and use it to pay for a commission. Later–often after the work has been completed and delivered to the client–their parent notices the unauthorized charge on their credit card, and issues a chargeback.
Not only does this steal from the artist, but it incurs a $35 fee and increases the risk of their account being permanently suspended by their payment provider–thereby preventing them from accessing the funds paid to them by legitimate customers.
“Thanks for the free art! Now you’re at least $35 poorer and maybe lost your only lifeline out of perpetual poverty.”— Assholes
And thus, the Siren Song repeats once again!
Cryptocurrency doesn’t prevent chargeback fraud, but it does shift the risk from independent artists that have no capital or political power and onto billion dollar financial institutions like Coinbase.
Once the cryptocurrency has been transferred from the Coinbase wallet to the furry artist, it cannot be unspent. Bad faith behavior might still happen, but the artist doesn’t risk their livelihood because of it.
And that’s why, when furry auction site The Dealer’s Den announced a plan to rebuild with “Blockchain Technology”, I didn’t even bat an eye. It seems like an obvious solution to a pervasive unsolved problem to me.
Sure, it’d be great if we could solve this problem with sensible civil policy. But when is that going to finally happen? After all, we’re talking about the same governments that bungled COVID-19 last year, and the AIDS crisis last century, and so on…
https://www.youtube.com/watch?v=aJtvKSUPICA
However, and this bears emphasizing, the CryptoArt / NFT trend is not a valid reason to get involved in cryptocurency! As I said on Twitter:
https://twitter.com/SoatokDhole/status/1370045499122843654
https://twitter.com/SoatokDhole/status/1370046285798064128
https://twitter.com/SoatokDhole/status/1370047071949033472
https://twitter.com/SoatokDhole/status/1370047509314297862
So, super long preamble aside, what I thought I’d do today is talk a bit about cryptocurrency and how to engage with the topic responsibly, especially if you’re trying to mitigate the damage of the systems we inherited.
Cryptocurrency For Furries
I’m going to be very light on technical jargon, in the interests of accessibility, but at the risk of being imprecise.
No two cryptocurrencies are created equal. If you’re hoping to use one to mitigate systemic harms to our community, I implore you to learn the technical details in depth.
Decentralized Consensus
Cryptocurrencies can be classified by something called their consensus mechanism, which is how they can maintain a consistent ledger without being centralized. It doesn’t really matter, for the purpose of this article, how any of them work. I’m happy to dive into that in a future blog post, should anyone want it.
What you need to know is that Proof-of-Work (PoW) consensus algorithms are designed to maximize energy waste across the entire cryptocurrency network. That’s how it maintains its security against different kinds of esoteric-sounding attacks.
When you “mine” a Proof-of-Work cryptocurrency, what you’re doing is solving a computationally hard puzzle (e.g. find a number that, when combined with the previous block’s hash and your address and hashed, produces a specific number of leading 0 bits determined by an algorithm to ensure this happens at a set average frequency of time), which results in the entire network agreeing that your address gets the “block reward” (a fixed amount of whatever currency) plus transaction fees.
Cryptocurrency discussions frequently invite conversations about the environmental impact of mining. Proof-of-Work is the cause for this excess energy use which certainly contributes to global climate change.
So, if you’re going to get involved with cryptocurrency without contributing to global climate disaster, you’re going to want to avoid Proof-of-Work cryptocurrencies. There are several other options to choose from.
Proof-of-Stake is popular among my cryptocurrency nerd friends, although it receives a fair bit of criticism from experts (especially the “nothing at stake” problem). Ask your cryptographer. It’s probably not me.
On-Chain Privacy
The vaunted “blockchain” is a public, transparent record of all transactions.
When you use a cryptocurrency like Bitcoin, it’s sort of like tweeting your financial activities for the world to see.
“But nobody knows who owns this address,” Bitcoin maximalists might argue. To which I point out: Nobody is supposed to know your sockpuppet Twitter accounts either, but when you use them to harass someone right after they block your main account, we know it’s you.
(Art by Khia)
Some cryptocurrencies, like Zcash, try to provide something like TLS for your transactions. When you use shielded Zcash addresses, the transaction amounts and recipients are encrypted, and this ciphertext is accompanied by a zero-knowledge proof to ensure the total amount in the shielded and unshielded pools remains consistent.
I highly implore you to choose a cryptocurrency that has on-chain privacy, especially if your target audience includes queer people and/or sex workers.
Mainstream Appeal
Finding a privacy-preserving cryptocurrency that doesn’t equate to Global Warming Bucks is a tall order, but if you want people to actually use a cryptocurrency, it needs to be accessible.
By accessible, I mean available on all the mainstream cryptocurrency exchange platforms (Coinbase, Binance, Bitfinex, etc.).
This might sound like pointless gatekeeping, but remember: They have the money and lawyers to negotiate with the economic powerhouses of the world, while sex workers and furry artists do not.
Cryptographic Security
Any regular reader of Dhole Moments probably saw this section coming a mile away, but an important consideration for a cryptocurrency to build upon is whether or not it’s actually secure.
This is where things get tricky. Weird or poor choices in cryptographic algorithm don’t seem to matter much.
Bitcoin uses ECDSA over Koblitz curves. IOTA shipped two broken hash functions, threatened researchers, and then tried to claim the first broken hash function was backdoored for “copy protection”. The CryptoNote currencies (n.b. Monero) tried to build on EdDSA but introduced a double spend attack.
I’m certainly not qualified to audit an entire cryptocurrency and say “yes/no” on its security. But any cryptocurrency you consider should at least pass a smoke test from your cryptographer.
Which Cryptocurrency Should I Choose?
If you’re looking for a cryptocurrency that’s secure, accessible, privacy-preserving, and doesn’t waste a fuck ton of energy all the time, the short answer is that there is none. You’re going to have to make a trade-off.
(Art by Khia)
I’m sure there are cryptocurrency projects that use privacy-preserving technologies without a Proof-of-Work algorithm, and their design and implementation might even be secure! But, to date, I’m not aware of any such projects that also have mainstream accessibility on large exchange platforms.
You’ll notice that I didn’t mention price volatility in my list above. There’s two reasons for that:
- I’m not a financial expert. For all I know, price volatility might be something you want out of your cryptocurrency, especially if you’re LARPing a day trader.
- It’s hard enough to make this choice without adding more complications to the formula.
If Zcash ever adopted a consensus algorithm that wasn’t Proof-of-Work, it’d be a shoe-in for me to recommend. It checks all the other boxes neatly and is one of the most interesting cryptography projects on the Internet, after all.
In the meantime, maybe some other project will fill this niche and become widely accessible for everyone. There’s a lot of exciting and/or scary things happening with cryptocurrency research.
If you’re stuck with a hard decision, honestly, just do the best you can and be very transparent about the trade-offs you’re making and why you’re making them. Then ask a friend or expert to check your reasoning before you commit to it. “Do nothing” also needs to be publicly considered, no matter how absurd it might seem.
Disclaimers and Other Remarks
I do not work with cryptocurrency in my dayjob. I’d like to say that, consequently, I don’t have a conflict of interest, but all humans have subconscious biases, and a lot of my favorite people in cryptography do work in or with cryptocurrency. I want my friends to be able to continue to do awesome work without feeling ashamed.
https://twitter.com/cryptolexicon/status/1331712883403722752
Thus, I don’t care if you invest in Bitcoin or Dogecoin or whatever. Shoot for the moon while you awoo at the moon. Just be careful; for every winner, there’s at least one loser.
(Art by Khia)
I’m a fan of transparency logs–which are often compared to blockchains, but without the currency aspect. If you’re not familiar, read up on Trillian and Chronicle. Notably, Trillian is the backbone of Certificate Transparency, which helps keep the CA infrastructure honest and consequently makes HTTPS safer for everyone.
https://soatok.blog/2021/04/19/a-furrys-guide-to-cryptocurrency/
#Cryptocurrency #furries #furry #furryArtists #FurryFandom #Politics #Society
If you’ve somehow never encountered an Internet meme before, you may be surprised to learn that the number 69 is often associated with sex (and, more specifically, a particular sex act).This happens to be the 69th blog post published on Dhole Moments, since I started the blog in April 2020.
You could even go as far as to say it’s the 4/20 +69th post, for maximum meme potential.
42069, get it? (Art by Khia)
However! I make a concerted effort to keep my blog safe-for-work, so if you’re worried about this post being flooded with furry porn (a.k.a. yiff art), or cropped yiff memes, or any other such lascivious nonsense, you won’t find any of that on this blog. (Sorry to disappoint.)
Instead, I’d like to take the opportunity to correct some public misconceptions about human sexuality, identity, and how these topics relate to the furry fandom.
Is Furry a Sex Thing?
I find it difficult to overstate how often people assume the “furry is a sex thing” premise. Especially on technical forums.But let’s backtrack for a second. What isn’t a sex thing?
Art by Khia.
This turns out to be a difficult question to answer. Even Wikipedia’s somewhat concise list of paraphilias doesn’t leave a lot of topics off the table.
Are shoes a sex thing? Are cigarettes? Poetry?
Comic from Saturday Morning Breakfast Cereal.
Hell, one might be tempted to cry foul on the header image used in this blog post for including tentacles, hypnotic eyes, and footpaws in the same image. (Scandalous!) But if you look at the uncropped versions of these images, you’ll quickly realize they aren’t yiffy.
Top Art by AtlasInu.
Bottom: Created by FlashWhite_. Fox is Kiit Lock.
The more you read about this topic, the more you’ll realize this question is inert. Anything can be a sex thing. Humans are largely a sexual species, and sex is deeply ingrained in our culture (which can make life awkward for asexual people).Instead, the question of whether or not the furry fandom is sexual becomes a bit of a Rorschach test for one’s cognitive biases.
If you’re chiefly concerned with public image–especially when fursuiting in public, where kids can see–you’re incentivized to double down on the fact that the furry fandom is no more inherently sexual than anything else can be. And this is true.
If you’re concerned with cultivating a sex-positive environment where people can live out their sexual fantasies in a safe, sane, and consensual manner, you’re incentivized to insist that furry is a sexual thing. “We have murrsuits for crying out loud! Stop kink-shaming! Down with puritan ideologies on sex!” And this is also true.
Humans are largely sexual, so any activity humans engage in will inevitably involve people sexualizing it. Even tupperware parties, for fuck’s sake! Anyone who believes there is a “Rule 34 of the Internet” tacitly acknowledges this fact, even if it’s inconvenient for a narrative they’re trying to spin.
So while this might be a meaningless question, one has to wonder…
Why Does Everyone Care So Much If Being a Furry (In Particular) Is Sexual or Not?
To understand what’s really happening here, you need to know a few things about the furry fandom.
- Approximately 80% of furries are LGBTQIA+ (source).
- Early anti-furry sentiments were motivated by queerphobia, especially on forums like Something Awful–and the influence of early hateful memes can still be seen to this day.
https://twitter.com/spacetwinks/status/728349066178998274
One of the Something Awful staff eventually acknowledged and apologized for this.
Archived from here. To corroborate, an Internet author named Maddox once parodied SomethingAwful’s hateful obsession with furries.
There was even a movement within the furry fandom history (the “Burned Furs“) that aimed to excise queerness and sex-positivity from the community. It’s no coincidence that a lot of the former Burned Furs joined with the alt-right movement within the furry fandom.
The alt-right is explicitly queerphobic; especially against trans people. But it’s not just queerphobic; it’s also an ableist and racist movement.
Regardless of sexual orientation, a lot of furries are neurodivergent, too.
Simply put: The reason that most people care whether or not furries are sexual is rooted in the propensity of anti-furry rhetoric in Internet culture, which was motivated at its inception by mostly queerphobia with a dash of ableism.
Art by Khia.
The notion that furries are “too sexual” originated as a dog-whistle for “too gay”, and caught on with people who didn’t know the hidden meaning of the idea. Now a lot of people repeat these ideas without intending or even knowing their roots, and many more have internalized shame about the whole situation.
Unfortunately, this even precipitates into the furry fandom itself, which leads to an unfortunate cyclical discourse that takes place largely on Furry Twitter.
Original tweet unavailable
Furry Isn’t a Sexuality. There is no F in LGBT!
If you publicly state “anti-furry rhetoric is largely queerphobic dog-whistles”, you will inevitably hear someone try to retort this way. So let’s be very clear about it.Furry isn’t its own sexual identity, and I would never claim otherwise.
Unlike transgender people, furries do not experience anything like “species dysphoria” (although therians/otherkin do report experiencing this; don’t conflate the two).
What’s happening here is: Most furries (about 80% of us) have separate sexual/gender identities that deviate from the heteronormative. A lot of queerphobia is easier to sell when you convey it through dog-whistles. So that’s what bigots did.
Polite company that wouldn’t partake in queer-bashing is often willing to laugh at the notion of “Beat A Furry Day“.
Anyone who tries to twist this acknowledgement to mean something ridiculous like an LGBTF movement is either being irrational or a 4chan troll.
Art by Khia.
For related reasons, you shouldn’t ever feel the need to “come out” as a furry.
https://www.youtube.com/watch?v=ZG2DRLimBSM
It’s okay to just really like Beastars, Zootopia, or even the Furry aspects of the Minecraft and Roblox communities. It doesn’t make you a sex-freak.
What’s the Take-Away?
It doesn’t really matter if the furry fandom has a sexual side to it. Everything does! The people who proclaim to care very much about this care for all the wrong reasons. Don’t be one of them.
Art by Swizz.
And remember: Lewd furries aren’t furry trash; we’re yiff-raff!
Sex Isn’t Well-Defined Either
While we’re talking about sex, did you know that biological sex isn’t neatly divided into “male” and “female”? This isn’t an ideological position; it’s a scientific one. Just ask a biologist!https://twitter.com/JUNIUS_64/status/1054387892624285699
Trans and nonbinary people change gender (which is about your role within society) from what they were assigned at birth, but even sex itself isn’t so concrete.
The next time someone tries to appeal to “science” when talking about trans rights and then vomits up some unenlightened K-12 explanation of human reproduction and biological sex, remind them that science disagrees with their oversimplified and outdated mental model–and they might know this if they kept up with scientists.
Where Can I Learn More About the Sexual Side of the Furry Fandom?
Important: If you’re under the age of 18, you should stay out of adult spaces until you’re old enough to participate. No excuses.If you’re looking for pornographic furry art (also called “yiff”), most furry art sites (FurryLife, FurAffinity, etc.) have adult content filters that you can turn off when you register an account.
If you’re looking for something more interactive, there’s a swath of furries that develop private VR experiences for 18+ audiences. One of the most well-funded Patreon artists makes adult furry games.
If you’re curious about why and how people express their sexuality when fursuiting (also called “murrsuiting”), there’s a subreddit for that.
It’s really not hard to find. This is one of the advantages of furry being a largely sex-positive community.
Furry YouTuber Ragehound even has a series about Furries After Dark if you want to learn more about these topics.
https://www.youtube.com/watch?v=nGOlQJDO5no
Finally, similar to how 69 is a meme number for sex, furries have an additional meme number (621) that comes from the name of an adult furry website (e621.net).
You now have enough knowledge to navigate the adult side of the fandom. Just don’t come crying to me when you develop the uncanny knack for recognizing which r/furry_irl posts are actually cropped yiff versus wholly worksafe art.
https://soatok.blog/2021/04/02/the-furry-sexuality-blog-post/
#furries #furry #FurryFandom #LGBTQIA_ #Society
The year 2021 has taught us, if nothing else, that we can be sure that lies, misinformation, and bullshit are post-scarce resources in modern society.
In such an information economy, it should come as no surprise–yet an abundance of disappointment–that ideas like the “Sigma Male” even exist.
What is a Sigma Male?
I’m not going to mince words.
https://twitter.com/LilySimpson1312/status/1353674278722392066
“Sigma Male” is a ploy to recruit insecure young men into the same involuntary celibate (incel) / anti-feminist / pick-up artist trifecta that’s been making the Internet a worse place for everyone since at least 2005, and an evolution of the widely debunked “alpha male” myth.
https://www.youtube.com/watch?v=YTyQgwVvYyc
Trust me on this one, guys: I’m a gay furry. The whole alpha/beta dynamic gets referenced a lot by neophytes to furry/kink culture. Sometimes we entertain it as harmless fun, but practically no one (especially with a canid fursona) takes it remotely seriously.
Why is This Even a Thing?
Let me tell you what’s really going on here:
When the career date-rapists and grifters behind the pick-up artist and “alpha male” circle-jerk realized that their audience was becoming disillusioned by the fact that their attempts to act “more alpha” was not resulting in healthy sexual or romantic relationships with women, they decided to invent a totally new concept–divorced of any psychological basis, of course–in order to keep their audience faithful to their bullshit and ensnare additional desperate, insecure young men.
Since trying to act “more alpha” just makes most people total jerks, which results in women running away as fast as they can, they decided to invent a more-hipster alternative for the failures in their revenue base to aspire to: One of silent edginess and marked by deliberate rejection of social structures. Since nothing comes before alpha in Greek, but video game culture places S-Rank above A-Rank, they decided to opt for the label “Sigma”.
Naturally, this results in a litany of book deals, YouTube videos, and public relations to sell their audience the idea that achieving this fictional aspiration is “what women really want”. The proposition here is, “If you know what women really want, you can get what you really want from them.” (i.e. sexual gratification).
It’s not just gross. It’s also a kind of exploitative that begets more exploitative behavior.
The same crowd that invented “Sigma Male” also conceived “negging”.
Here’s an actual list of “qualities” ascribed to a so-called Sigma Male, according to one of the peddlers of this moronic belief, only rearranged to emphasize the contradictions and meaninglessness of this description:
| “SIgma Males” are… | …but also apparently…? |
|---|---|
| 10. He’s Incredibly Self-Aware | 14. He Can’t Be Told What To Do When It Comes To Anything |
| 13. He Could Be an Alpha If He Wanted | 4. He Treats Everyone Around Him The Same Way |
| 2. He Is a Silent Leader | 9. His Social Skills Could Use Some Work |
| 6. He Understands the Importance of Silence | 12. It’s Hard To Understand Him |
| 1. He Loves Being Alone, But He Values Other People | 3. He Knows How To Adapt To Different Situations |
| 11. He’s the Master of His Own Fate | 8. He Hates Living Life Safely |
| 5. He Doesn’t Need a Social Circle To Be Himself | 7. He’s Morally Grey, Or Worse |
A lot of words could be written about these contradictory or vacuous statements.
How can you be a leader with inadequate social skills? If he really understands the importance of silence, why is it hard to understand him? Sure sounds like he’s misusing silence to me. Who isn’t a master of their own destiny? Who does need a social circle to be themselves?
The “Sigma Male” con is what happens if you take the tactics of cold reading and apply them in reverse:
Instead of starting general and drilling down to more specific based on your audience’s response, you start specific (“rarest type of male”) and then generalize the definition to become completely meaningless while also maximizing the relatability of the label to catch unaware rubes off-guard.
(Art by Khia.)
While we’re on the subject of some of the sleaziest pieces of shit to ever walk the earth, let’s examine some more crimes against culture by these self-aggrandizing embarrassments to the male gender.
The “Friend Zone”
If you want to doom someone to a lifetime of unhealthy relationships, convince them that there’s this tragic place called the “Friend Zone” wherein, if someone you’re attracted to views you as a “friend”, you’re doomed to never have sexual relations with them.
If you’ll notice, I omitted gender in the previous paragraph. This one is so pernicious that I occasionally encounter it in the LGBT community.
For adherents to this particular cognitive distortion, relationships exist in a linear hierarchy:
- Spouse–You want to be here
- Significant Other
- Friends with Benefits / Sexual Partner
- Friend (Platonic)–You don’t want to be here
- Acquaintance
- Stranger
Friendship isn’t valued on its own merits. Instead, it’s a stepping stone; a mere transitional fossil between where you are and where you want things to be. I’ve talked about this before.
When someone adheres to this belief, it shapes the way they interact with people they’re attracted to, and often creates a negative feedback loop. This in turn gives rise to the incel (involuntary celibate) mentality–except now, it’s almost always by men against women.
Failure to become an “alpha” leaves you delegated as a “beta”–or worse, a “cuck”.
Let’s put a pin on that point for a moment.
Interlude: On the Modern Usage of the Word “Cuck”
Right-wingers love to use the word “cuck” to describe someone they dislike.
It became a meme during the 2016 Election in the United States, with some labels (“cuckservative”) being used to demonize Republicans who weren’t reactionary enough.
The origins of the insult began with a term for a sexual fetish called cuckoldry: The enjoyment of watching other people have sex with your significant other.
Most bloggers treat this as a clinical subject and stop there. I am not most bloggers.
An under-reported and unfortunate truth of cuckold fetishists is that there’s often a significant racial component to their fantasy: White couples almost always seek out a black man to be the “bull” (the person whom displaces the cuckold) of the scene. (This is as much a problem within the LGBT community as it is outside of it.)
If you thought the depraved minds of 4chan users wouldn’t pick up on this cue, you haven’t been paying attention to the Internet since 2007.
The insult “cuck” has less to do with the fetish, tangibly, than it does to do with a white supremacist worldview.
To white supremacists, white women are the “property” of white men, and any man who “allows” white women to have sex with a person of color is a cuck.
Thus, there are two kinds of people who use the word “cuck”: Those who know its intent and mean it, and the oblivious masses who mask the dog-whistle. Propagandists call the latter useful idiots.
https://twitter.com/katienotopoulos/status/814635817650028545
In Want of Money and Power
If you want to find the truth behind a person’s actions, you need to first discover their incentives. This is the “follow the money” approach, but generalized: Some people don’t need money, they want power. Political power, specifically.
It should come as no surprise that pick-up artists, anti-feminists, and incels all subscribe vehemently to the “friend zone” mythos. Additionally, incels, in particular, are prone to self-loathing and projection around the “cuck” insult.
This ultimately leads to a very dark place.
The Fascist Event Horizon
Most of us, in our youth, are varying degrees of socially awkward. This leads to anxiety, insecurity, and a sense of listlessness in most young adults.
Typically, we grow out of this by building relationships, learning through a litany of easily avoidable mistakes, and acquire the understanding we lack.
Pick-up artists prey on the rest of us, convincing them that the reason they don’t have a fulfilling sex life is because they’re not adhering to some aggressive social stereotype that gives them superpowers over women.
The ones that “succeed” go on to perpetuate that cycle. The ones that fail become self-loathing incels that stew in their own awkwardness and contempt.
It’s no secret that white nationalism courts Internet nerd culture.
Once you start to head down this path, you’re almost guaranteed to internalize a lot of the beliefs that are espoused:
- “Women want strong alpha males.”
- “Alpha males are dominant, assertive, adhere strongly to evangelical Christian values, and embody tradition.”
- “Women would rather sleep with a jerk than a nice guy.”
- “If you’re friend-zoned, that makes you a cuck to the girl you deserve.”
It’s here that two competing interests will clash.
Incentives Rule Everything Around Me
People who want money and influence are incentivized to find some mental framework that allows a diverse set of personality types to somehow succeed at their relationship goals. This is why they went on to invent the Sigma Male, and insist “they’re equal to alphas, but separate from the hierarchy”.
People who want political power and true believers to perform political violence and stochastic terrorism on their behalf are incentivized to set the bar high and make everyone feel inadequate.
That’s why, immediately after the end of Donald Trump’s presidency and a general shunning of his rabid supporters, the Sigma Male meme is suddenly on a rise in popularity.
Preventing the Poisonous Patriarchy
If you want to prevent a friend or family member from falling into the trappings of abusive con men, white nationalist recruiters, and toxic masculinity, there are a few things you can do to stop them from going down this road.
- Consent is sexy.
Establish good habits. “Yes means Yes” is a better framework than “No means No”, because it implies a negative default in the absence of a specific answer. There’s a lot of literature on BDSM culture and sex work that you can pull inspiration from. - Emphasize healthy friendships.
Fuck the hierarchy worldview; friends are amazing. Whatever it takes, make sure you can appreciate your friends for who they are, not what they might later become.
If you’re struggling to make friends, I recommend reading this article. - The only thing we have to cringe is cringe itself.
Fuck what other people think: If you’re having fun with an activity, who cares if it’s “cringe”? Authentic enjoyment becomes fleeting for many adults once you progress through puberty; and while I’m not sure if that’s nature or nurture, I do know that being shamelessly yourself at all times maximizes your enjoyment. - Abandon tradition, embrace modernity.
Tradition is stupid. It’s literally doing what people have always done because a better idea hasn’t yet come along–even when a better idea does come along!
Instead of relying on traditions, practice creative and imaginative thinking every chance you get. Step out of your comfort zone from time to time. Introspect and plan differently for the next time you’re in a similar situation. That’s how you grow as a person.
If you practiced all of the above and are still bewildered by “what women want” and worried you’ll be alone forever, here’s my final bit of advice: Ask them! Especially if you’re close enough friends that they’ll answer in earnest, because they know that you’re trustworthy and not trying to objectify them.
Literally nobody knows what a given woman is looking for in a partner more than she does. Anyone who claims otherwise is full of shit or dangerously manipulative.
If you ask 100 women what they want in a partner, you’ll get 100 different answers. Gender roles aren’t a symptom of a homogeneous population. People are people.
If anyone is truly your friend, they’re already emotionally invested in seeing you find someone that will make you happy. Trust them more than you’d trust me, or anyone who confidently claims to know “what women want” and then proceeds to totally misunderstand everything women say.
Additionally, everything I said above is also true of men and enbies. People are people, dammit!
What Do I Do if Someone Calls Themselves a “Sigma Male”?
Reply “Sigma balls“.
Ridicule might not adequately discourage participation (after all, the unscientific Myers-Brigg Type Indicator is still prevalent everywhere), but it’s cathartic.
https://twitter.com/M3rcaptan/status/1355665303540215817
Questions and Answers
Since I first published this article, I’ve received a lot of feedback. I’m going to attempt to respond to some of the questions I’ve received over the past few month in order to save everyone time asking the same questions.
Is the Notion of a Sigma Male as Scam or Grift?
Yes! See above for details.
The goal of the “sigma male” idea is to capture more of the “desperate and lonely single man” market segment–in particular, the ones that don’t buy the whole “alpha male” shtick. It’s pure bullshit and it’s bad for you.
Is Sigma Male “Cringe”?
Cringe culture is stupid, but I’m willing to make an exception for the whole “sigma male” meme (but only insofar as we also treat “alpha male” with the same level of earned contempt).
Science has shown that biological sex is not binary. Furthermore, sex isn’t the same thing as gender identity, which can be different from your biological sex and has to do with your role within society. This is what science has to say about the subject; it’s not up for debate.
So, with all that in mind, why do the same crowds of people who insist that sex is binary and assigned at birth (in spite of what science actually suggests) turn around and invent multiple kinds of male that someone can be, only to then arrange them in an imaginary hierarchy?
That’s pretty cringe, bro.
Why Are You Falsely Equivocating PUAs and Incels?
I’m not, and you have to be acting in bad faith to think listing two groups together is the same as equivocating the two.
Both groups are the consequence of the same harmful and false beliefs about gender, sex, and masculinity. Their beliefs about women are disgusting and they prey on the insecurity of other men to secure book deals and speaking gigs.
Pick-up artists are predators that spread predatory ideas. Incels are the desperate dregs that don’t buy the PUA books but still internalize the same values, usually expressed through self-deprecation. These are clearly not the same thing, but both groups are the consequence of the same delusional bullshit rooted in anti-feminism.
Eww, a furry!
Wow, you sure got me there.
How will I ever recover from this startling revelation?
Sigmas are REAL! They’re the introverted version of the Alpha. Period.
Nope. Alpha Males aren’t a real thing either.
The person who coined the term “alpha male” in wolf populations spent the rest of their career trying to correct the misconception they accidentally created. I covered all of this in the blog post already.
The people who purport that “being alpha” is a meaningful descriptor of humans rather than incomplete software are either delusional or trying to pull one over on you.
The unproven hypothesis of “sigma male” is predicated on debunked pseudoscience. Why bother believing something whose entire foundation is false?
The science of personality (a discipline of psychology) is extremely complicated. The people peddling the [Greek Letter Here] Male are trying to sell you on the belief that masculinity is a hierarchy of tribes. It’s just as stupid as the Myers-Brigg Type Indicators.
If you want an actual model for personality based on real cognitive science, look at HEXACO. Notably, your personality scores do not yield a reliable partitioning (“Are you an T or a P?”) nor is a hierarchy proposed.
Anything that says your entire personality or existence can be summarized as belonging to one of N groups (with N less than 100), or by a ranking in an imaginary social ladder, is bullshit–pure and simple.
Note: The header for this section is from one of the many unapproved comments submitted to this blog post with a fake email address. Comments like this aren’t an expression of introverted personalities. The word you’re looking for is “cowardice”.
Why aren’t you approving my comments on this blog post?
Mandatory reading: My blog isn’t a platform for internet randos.
https://soatok.blog/2021/01/25/no-youre-not-a-sigma-male/
#alphaMale #cuck #Fascism #hateSpeech #Incels #PickupArtists #SigmaMale #Society #toxicity
I rarely think about the labels that describe me.That isn’t because of privilege (I spent many years painfully aware of them), but because my friends are incredibly supportive and we’ve been able to cultivate an environment where I’m not constantly reminded of why I don’t “belong”. (It took many grueling years to achieve that, and I’m still reminded of my weirdness if I leave home for any appreciable length of time. Fortunately, I’m a bit of a homebody.)
The majority of people don’t think about their labels either, but for privileged reasons, until a minority calls it to their attention. Then you get almost-comical indignant hot takes of the “don’t call me cis, that’s a slur!” variety.
At least, they would be comical if they weren’t so stupid and dangerous.
Identity
Identity is a funny thing. I actually find rather insulting the proposition that you can take the vast diversity of the lived experiences of billions of people and compress it into one bit of information.“Are you a YES or a NO?” “Are you X or Y?” “Are you good or evil?”
Labels are a lossy compression algorithm. They’re meant to simplify and convey ideas so they’re more broadly accessible and easily understood. In practice, people are overly reliant on them, and they become a crutch.
Sure, you can think of me as an androsexual, demisexual, cisgender male with a dhole fursona, but do most of us even know what that means?
Most of us just simplify our identities to, “I’m gay”. Art by LindseyVi.
Pride
Pride is a protest against unjust systems. Pride started with a riot in response to police violence and discrimination. You probably didn’t learn about Pride in great detail in history class (if at all).Pride parades in recent years have been co-opted by what some call “rainbow capitalism”.
I wish I knew the original source for this meme.
And this obviously feels really gross, but at the same time, it’s often somehow forgivable that companies use Pride Month (June) to show active support for their LGBTQIA+ employees. (If nothing else, it assures us that we won’t suddenly become unemployed if someone accuses us of falling in love with a person with the “wrong” phenotype, etc.)
There are currently a lot of hard conversations taking place about a different target of police violence and discrimination.
I hope that the protests happening today will result in the change our world needs, so that everyone can live equally without fear or shame for who they are.
This will almost certainly require dismantling racist systems and rebuilding them without the tainted legacy they originated from.
That being said, I’ve never really been fond of the emotion, pride. It feels inherently reckless to me. At the same time, I acknowledge it’s a great foil for the emotions that bigots want us to feel (fear, shame, despair, self-loathing, etc.). If that works for you, I’m happy. Keep on keeping on.
Rather than pride, I’ve always sought contentment and joy in my life.
Authenticity means a lot to me, and being fearlessly and shamelessly me is something I shouldn’t have to work for or feel proud about; nor should anyone else.
Contentment and joy… there used to be another word folks used to encapsulate that genre of emotion: Gay.
It always comes full-circle, doesn’t it?
A Dream To Seek
Society has numerous institutions and systems that are designed and implemented to ensure discrimination and injustice against people who are different than their architects.
As long as bigoted institutions and systems exist, society will always need movements like Pride and Black Lives Matter to resist atrocity and inspire loud authenticity, in equal measure.
So it might sound odd to say without the above context, but as a strong proponent of human rights and equality, I dream of the day when these movements no longer need to exist; for the day when their job is done and we have moved past the specter of hate that continues to haunt each generation that survives its direct violent influence. I say this knowing that this day will probably never come (at least in my lifetime).
Until bigotry is abolished, and bigotry’s apologists recognize that they’re little more than asymptomatic carriers of that vile psychic pathogen, I will continue to strive to enable everyone I can reach to enjoy the same peace that my friends and I have built at home.
No matter your sex. No matter your gender. No matter the gender(s) you’re attracted to (if any). No matter your race or ethnicity.
The labels people use to describe us shouldn’t condemn anyone to a life of misery and injustice.
The day we cultivate a society that is absent of, and resistant to, the kind of hate and discrimination we’ve seen for centuries will be a day worthy of pride.
And the only way to get there is to acknowledge a simple truth: Black Lives have to Matter in order for the superset (“All Lives”) to Matter.
What Do Your Labels Mean?
This will probably be my only Pride Month post on this blog, so I suppose it makes sense to explain them.I’m a guy, who’s attracted to guys (thus, androsexual)… but I don’t exactly have a “type”. I have to genuinely like a person to find them attractive. That’s the demisexual part.
Most people understand being gay, conceptually. Asexuality might also click readily without a lot of exposition.
Being demi is weird: You spend a lot of time wondering if you’re asexual or not, until you actually develop feelings for someone else for the first time.
Cisgender just means “not transgender”; that is to say, I identify as the same gender I was assigned at birth.
If that’s helpful to know, cool. But you don’t have to think of me in those terms. I’m just Soatok.
https://soatok.blog/2020/06/09/pridemonth/
One of the funniest concepts for a YouTube channel has to be TierZoo, which treats the animal kingdom as an MMORPG and animal species as different classes within this hypothetical game, and then proceeds to analyze it the same way gamers analyze the “meta” for a given season of a game.
Tier lists are just one expression of a mental model called a hierarchy. Hierarchies can be useful concepts in science (e.g. Maslow’s Hierarchy of Needs), but they’re woefully deceptive and should not be used socially.
Why Hierarchies Are A Poor Fit for Social Purposes
In video game terms (for the TierZoo fans in the audience), the PvP meta rarely implies the PvE meta. This is the essence of the problems with viewing society through the lens of a hierarchy.
Using hierarchies for any social purpose is like comparing two individual frames from different videos of people speaking. If you select an unflattering frame from one person mid-word and juxtapose it with a frame of the other person pausing for dramatic effect, you can bias your audience’s perceptions of the two people.
Some people like hierarchies because they seem real and “natural”: If you worked hard in school, you might graduate in the top 10% of your class.
“Wouldn’t it naturally follow that scholastic achievements yield a hierarchy that reveals both intellect and diligence? Shouldn’t the top performers earn the most rewards?”
No, and no. Academic grading isn’t a robust scientific model for measuring capability, it’s an ad hoc tool for scaling up one teacher to many dozens or even hundreds of students. People with economic advantages (e.g. not needing to work 2-3 different jobs just to afford college) are also more likely to have time to prepare for tests, and therefore earn higher grades.
But more importantly, we’re still talking about narrowly scoped snapshots of reality that miss entire dimensions. How many mathletes in school were loathe to put out an essay on some arbitrary prompt in under an hour? How many prolific writers left school thinking, “I suck at math”?
Hierarchies Can Be Real, But Still Useless
The social hierarchies people talk about the most are usually about power–which either means money, violence, or social connections with others more capable of wielding money and/or violence.
This video from Innuendo Studios explains this concept rather well, especially as it pertains to how political conservatives (and, indeed, most people living in capitalist societies) tend to view them:
https://www.youtube.com/watch?v=agzNANfNlTs
Hierarchies can feel factual. There is a deceptively attractive pecking order to e.g. wealth.
Hierarchies often pretend to be the pinnacle of objectivity and impartiality, but this is really a beautiful lie we tell ourselves.
https://www.youtube.com/watch?v=E8ISzmBBTvo
If you only measure one variable across a population, a hierarchy will likely emerge. And it might seem very much like a fact.
If you collect a diverse sample of many independent variables, this hierarchy will begin blur and everyone will tend towards mediocrity.
Jeff Bezos and Bill Gates certainly have more wealth than I do, but I’m probably better at mathematics and cryptography than both of them. Which variable matters in a given situation is heavily context-dependent.
At the end of the day, social hierarchies are lazy oversimplifications, and the people who rely on them when they think about the world are lying to themselves through omission.
Listicles Considered Harmful
The worst offenders in using simple-minded hierarchies to analyze societies are the bloggers and YouTubers who create “Top 10” articles and videos.
https://www.youtube.com/watch?v=TIEleCEtqzA
It isn’t enough for these jerks to just enjoy the plot twists and betrayals in their favorite works of fiction; they have to pit them against each other so they can rank them.
Responsible Use of Hierarchies
It’s particularly difficult to get away from hierarchies in our society, especially when it’s staring you in the face. (“Why can’t we complete a Mythic Plus 10 on our favorite characters?” “Because they’re not this season’s meta.”)
“So what are we supposed to do then? Lie to ourselves?” Nope.
You can acknowledge that hierarchies exist (when they actually do) while also acknowledging that they’re only parts of the whole picture.
Additionally, some hierarchies only exist because of correctable sources of corruption and bias within our society, and those should be resisted.
Hierarchies Beget Depression
One of the quickest and surest ways to make yourself feel depressed or anxious is to compare your behind-the-scenes footage to other people’s highlight reels. This is one of the great ills of social media.
Hierarchies exacerbate this problem by introducing numbers and metrics that appear to be objective, but really aren’t.
Need an example? Here’s two videos that, I think, illustrate what I’m talking about perfectly.
https://www.youtube.com/watch?v=-GC0yK_znVw
https://www.youtube.com/watch?v=1G24qcsxDdM
By the numbers (as of the time of this writing):
- RL has only had a YouTube channel since 2017, and already has nearly 1000 more subscribers than Doon (3.97k vs 3.19k).
- RL’s video has more views than Doon’s (608 vs 488).
- RL’s video has more upvotes than Doon’s (100 vs 98).
Does this mean RL is more successful than Doon? The numbers sure say so! And yet, RL is clearly unsatisfied, while Doon seems perfectly content with his channel and its growth over the years.
Who appears to be happier in these videos?
In Conclusion
Hierarchies can lie, and they always lie through omission.
Humans are complex creatures that have many dimensions to our lives, and cannot be reliably compressed to a few bits of information. Any attempt to do so loses something; and what it loses, is often our humanity.
https://soatok.blog/2021/04/21/against-hierarchies/
One of the funniest concepts for a YouTube channel has to be TierZoo, which treats the animal kingdom as an MMORPG and animal species as different classes within this hypothetical game, and then proceeds to analyze it the same way gamers analyze the “meta” for a given season of a game.Tier lists are just one expression of a mental model called a hierarchy. Hierarchies can be useful concepts in science (e.g. Maslow’s Hierarchy of Needs), but they’re woefully deceptive and should not be used socially.
Why Hierarchies Are A Poor Fit for Social Purposes
In video game terms (for the TierZoo fans in the audience), the PvP meta rarely implies the PvE meta. This is the essence of the problems with viewing society through the lens of a hierarchy.Using hierarchies for any social purpose is like comparing two individual frames from different videos of people speaking. If you select an unflattering frame from one person mid-word and juxtapose it with a frame of the other person pausing for dramatic effect, you can bias your audience’s perceptions of the two people.
Some people like hierarchies because they seem real and “natural”: If you worked hard in school, you might graduate in the top 10% of your class.
“Wouldn’t it naturally follow that scholastic achievements yield a hierarchy that reveals both intellect and diligence? Shouldn’t the top performers earn the most rewards?”
No, and no. Academic grading isn’t a robust scientific model for measuring capability, it’s an ad hoc tool for scaling up one teacher to many dozens or even hundreds of students. People with economic advantages (e.g. not needing to work 2-3 different jobs just to afford college) are also more likely to have time to prepare for tests, and therefore earn higher grades.
But more importantly, we’re still talking about narrowly scoped snapshots of reality that miss entire dimensions. How many mathletes in school were loathe to put out an essay on some arbitrary prompt in under an hour? How many prolific writers left school thinking, “I suck at math”?
Hierarchies Can Be Real, But Still Useless
The social hierarchies people talk about the most are usually about power–which either means money, violence, or social connections with others more capable of wielding money and/or violence.This video from Innuendo Studios explains this concept rather well, especially as it pertains to how political conservatives (and, indeed, most people living in capitalist societies) tend to view them:
https://www.youtube.com/watch?v=agzNANfNlTs
Hierarchies can feel factual. There is a deceptively attractive pecking order to e.g. wealth.
Hierarchies often pretend to be the pinnacle of objectivity and impartiality, but this is really a beautiful lie we tell ourselves.
https://www.youtube.com/watch?v=E8ISzmBBTvo
If you only measure one variable across a population, a hierarchy will likely emerge. And it might seem very much like a fact.
If you collect a diverse sample of many independent variables, this hierarchy will begin blur and everyone will tend towards mediocrity.
Jeff Bezos and Bill Gates certainly have more wealth than I do, but I’m probably better at mathematics and cryptography than both of them. Which variable matters in a given situation is heavily context-dependent.
At the end of the day, social hierarchies are lazy oversimplifications, and the people who rely on them when they think about the world are lying to themselves through omission.
Listicles Considered Harmful
The worst offenders in using simple-minded hierarchies to analyze societies are the bloggers and YouTubers who create “Top 10” articles and videos.https://www.youtube.com/watch?v=TIEleCEtqzA
It isn’t enough for these jerks to just enjoy the plot twists and betrayals in their favorite works of fiction; they have to pit them against each other so they can rank them.
Responsible Use of Hierarchies
It’s particularly difficult to get away from hierarchies in our society, especially when it’s staring you in the face. (“Why can’t we complete a Mythic Plus 10 on our favorite characters?” “Because they’re not this season’s meta.”)“So what are we supposed to do then? Lie to ourselves?” Nope.
You can acknowledge that hierarchies exist (when they actually do) while also acknowledging that they’re only parts of the whole picture.
Additionally, some hierarchies only exist because of correctable sources of corruption and bias within our society, and those should be resisted.
Hierarchies Beget Depression
One of the quickest and surest ways to make yourself feel depressed or anxious is to compare your behind-the-scenes footage to other people’s highlight reels. This is one of the great ills of social media.Hierarchies exacerbate this problem by introducing numbers and metrics that appear to be objective, but really aren’t.
Need an example? Here’s two videos that, I think, illustrate what I’m talking about perfectly.
https://www.youtube.com/watch?v=-GC0yK_znVw
https://www.youtube.com/watch?v=1G24qcsxDdM
By the numbers (as of the time of this writing):
- RL has only had a YouTube channel since 2017, and already has nearly 1000 more subscribers than Doon (3.97k vs 3.19k).
- RL’s video has more views than Doon’s (608 vs 488).
- RL’s video has more upvotes than Doon’s (100 vs 98).
Does this mean RL is more successful than Doon? The numbers sure say so! And yet, RL is clearly unsatisfied, while Doon seems perfectly content with his channel and its growth over the years.
Who appears to be happier in these videos?
In Conclusion
Hierarchies can lie, and they always lie through omission.Humans are complex creatures that have many dimensions to our lives, and cannot be reliably compressed to a few bits of information. Any attempt to do so loses something; and what it loses, is often our humanity.
https://soatok.blog/2021/04/21/against-hierarchies/
If you’ve somehow never encountered an Internet meme before, you may be surprised to learn that the number 69 is often associated with sex (and, more specifically, a particular sex act).
This happens to be the 69th blog post published on Dhole Moments, since I started the blog in April 2020.
You could even go as far as to say it’s the 4/20 +69th post, for maximum meme potential.
However! I make a concerted effort to keep my blog safe-for-work, so if you’re worried about this post being flooded with furry porn (a.k.a. yiff art), or cropped yiff memes, or any other such lascivious nonsense, you won’t find any of that on this blog. (Sorry to disappoint.)
Instead, I’d like to take the opportunity to correct some public misconceptions about human sexuality, identity, and how these topics relate to the furry fandom.
Is Furry a Sex Thing?
I find it difficult to overstate how often people assume the “furry is a sex thing” premise. Especially on technical forums.
But let’s backtrack for a second. What isn’t a sex thing?
This turns out to be a difficult question to answer. Even Wikipedia’s somewhat concise list of paraphilias doesn’t leave a lot of topics off the table.
Are shoes a sex thing? Are cigarettes? Poetry?
Hell, one might be tempted to cry foul on the header image used in this blog post for including tentacles, hypnotic eyes, and footpaws in the same image. (Scandalous!) But if you look at the uncropped versions of these images, you’ll quickly realize they aren’t yiffy.
Top Art by AtlasInu.
Bottom: Created by FlashWhite_. Fox is Kiit Lock.
The more you read about this topic, the more you’ll realize this question is inert. Anything can be a sex thing. Humans are largely a sexual species, and sex is deeply ingrained in our culture (which can make life awkward for asexual people).
Instead, the question of whether or not the furry fandom is sexual becomes a bit of a Rorschach test for one’s cognitive biases.
If you’re chiefly concerned with public image–especially when fursuiting in public, where kids can see–you’re incentivized to double down on the fact that the furry fandom is no more inherently sexual than anything else can be. And this is true.
If you’re concerned with cultivating a sex-positive environment where people can live out their sexual fantasies in a safe, sane, and consensual manner, you’re incentivized to insist that furry is a sexual thing. “We have murrsuits for crying out loud! Stop kink-shaming! Down with puritan ideologies on sex!” And this is also true.
Humans are largely sexual, so any activity humans engage in will inevitably involve people sexualizing it. Even tupperware parties, for fuck’s sake! Anyone who believes there is a “Rule 34 of the Internet” tacitly acknowledges this fact, even if it’s inconvenient for a narrative they’re trying to spin.
So while this might be a meaningless question, one has to wonder…
Why Does Everyone Care So Much If Being a Furry (In Particular) Is Sexual or Not?
To understand what’s really happening here, you need to know a few things about the furry fandom.
- Approximately 80% of furries are LGBTQIA+ (source).
- Early anti-furry sentiments were motivated by queerphobia, especially on forums like Something Awful–and the influence of early hateful memes can still be seen to this day.
https://twitter.com/spacetwinks/status/728349066178998274
One of the Something Awful staff eventually acknowledged and apologized for this.
There was even a movement within the furry fandom history (the “Burned Furs“) that aimed to excise queerness and sex-positivity from the community. It’s no coincidence that a lot of the former Burned Furs joined with the alt-right movement within the furry fandom.
The alt-right is explicitly queerphobic; especially against trans people. But it’s not just queerphobic; it’s also an ableist and racist movement.
Regardless of sexual orientation, a lot of furries are neurodivergent, too.
Simply put: The reason that most people care whether or not furries are sexual is rooted in the propensity of anti-furry rhetoric in Internet culture, which was motivated at its inception by mostly queerphobia with a dash of ableism.
The notion that furries are “too sexual” originated as a dog-whistle for “too gay”, and caught on with people who didn’t know the hidden meaning of the idea. Now a lot of people repeat these ideas without intending or even knowing their roots, and many more have internalized shame about the whole situation.
Unfortunately, this even precipitates into the furry fandom itself, which leads to an unfortunate cyclical discourse that takes place largely on Furry Twitter.
Furry Isn’t a Sexuality. There is no F in LGBT!
If you publicly state “anti-furry rhetoric is largely queerphobic dog-whistles”, you will inevitably hear someone try to retort this way. So let’s be very clear about it.
Furry isn’t its own sexual identity, and I would never claim otherwise.
Unlike transgender people, furries do not experience anything like “species dysphoria” (although therians/otherkin do report experiencing this; don’t conflate the two).
What’s happening here is: Most furries (about 80% of us) have separate sexual/gender identities that deviate from the heteronormative. A lot of queerphobia is easier to sell when you convey it through dog-whistles. So that’s what bigots did.
Polite company that wouldn’t partake in queer-bashing is often willing to laugh at the notion of “Beat A Furry Day“.
Anyone who tries to twist this acknowledgement to mean something ridiculous like an LGBTF movement is either being irrational or a 4chan troll.
For related reasons, you shouldn’t ever feel the need to “come out” as a furry.
https://www.youtube.com/watch?v=ZG2DRLimBSM
It’s okay to just really like Beastars, Zootopia, or even the Furry aspects of the Minecraft and Roblox communities. It doesn’t make you a sex-freak.
What’s the Take-Away?
It doesn’t really matter if the furry fandom has a sexual side to it. Everything does! The people who proclaim to care very much about this care for all the wrong reasons. Don’t be one of them.
And remember: Lewd furries aren’t furry trash; we’re yiff-raff!
Sex Isn’t Well-Defined Either
While we’re talking about sex, did you know that biological sex isn’t neatly divided into “male” and “female”? This isn’t an ideological position; it’s a scientific one. Just ask a biologist!
https://twitter.com/JUNIUS_64/status/1054387892624285699
Trans and nonbinary people change gender (which is about your role within society) from what they were assigned at birth, but even sex itself isn’t so concrete.
The next time someone tries to appeal to “science” when talking about trans rights and then vomits up some unenlightened K-12 explanation of human reproduction and biological sex, remind them that science disagrees with their oversimplified and outdated mental model–and they might know this if they kept up with scientists.
Where Can I Learn More About the Sexual Side of the Furry Fandom?
Important: If you’re under the age of 18, you should stay out of adult spaces until you’re old enough to participate. No excuses.
If you’re looking for pornographic furry art (also called “yiff”), most furry art sites (FurryLife, FurAffinity, etc.) have adult content filters that you can turn off when you register an account.
If you’re looking for something more interactive, there’s a swath of furries that develop private VR experiences for 18+ audiences. One of the most well-funded Patreon artists makes adult furry games.
If you’re curious about why and how people express their sexuality when fursuiting (also called “murrsuiting”), there’s a subreddit for that.
It’s really not hard to find. This is one of the advantages of furry being a largely sex-positive community.
Furry YouTuber Ragehound even has a series about Furries After Dark if you want to learn more about these topics.
https://www.youtube.com/watch?v=nGOlQJDO5no
Finally, similar to how 69 is a meme number for sex, furries have an additional meme number (621) that comes from the name of an adult furry website (e621.net).
You now have enough knowledge to navigate the adult side of the fandom. Just don’t come crying to me when you develop the uncanny knack for recognizing which r/furry_irl posts are actually cropped yiff versus wholly worksafe art.
https://soatok.blog/2021/04/02/the-furry-sexuality-blog-post/
#furries #furry #FurryFandom #LGBTQIA_ #Society
Dhole Moments
Writings about information security, cryptography, software, and humanity, from a member of the furry fandom.From the Furry Fandom…
Featured Furries
Can’t get enough of blog posts written by furries? This post aims to curate some of the other blogs written by furries that are worth sharing with my regular readers. Many (but not all) of these furry blogs are focused on technology in some way. Background Information Many years ago, I wrote a post titled…July 21, 2024August 15, 2024
Soa Talks (Latest Posts)
Ambition, The Fediverse, and Technology Freedom
If you’re new to reading this blog, you might not already be aware of my efforts to develop end-to-end encryption for ActivityPub-based software. It’s worth being aware of before you continue to read this blog post. To be very, very clear, this is work I’m doing independent of the W3C or any other standards organization…October 12, 2024October 12, 2024
Why are furry conventions offering HIV testing to attendees?
Spoiler: It’s nothing scandalous or bad. Every once in a while, someone posts this photo on Twitter to attempt to dunk on furries: Over the years, I’ve seen this discourse play out several times. The people that post this photo usually don’t elaborate on why they think this photo is meaningful, they just let it…September 30, 2024October 3, 2024
Cryptographic Innuendos
Neil Madden recently wrote a blog post titled, Digital Signatures and How to Avoid Them. One of the major points he raised is: Another way that signatures cause issues is that they are too powerful for the job they are used for. You just wanted to authenticate that an email came from a legitimate server, but now…September 20, 2024September 20, 2024
I get a lot of emails from job recruiters that, even to this day, I’m not qualified for. They often ask for ridiculous requirements, like a Master’s Degree or Ph.D in Computer Science, for what would otherwise be a standard programming job without any particular specializations (e.g. cryptography, which I happen to specialize in).
One time I humored one of these opportunities for a PHP Developer position and was immediately told over the phone that my number of years of experience with PHP was too low, because I didn’t start working with it in 1996 like the rockstar developers on their payroll, but that they’d call me back if they had any “junior” openings in the future. Given that I was born in 1989 and didn’t have access to a computer until about Christmas 1999, I won’t even begin to pretend this is a reasonable ask.
In a lot of ways, I have it easy. I have enough experience with software development and security research under my belt to basically ignore the requirements that HR puts on job listings and still get an interview with most companies. (If you want a sense of what this looks like, look no further than rawr-x3dh or my teardown of security issues in Zed Shaw’s SRP library… which are both things I did somewhat casually for this blog.)
The irony is, I’m probably deeply overqualified for the majority of the jobs that come across my inbox, and I still don’t meet the HR requirements for the roles, and the people who are actually a good fit for it don’t have the same privilege as me.
So if the rules are made up and the points don’t matter, why do companies bother with these pointlessly harrowing job requirements?
The answer is simple: They’re being toxic gatekeepers, and we’re all worse off for it.
https://twitter.com/IanColdwater/status/1357381321488621569
Toxic Gatekeeping
Gatekeeping is generally defined as “the activity of controlling, and usually limiting, general access to something” (source).
Gatekeeping doesn’t have to be toxic: Keeping children out of adult entertainment venues is certainly an example of gatekeeping, but it’s a damned good idea in that context.
In a similar vein, content moderation is a good thing, but necessarily involves some gatekeeping behaviors.
As with many things in life, toxicity is determined by the dose. I’ve previously posited that any group has a minimum gatekeeping threshold necessary for maintaining group identity (or in the example of keeping kids out of 18+ spaces, avoiding liability).
When the amount of gatekeeping exceeds the minimum, the excess is almost always toxic. To wit:
https://twitter.com/BlackDGamer1/status/1361352840980164609
Toxic Gatekeeping in Tech
The technology industry is filled with entry-level gatekeepers. Sometimes this behavior floats up in the org chart, but it’s most often concentrated at neophytes.
https://twitter.com/fancy_flare/status/1371568476331012101
In practice, toxic gatekeeping often employs arbitrary Purity Tests, stupid job requirements, and questionably legal hazing rituals. Conversations with toxic gatekeepers often–but not always–involve gratuitous use of No True Scotsman fallacies.
But what’s really happening here is actually sinister: Toxic gatekeepers in tech are people with internalized cognitive distortions that either affirm one’s sense of superiority or project their personal insecurities–if not both things.
This is almost always directed towards the end of excluding women, racial or religious minorities, LGBTQIA+ and neurodivergent people, and other vulnerable populations from the possibility at pursuing lucrative career prospects.
If you need a (rather poignant) example of the above, the gatekeeping behaviors against women in tech even apply to the forerunners of computer science:
https://twitter.com/gurlcode/status/1170664258197024768
If you’re still unconvinced, I have my own experiences I can tell you about; like that one time my blog’s domain was banned from the netsec subreddit because of other peoples’ toxicity.
That Time soatok.blog Was Banned from Reddit’s r/netsec Subreddit
Earlier this year, I thought I’d submit my post about encrypting directly with RSA being a bad idea to the network security subreddit–only to discover that my domain name had been banned from r/netsec.
https://twitter.com/SoatokDhole/status/1352140779586805760
Prior to this, I’d had some disagreements with other r/netsec moderators (i.e. @sanitybit, plus whoever answered my Reddit messages) about a lack of communication and transparency about their decisions, but there were no lingering issues.
A lot of the times when something I wrote ended up on their subreddit, I was not the person to submit it there. Usually this omission was intentional: If I didn’t submit it there, I didn’t feel it belonged on r/netsec (usually due to being insufficiently technical).
The comments I received were often hostile non sequitur about me being a furry. This general misconduct isn’t unique to r/netsec; I’ve received similar comments on my Lobste.rs submissions, which forced the sysop’s hand into telling people to stop being dumb and terrible.
https://twitter.com/SoatokDhole/status/1352142604406816771
The hostility was previously severe enough to get noticed by the r/SubredditDrama subreddit (and, despite what you might think of drama-oriented forums, most of the comments there were surprisingly non-shitty towards me or furries in general).
Quick aside: Being a furry isn’t the important bit of this anecdote; people face this kind of behavior for all sorts of reasons. In particular: transgender people face even shittier behavior at every level of society, and a lot of what they endure is much more subtle than the overt yet lazy bigotry lobbed my way.
So was my domain name banned by a r/netsec moderator because other people kept being shitty in the comments whenever someone submitted one of my blog posts there?
It turns out: Yes. This was later confirmed to me by a r/netsec moderator via Twitter DM.
As I had said publicly on Twitter and reiterated in the DM conversation above: I had already decided I would not return to r/netsec in light of this rogue moderator’s misconduct.
Trust is a funny thing: It’s easy to lose and hard to gain. Once trust has been lost, it’s often impossible to recover it. Security professionals should understand this better than anyone else, given our tendency to deal with matters of risk and trust.
What Could They Have Done Better?
Several things! Many of which are really obvious!
- Communicating with me. If nothing else, they could have told me they were banning my domain name from their subreddit and given a reason why.
- Maybe there was some weird goal in mind?
(E.g. to stop people from submitting posts on my behalf, since I had made it clear that I’d intentionally not share stuff there if I didn’t think it belonged.) - I’ll never know, because nobody told me anything.
- Maybe there was some weird goal in mind?
- Communicating with each other. I mean, this is just a matter of showing respect to your fellow moderators. It’s astonishing that this didn’t happen.
- Taking steps to protect members of vulnerable populations from the kinds of shitheads that make Reddit a miserable experience.
- For example: If someone’s previously been a target of bigotry, have auto-moderator prune all comments not from the OP or Trusted Contributors–and if any TCs violate the mods’ trust, revoke their TC status.
Since then, I’ve been informed that they implemented my suggestion to prevent themselves from having to suffer through a bunch of negative vitriol.
Truthfully, I still haven’t decided if I want to give r/netsec another chance.
On the one paw: The moderators really burned a lot of trust with me and I expect security professionals to fucking know better.
On the other: Representation matters, and removing myself from their community gives the bigots that caused the trouble in the first place a Pyrrhic victory.
I wish I could put a happy ending on this tale, but life doesn’t work that way most of the time.
If you’re looking for non-toxic subreddits, r/crypto is always a pleasant community. I also contribute a lot to r/furrydiscuss.
When to Be a Gatekeeper
If someone is a threat to the safety or well-being of your group, you should exclude them from your group.
In the furry community, we had a person that owned a widely-used costume making business get outed for a lot of abusive actions. Their response was to try to file a SLAPP suit against some unrelated person that merely linked to the victims’ statements on Twitter.
https://twitter.com/qutens_/status/1357496129659707392
In these corner-case situations, be a gatekeeper!
But generally, it’s not warranted. Gatekeeping compounds systemic harms and makes it harder for newcomers to join a community or industry.
Gatekeeping hurts women. Gatekeeping hurts LGBTQIA+ folks. Gatekeeping hurts non-white people. Gatekeeping hurts the neurodivergent.
But if that’s not enough of a reason to avoid it: Gatekeeping hurts straight white males too!
Newcomers who aren’t narcissists almost always experience some degree of Impostor Syndrome. If you apply the gatekeeping behaviors we’ve discussed previously, you’re going to totally exacerbate the situation.
People will quit. People will burn out.
The only people who stand to gain anything from gatekeeping are the survivors who made it through the gate. If the survivors are insecure or arrogant, the vicious cycle continues.
So why don’t we simply…not perpetuate it?
There’s an old saying that’s popular in punk and anarchist circles: “No gods, no masters.” I think the correct attitude to have regarding gatekeeping is analogous to the spirit of this saying.
Without Gatekeeping, A Deluge?
Sometimes you’ll hear hiring manager defend the weird job requirements that HR departments shit out because every job posting gets flooded with hundreds of applicants. They insist that the incentives of this dynamic are to blame, rather than gatekeeping.
Unfortunately, we’re both right on this one. Economic forces and toxicity often synergize in the worst ways, and gatekeeping behaviors are no exception.
Hiring managers that are forced to sift through a deluge of applications to fill an opening will inevitably rely on their own subconscious biases to select “qualified” candidates (from a pool of people who are actually qualified for the job). Thus, they become gatekeepers moreso than the minimum amount their job requires. This is one reason why tech companies often only employ people that fit the same demographic.
Savvy tech companies will employ work-sample tests in the same way that musicians employ blind auditions to assess candidates, rather than relying on these subconscious biases to drive their decisions. Not all companies are savvy, and we all suffer for it.
Instead, what happens is that the candidates that endure the ritual of whiteboard hazing (which tests for anxiety rather than technical or cognitive ability) will in turn propagate the ritual for the next round of newcomers.
The same behaviors and incentives that maintain these unhealthy traditions overlap heavily with the people who will refuse to train or mentor their junior employees. This refusal isn’t just about frugality; it’s also in service of the ego. Maintaining their power within existing social hierarchies is something that toxic gatekeepers worry about a lot.
What About “Don’t Roll Your Own Crypto”?
There’s a fine line between reinforcing boundaries to maintain safety and inventing stupid rules or requirements for people to be allowed to participate in a community or industry. (Also, I’ve talked about this before.)
Rejection of gatekeeping isn’t the same as rejecting the concept of professional qualifications, and anyone who suggests otherwise isn’t being intellectually honest.
The excellent artwork used in the blog header was made by Wolfool.
https://soatok.blog/2021/03/04/no-gates-no-keepers/
#gatekeepers #gatekeeping #onlineAbuse #rNetsec #Reddit #Society #toxicity #Twitter
Let me say up front, I’m no stranger to negative or ridiculous feedback. It’s incredibly hard to hurt my feelings, especially if you intend to. You don’t openly participate in the furry fandom since 2010 without being accustomed to malevolence and trolling. If this were simply a story of someone being an asshole to me, I would have shrugged and moved on with my life.It’s important that you understand this, because when you call it like you see it, sometimes people dismiss your criticism with “triggered” memes. This isn’t me being offended. I promise.
My recent blog post about crackpot cryptography received a fair bit of attention in the software community. At one point it was on the front page of Hacker News (which is something that pretty much never happens for anything I write).
Unfortunately, that also means I crossed paths with Zed A. Shaw, the author of Learn Python the Hard Way and other books often recommended to neophyte software developers.
As someone who spends a lot of time trying to help newcomers acclimate to the technology industry, there are some behaviors I’ve recognized in technologists over the years that makes it harder for newcomers to overcome anxiety, frustration, and Impostor Syndrome. (Especially if they’re LGBTQIA+, a person of color, or a woman.)
Normally, these are easily correctable behaviors exhibited by people who have good intentions but don’t realize the harm they’re causing–often not by what they’re saying, but by how they say it.
Sadly, I can’t be so generous about… whatever this is:
https://twitter.com/lzsthw/status/1359659091782733827
Having never before encountered a living example of a poorly-written villain towards the work I do to help disadvantaged people thrive in technology careers, I sought to clarify Shaw’s intent.
https://twitter.com/lzsthw/status/1359673331960733696
https://twitter.com/lzsthw/status/1359673714607013905
This is effectively a very weird hybrid of an oddly-specific purity test and a form of hazing ritual.
Let’s step back for a second. Can you even fathom the damage attitudes like this can cause? I can tell you firsthand, because it happened to me.
Interlude: Amplified Impostor Syndrome
In the beginning of my career, I was just a humble web programmer. Due to a long story I don’t want to get into now, I was acquainted with the culture of black-hat hacking that precipitates the DEF CON community.In particular, I was exposed the writings of a malicious group called Zero For 0wned, which made sport of hunting “skiddiez” and preached a very “shut up and stay in your lane” attitude:
Geeks don’t really come to HOPE to be lectured on the application of something simple, with very simple means, by a 15 year old. A combination of all the above could be why your room wasn’t full. Not only was it fairly empty, but it emptied at a rapid rate. I could barely take a seat through the masses pushing me to escape. Then when I thought no more people could possibly leave, they kept going. The room was almost empty when I gave in and left also. Heck, I was only there because we pwned the very resources you were talking about.Zero For 0wned
My first security conference was B-Sides Orlando in 2013. Before the conference, I had been hanging out in the #hackucf IRC channel and had known about the event well in advance (and got along with all the organizers and most of the would-be attendees), and considered applying to their CFP.I ultimately didn’t, solely because I was worried about a ZF0-style reception.
I had no reference frame for other folks’ understanding of cryptography (which is my chosen area of discipline in infosec), and thought things like timing side-channels were “obvious”–even to software developers outside infosec. (Such is the danger of being self-taught!)
“Geeks don’t really come to B-Sides Orlando to be lectured on the application of something simple, with very simple means,” is roughly how I imagined the vitriol would be framed.
If it can happen to me, it can happen to anyone interested in tech. It’s the responsibility of experts and mentors to spare beginners from falling into the trappings of other peoples’ grand-standing.
Pride Before Destruction
With this in mind, let’s return to Shaw. At this point, more clarifying questions came in, this time from Fredrick Brennan.https://twitter.com/lzsthw/status/1359712275666505734
What an arrogant and bombastic thing to say!
At this point, I concluded that I can never again, in good conscience, recommend any of Shaw’s books to a fledgling programmer.
If you’ve ever published book recommendations before, I suggest auditing them to make sure you’re not inadvertently exposing beginners to his harmful attitude and problematic behavior.
But while we’re on the subject of Zed Shaw’s behavior…
https://twitter.com/lzsthw/status/1359714688972582916
If Shaw thinks of himself as a superior cryptography expert, surely he’s published cryptography code online before.
And surely, it will withstand a five-minute code review from a gay furry blogger who never went through Shaw’s prescribed hazing ritual to rediscover specifically the known problems in OpenSSL circa Heartbleed and is therefore not as much of a cryptography expert?
(Art by Khia.)
May I Offer You a Zero-Day in This Trying Time?
One of Zed A. Shaw’s Github projects is an implementation of SRP (Secure Remote Password)–an early Password-Authenticated Key Exchange algorithm often integrated with TLS (to form TLS-SRP).
Zed Shaw’s SRP implementation
Without even looking past the directory structure, we can already see that it implements an algorithm called TrueRand, which cryptographer Matt Blaze has this to say:
https://twitter.com/mattblaze/status/438464425566412800
As noted by the README, Shaw stripped out all of the “extraneous” things and doesn’t have all of the previous versions of SRP “since those are known to be vulnerable”.
So given Shaw’s previous behavior, and the removal of vulnerable versions of SRP from his fork of Tom Wu’s libsrp code, it stands to reason that Shaw believes the cryptography code he published would be secure. Otherwise, why would he behave with such arrogance?
SRP in the Grass
Head’s up! If you aren’t cryptographically or mathematically inclined, this section might be a bit dense for your tastes. (Art by Scruff.)
When I say SRP, I’m referring to SRP-6a. Earlier versions of the protocol are out of scope; as are proposed variants (e.g. ones that employ SHA-256 instead of SHA-1).
Professor Matthew D. Green of Johns Hopkins University (who incidentally used to proverbially shit on OpenSSL in the way that Shaw expects everyone to, except productively) dislikes SRP but considered the protocol “not obviously broken”.
However, a secure protocol doesn’t mean the implementations are always secure. (Anyone who’s looked at older versions of OpenSSL’s BigNum library after reading my guide to side-channel attacks knows better.)
There are a few ways to implement SRP insecurely:
- Use an insecure random number generator (e.g. TrueRand) for salts or private keys.
- Fail to use a secure set of parameters (q, N, g).
To expand on this, SRP requires q be a Sophie-Germain prime and N be its corresponding Safe Prime. The standard Diffie-Hellman primes (MODP) are not sufficient for SRP.This security requirement exists because SRP requires an algebraic structure called a ring, rather than a cyclic group (as per Diffie-Hellman).
- Fail to perform the critical validation steps as outlined in RFC 5054.
In one way or another, Shaw’s SRP library fails at every step of the way. The first two are trivial:
- We’ve already seen the RNG used by srpmin. TrueRand is not a cryptographically secure pseudo random number generator.
- Zed A. Shaw’s srpmin only supports unsafe primes for SRP (i.e. the ones from RFC 3526, which is for Diffie-Hellman).
The third is more interesting. Let’s talk about the RFC 5054 validation steps in more detail.
Parameter Validation in SRP-6a
Retraction (March 7, 2021): There are two errors in my original analysis.First, I misunderstood the behavior of
SRP_respond()to involve a network transmission that an attacker could fiddle with. It turns out that this function doesn’t do what its name implies.Additionally, I was using an analysis of SRP3 from 1997 to evaluate code that implements SRP6a.
uisn’t transmitted, so there’s no attack here.I’ve retracted these claims (but you can find them on an earlier version of this blog post via archive.org). The other SRP security issues still stand; this erroneous analysis only affects the
uvalidation issue.Vulnerability Summary and Impact
That’s a lot of detail, but I hope it’s clear to everyone that all of the following are true:
- Zed Shaw’s library’s use of TrueRand fails the requirement to use a secure random source. This weakness affects both the salt and the private keys used throughout SRP.
- The library in question ships support for unsafe parameters (particularly for the prime, N), which according to RFC 5054 can leak the client’s password.
Salts and private keys are predictable and the hard-coded parameters allow passwords to leak.
But yes, OpenSSL is the real problem, right?
(Art by Khia.)Low-Hanging ModExp Fruit
Shaw’s SRP implementation is pluggable and supports multiple back-end implementations: OpenSSL, libgcrypt, and even the (obviously not constant-time) GMP.Even in the OpenSSL case, Shaw doesn’t set the
BN_FLG_CONSTTIMEflag on any of the inputs before callingBN_mod_exp()(or, failing that, insideBigIntegerFromInt).As a consequence, this is additionally vulnerable to a local-only timing attack that leaks your private exponent (which is the SHA1 hash of your salt and password). Although the literature on timing attacks against SRP is sparse, this is one of those cases that’s obviously vulnerable.
Exploiting the timing attack against SRP requires the ability to run code on the same hardware as the SRP implementation. Consequently, it’s possible to exploit this SRP ModExp timing side-channel from separate VMs that have access to the same bare-metal hardware (i.e. L1 and L2 caches), unless other protections are employed by the hypervisor.
Leaking the private exponent is equivalent to leaking your password (in terms of user impersonation), and knowing the salt and identifier further allows an attacker to brute force your plaintext password (which is an additional risk for password reuse).
Houston, The Ego Has Landed
Earlier when I mentioned the black hat hacker group Zero For 0wned, and the negative impact their hostile rhetoric, I omitted an important detail: Some of the first words they included in their first ezine.For those of you that look up to the people mentioned, read this zine, realize that everyone makes mistakes, but only the arrogant ones are called on it.
If Zed A. Shaw were a kinder or humbler person, you wouldn’t be reading this page right now. I have a million things I’d rather be doing than exposing the hypocrisy of an arrogant jerk who managed to bullshit his way into the privileged position of educating junior developers through his writing.If I didn’t believe Zed Shaw was toxic and harmful to his very customer base, I certainly wouldn’t have publicly dropped zero-days in the code he published while engaging in shit-slinging at others’ work and publicly shaming others for failing to meet arbitrarily specific purity tests that don’t mean anything to anyone but him.
But as Dan Guido said about Time AI:
https://twitter.com/veorq/status/1159575230970396672
It’s high time we stopped tolerating Zed’s behavior in the technology community.
If you want to mitigate impostor syndrome and help more talented people succeed with their confidence intact, boycott Zed Shaw’s books. Stop buying them, stop stocking them, stop recommending them.
Learn Decency the Hard Way
(Updated on February 12, 2021)One sentiment and question that came up a few times since I originally posted this is, approximately, “Who cares if he’s a jerk and a hypocrite if he’s right?”
But he isn’t. At best, Shaw almost has a point about the technology industry’s over-dependence on OpenSSL.
Shaw’s weird litmus test about whether or not my blog (which is less than a year old) had said anything about OpenSSL during the “20+ years it was obviously flawed” isn’t a salient critique of this problem. Without a time machine, there is no actionable path to improvement.
You can be an inflammatory asshole and still have a salient point. Shaw had neither while demonstrating the worst kind of conduct to expose junior developers to if we want to get ahead of the rampant Impostor Syndrome that plagues us.
This is needlessly destructive to his own audience.
Generally the only people you’ll find who outright like this kind of abusive behavior in the technology industry are the self-proclaimed “neckbeards” that live on the dregs of elitist chan culture and desire for there to be a priestly technologist class within society, and furthermore want to see themselves as part of this exclusive caste–if not at the top of it. I don’t believe these people have anyone else’s best interests at heart.
So let’s talk about OpenSSL.
OpenSSL is the Manifestation of Mediocrity
OpenSSL is everywhere, whether you realize it or not. Any programming language that provides acryptomodule (Erlang, Node.js, Python, Ruby, PHP) binds against OpenSSL libcrypto.OpenSSL kind of sucks. It used to be a lot worse. A lot of people have spent the past 7 years of their careers trying to make it better.
A lot of OpenSSL’s suckage is because it’s written mostly in C, which isn’t memory-safe. (There’s also some Perl scripts to generate Assembly code, and probably some other crazy stuff under the hood I’m not aware of.)
A lot of OpenSSL’s suckage is because it has to be all things to all people that depend on it, because it’s ubiquitous in the technology industry.
But most of OpenSSL’s outstanding suckage is because, like most cryptography projects, its API was badly designed. Sure, it works well enough as a Swiss army knife for experts, but there’s too many sharp edges and unsafe defaults. Further, because so much of the world depends on these legacy APIs, it’s difficult (if not impossible) to improve the code quality without making upgrades a miserable task for most of the software industry.
What Can We Do About OpenSSL?
There are two paths forward.First, you can contribute to the OpenSSL 3.0 project, which has a pretty reasonable design document that almost nobody outside of the OpenSSL team has probably ever read before. This is probably the path of least resistance for most of the world.
Second, you can migrate your code to not use OpenSSL. For example, all of the cryptography code I’ve written for the furry community to use in our projects is backed by libsodium rather than OpenSSL. This is a tougher sell for most programming languages–and, at minimum, requires a major version bump.
Both paths are valid. Improve or replace.
But what’s not valid is pointlessly and needlessly shit-slinging open source projects that you’re not willing to help. So I refuse to do that.
Anyone who thinks that makes me less of a cryptography expert should feel welcome to not just unfollow me on social media, but to block on their way out.
https://soatok.blog/2021/02/11/on-the-toxicity-of-zed-a-shaw/
#author #cryptography #ImpostorSyndrome #PAKE #SecureRemotePasswordProtocol #security #SRP #Technology #toxicity #vuln #ZedAShaw #ZeroDay
As American students are preparing to return to the classroom during a pandemic–in flagrant disregard of everything ranging from our scientific understanding to matters of good taste–we keep hearing from politicians how essential education is.
Of course, if they actually believed the words coming out of their mouth, you’d expect them to be a little more consistent with their treatment of teachers throughout their legislative voting records.
But while they’re pantomiming concern for our students’ education, I thought I’d take the opportunity to share some lessons you won’t hear about in the classroom. And the reason you won’t hear any of these in the classroom is because of incentives. That’s our first lesson.
Incentives Override Character
Most of the time, people are driven by two things:
- The structure of incentives in their environment
- Satisfying their own ego
If you have a passing interest in philosophy or religion, you might be familiar with the “free will” debates: Do humans have free will? It wouldn’t really matter if they did; most people will make choices based on those two factors, rather than any deep or intrinsic quality to their character.
The reason why this matters is, a lot of the bullshit adults put kids through is intended to instill certain character attributes, like grit, determination, honesty, and integrity. But the simple fact is, most adults don’t possess these qualities themselves–they’ve just accumulated the delusion that they have them. (Ask your friends how many of their upstanding, law-abiding parents hit the bong on weekends in states where marijuana isn’t legal yet, and you’ll see what I mean.)
Instead of participating in publicly accepted hazing rituals also known as extra-curricular activities, students would be better off learning the two ways to escape from the psychological tarpit that leads to poor decisions and upholding the socioeconomic status quo as if it was something worth preserving.
How to Be Better
The first escape hatch is to overcome one’s ego. There are a lot of different schools of thought about how to do this, but the most obvious example is the practice of Buddhism. Ask a Buddhist for some insight in how to accomplish this, because I certainly don’t have the answers on this one.
The other way out is to choose different incentives. This is more honest and practical for most people than expecting them to become less self-centered. Instead of desiring the same things (wealth, prestige, power), focus first on the bottom two slices of the hierarchy of needs, and then once those are met, pin your self-actualization to something downright strange. I’ll give you an example.
Incentives: The Usual Suspects
Your average American is conditioned from a young age to graduate from high school and go to college so they can secure stable employment and start a family. Not all of them follow this track, but it’s a typical expectation that gets communicated throughout the public school system’s cultural indoctrination of our youth.
Along the way, a student’s incentive structure is “outperform their peers on standardized tests to get into more prestigious colleges” then “outperform their peers to graduate higher in your classes to get a stable, well-paying job” then “outperform their coworkers to ensure job security when the downsizing hammer comes down on your department”. Competition, competition, competition. Uninspiring.
Y’know what you don’t see a whole lot? Students who aim to graduate in the bottom 10% of their class because they’re spending their college years helping others succeed and forming lifelong friendships. It might sound ridiculous, but a lot of those can yield long-term business relationships that can be spun into a successful career as an independent consultant–thereby freeing you from the “rat race” that leads to so much depression, burn-out, and failed marriages because one or both partners is working so damn much.
Get creative with your incentives. You get to decide what motivates you (beyond a threshold of what’s determined through genetics and epigenetics, anyway). So why choose the same high-demand, low-supply incentives everyone else chooses? Where’s the fun in that?
I say it’s okay to be weird. And this isn’t my own incentives speaking. I gain nothing by strangers being less self-conscious and insecure about this, since I’m already surrounded by friends who are (in their own way) just as weird as I am.
And if you’re afraid of being ostracized and losing yourself in the process of embracing your weirdness, at least that will be instrumental in overcoming your own ego.
On Kindness and Weakness
Going back to my previous hypothetical example of a student aspiring to be in the bottom 10% of their graduating class (because they’re focused on helping their low-performing peers achieve higher than they otherwise would), anyone who attempts this in earnest will likely find themselves with both a greater understanding of the subject matter and greatly improved communication skills.
To another student with a purely competitive mindset aiming for the top 10% and a “perfect” 4.0 GPA, the behavior of our hypothetical nonconformist might seem like weakness. They might call them an underachiever (or some modern euphemism that may or may not also be a dog-whistle meme for something racist).
But is attaining greater mastery of your chosen field and better skills at explaining topics to non-experts really a form of weakness? This is yet another crack in the armor of the bullshit indoctrination that our society likes to subject us all to, but our education system should aspire to counteract every chance it gets.
Most people confuse kindness for weakness, and the worst of us choose to exploit weakness for their own selfish gain. However, this tendency is in itself exploitable: It makes assholes predictable to the point of being tiresome.
If you choose to be kind in the areas where you’re the strongest, this will do two things: First, it will completely fuck over the plots of the terrible. And second, it will make life a little more pleasant for the rest of us.
I call that a win-win.
If you take nothing else away from this blog, remember this: The purest expression of integrity, personal conviction, and resilience is through kindness, empathy, and compassion.
Anyone who doesn’t understand this is trying too hard to be macho, to deflect from their own deep-seated insecurities. It almost makes you wonder what their incentives are.
Ignorance and Stupidity
Ignorance gets a bad rap. It’s perfectly acceptable to not know something, even if it’s something everyone else knows. As long as you’re aware of your own ignorance and actively seeking the knowledge you lack, there’s nothing to be ashamed about.
On the other hand, willful ignorance–where you don’t know something, and don’t want to know it–is a form of stupidity. But being stupid isn’t the same thing as being ignorant.
Stupidity (for lack of a better term) doesn’t usually stem from a lack of knowledge. Consequently, you can’t inform someone into being less stupid. Careless? Sure. But stupid? Not a chance.
Stupidity–or at least the American brand of stupidity we’re all too familiar with especially from four years with Donald Trump as president–stems from believing in things that are untrue rather than not knowing.
Therefore, the correct word for people who support a Trump presidency in 2020 isn’t “ignorant”. Instead, these people fall into two camps that have distinct words to describe them: Bigoted and spiteful. (And if you don’t think that’s true, try sitting down to watch the news with one of them in a relaxed environment and watch how long it takes them to say something racist, homophobic, or otherwise hateful. You won’t need the patience of a saint to observe results, although it might help with escaping the encounter with your blood pressure at a healthy level.)
When discussing stupidity, it’s tempting for writers to point to obvious examples like anti-vaxxers or the Flat Earth Society and insist, “This is what stupidity looks like.” But this does a lot of harm. Focusing on extreme and obvious examples trains your mental heuristics to expect stupidity to be broadly or generally obvious. It isn’t. Stupidity is subtle, pernicious, and ubiquitous.
A specific example: Any gay person that supports the so-called “LGB Alliance” is stupid because they’re being manipulated into attacking transgender people by right-wing jerk-offs who want to create a wedge in the LGBT community in order to divide and conquer us and ultimately deprive us of our civil rights. It’s also stupid because it stems from beliefs that have been thoroughly debunked by science.
Stupidity ultimately comes from two main sources:
- Authority figures and institutions
- Our brains’ tendency to invent and believe stories
Sometimes, possibly as a result of trauma, our cognitive storytellers decide to distrust official sources even if they’re not associated with political power. This is why stupid people believe stupid conspiracy theories: Anyone who could disprove it is perceived to be part of the conspiracy.
Rather than fall for these trappings, a much more reasonable position is to default to a mild distrust and to judge sources of information on their own merits. Make them earn your trust.
But this requires effort, so nobody does this consistently. Still, you can get a lot of mileage out of limiting your media consumption to unbiased and pro-science publications.
Why These Lessons Matter
Anyone capable of reading and comprehending the lessons I’m sharing today will find themselves more capable of resisting the trappings of modern American society.
If enough of us do this, we can pull the rug out from under the feet of the wealthy business interests that continue to make the American education system terrible (through lobbying and/or monopolies on textbook publishing). Ideally, this would especially harm these companies’ soulless advertising and marketing efforts by rendering them less effective. Good riddance to bad garbage.
https://soatok.blog/2020/08/21/a-few-missing-lessons-from-american-education/
#America #AmericanEducation #education #ignorance #incentives #kindness #lessons #Politics #Society #stupidity #weakness
As America prepares for record-breaking infection statistics on a daily basis, many of us are looking at other countries safely reopening and wondering, “Why can’t we have nice things?”
What you see if you type “COVID-19 statistics” into a search engine. Data sourced from Wikipedia.
Of course, everyone has their favorite target to blame for this catastrophe. Democrats blame Republicans. Republicans blame Democrats.
I’m not interested in blame. Regardless of who takes the blame in the end, the responsibility for fixing this problem is shared among everyone. Instead, I’m more interested in answering the “Why?” question.
Why Did Things Get This Bad?
Art by circuitslime.
There are a lot of popular theories–many of them politically useful–about why the COVID-19 crisis is particularly bad in the United States.
A Failure of Trump’s Leadership?
Let’s get this one out of the way:Was the current hellscape we found ourselves in a direct consequence of Donald J Trump’s failure to ethically and responsibly use his power as President of the United States in the best interest of the people?
https://www.youtube.com/embed/svrxYLvJYto?feature=oembed
“It’ll miraculously go away in April!” – Morons
It’s certain that Trump has totally failed at leadership, but I don’t think that’s a satisfactory explanation for the current crisis.https://www.youtube.com/embed/s9vzT-0hchw?feature=oembed
That is not to say that Trump is without fault! Just that the problem is bigger than one idiot in a three piece suit.
Challenges Due to Scale?
A lot of the countries that performed better at responding to COVID-19 had smaller populations and occupied smaller land masses than the United States. Is that a reasonable explanation for why the USA suffers?Per-capita analyses and samples from other countries with similar populations and occupied surface area would be consistent with the USA if that was the reason. This problem is mostly uniquely American.
Are the Protesters at Fault?
COVID-19 has an incubation period of up to two weeks.The first signs of an uptick in COVID-19 infections was visible early into the nationwide Black Lives Matter protests, which implicates an earlier cause. The most likely one was the Memorial Day weekend celebrations that took place before George Floyd’s murder sparked widespread outrage.
Indeed, a further analysis did not show an uptick of COVID-19 infections even 4 weeks into the nationwide protests (which is two incubation periods).
Instead, the sharp spike in COVID-19 infections–factoring in the incubation period–coincided with states reopening their bars and restaurants. (Especially Florida.)
Why Things Are So Bad Today
The problem that America faces is the same one we’ve been faced with for many decades: Rampant Anti-Intellectualism.https://www.youtube.com/embed/bZnBL2dFgyI?feature=oembed
American anti-intellectualism is the juxtaposition of proud ignorance and conspiracy theories.
Let me ask all you female mask wearing ASSHOLES… are you ready to put a burka on next?That mask is NOT about your safety…. it's about MIND CONTROL
The only reason I know masks are worthless is because Andrew Cuomo keeps telling EVERYONE to wear one
Stick it up your ass!
— 🇺🇸🍺TRUMP WON🍺🇺🇸 (@PISDI94_96) June 30, 2020
Tweet is also archived in case it gets deleted.
Anti-intellectualism takes many forms:Every single time y'all tell me you're not ready to submit a talk on a subject you've been researching for months, I want you to think about "I don't actually ride in Ubers" internet-commentator guy. pic.twitter.com/aK2LAcFtzb— Lesley Carhart (@hacks4pancakes) July 1, 2020
People are so willing to die on the hill of their ignorance that even literally dying doesn’t deter them from campaigning for self-destruction.
RIGHT NOW: Dozens are marching in Sanford chanting “My body. My choice.” They are protesting after a mask order went into place in Seminole County today. pic.twitter.com/kMT7EebDKN— Stephanie Buffamonte (@StephBuffamonte) July 1, 2020
The reason that things are so bad in the United States of America boils down to the following:
- Too many Americans are proud to be ignorant, and in many cases, argue in support of “my ignorance is just as good as your facts”.
- Too many Americans are susceptible to bullshit conspiracy theories.
- Too many Americans are so selfish and short-sighted that they’d rather go to bars and waste money they don’t have on alcohol and shallow conversation than save the lives of the people they profess to love and care about.
- Conservative politics and media is a death cult that literally turned “wearing a mask to stop COVID-19” into a culture war issue.
- The people I’ve described in points 1-4 vote in every election, to make sure someone representing their bullshit has a seat at the political table.
It’s far too tempting to scapegoat the sitting President–especially when they’re as terrible as Donald J Trump. But if you do that, you’re ignoring the reason that he’s in the oval office to begin with.
Willful Ignorance Kills
I’ve talked about this before, when I used to write on Medium:
- https://medium.com/@soatok/american-ignorance-in-2020-c72c78d11dbb
- https://medium.com/@soatok/dear-furries-bullshit-and-misinformation-will-hurt-you-4a6f531d62bd
The sole cause for the situation we’re in is the same anti-intellectualism that Isaac Asimov complained about back in 1980.
Even if you want to solely blame Donald Trump, about 40% of Americans currently approve of his presidency (archive).
How to Escape This Hellscape
Art by Swizz.
The only way to get out of the mess we’re in today is to stop tolerating ignorance and bullshit in your daily life. (Yes, this means you too, furry fandom! It’s not “all fun and games” anymore.)
That means, at a minimum:
- Not spreading the Myers-Brigg personality test bullshit
- Not giving the anti-LGBTQIA+ bigots at Chick-Fil-A any money
- Listening to experts (this means: SCIENTISTS, not talk show hosts or politicians)
- Being willing to admit “I don’t know” and then being curious enough to seek the truth
- Stop reading or financially supporting biased news media
Even if we manage to get out of the current COVID-19 hellscape without addressing these flaws, the next catastrophe will hit us just as hard.
Can People’s Minds Be Changed?
No. I don’t think most of the willfully ignorant assholes currently living in America that favor Trump’s presidency today are willing and capable of redemption.There will be exceptions, and we should remain open to the possibility of some people coming around, but in general most of these jerks will dig their heels in when pressured.
Instead, we’re going to have to wait for them to die off naturally.
What we can do in the meantime is promote better education for the American kids.
https://www.youtube.com/embed/ILQepXUhJ98?feature=oembed
A nation of enlightened free-thinkers fully capable of critical thought would be a good thing (even if Carlin thinks it will never happen). And we can get there, eventually.
All it takes is everyone deciding to be humble and actually verify what other people tell them (n.b. by referencing reputable sources).
It might not make a difference today, but in 10 or 20 years, a consistent effort to enable younger Americans to become smarter, wiser, and more empathetic than their parents and grandparents will change the political landscape of our country–and maybe even the world–for the better.
Art by Khia
Of course, the Powers That Be know that, which is why we see bullshit like this keep happening during a pandemic:
With a stroke of his veto pen, Gov. Ron DeSantis wiped out the entire $29.4 million budget for a suite of online education services that have become critical to students and faculty during the Covid-19 outbreak https://t.co/6PMop4SIPv— POLITICO (@politico) June 30, 2020
Remember, DeSantis is the governor of the state whose COVID-19 infections-per-day graph looks like this:
You can see a clear data pattern with Florida's COVID-19 with a lull each Sunday. I've computed the baseline for this week (Sunday's numbers) and the last two weeks' increase relative to Sunday. We're easily on track to hit 10,000 new cases Friday-ish, maybe even higher. pic.twitter.com/8pnXF5uEwR— 💙💛 "Dog Boy" Nex' 💙💛 (@NexJql) July 1, 2020
It won’t be easy. Bullshit is everywhere. But it’s doable.
Addendum: A Carnival of Stupid
In case you still had any doubt about the potent lethality of American anti-intellectualism, look no further than this story:Florida teen dies after conspiracy theorist mom takes her to church ‘COVID party’ and tries to treat her with Trump-approved drug: report – https://t.co/Bw3SMVitxx— Jeffrey Levin 🇺🇦 (@jilevin) July 6, 2020
We have to demand better of ourselves before we can demand better of others. But damn if the bar isn’t really, really low to begin with.
I believe someday we'll open up textbooks and find this screenshot under the definition of "cognitive dissonance". pic.twitter.com/n535Obq6SB— 🦊 Ennex is trying this again! 🦊 (@EnnexTheFox) July 7, 2020
The White House Press Secretary on Trump's push to reopen schools: "The science should not stand in the way of this."
— Jim Acosta (@Acosta) July 16, 2020
https://soatok.blog/2020/07/02/how-and-why-america-was-hit-so-hard-by-covid-19/
We’ve more-or-less all been coping with the pandemic since early March.
During this time, I’ve seen a lot of people stressed and depressed to their breaking points, usually while also blaming themselves for not being able to bottle their feelings up and believing no one else is at their limit.
And that’s simply not true. Everyone is suffering, everyone is coping. Not just from the pandemic and the stress and isolation of avoiding the risk of infection, but from the other social ills of our world.
In a different vein, three different colleagues recently told me that I make blogging “look easy” because of the rate that I manage to output new blog posts here.
And if we take a step back and look at both situations, there’s a subtle theme here that I’d like to explore: The unseen.
Seeing Without Seeing
Everything you know about the world is an abstraction of the truth.
That isn’t some philosophical pontification, it’s a plain and simple fact. You don’t know what’s going on in anyone else’s brain at any given moment (especially if they have no inner monologue at all).
Under better times and better conditions, I’d say that the surest and fastest path to being mental unwell (depressed, anxious, etc.) is comparing your behind-the-scenes footage to other peoples’ highlight reels.
Social media is nothing but highlight reels.
Hell, this very blog is a highlight reel of the ideas I managed to flesh out into a coherent structure.
Nobody would ever have known the stress, frustration, and nihilism that goes into trying to come up with a topic to write about if I didn’t just allude to it in this sentence. My writing process is too informal to articulate and very unhelpful to anyone who has to write words for a living: If I can’t think of what I want to say and why, I don’t write. It’s that simple. I can’t force it. I’ve tried. And sometimes I have very strong opinions about certain topics, or something really funny happened, or I observed something really noteworthy that should probably be captured and immortalized in prose… yet, I just can’t figure out how to put it into words, so it languishes forever.
And yet, so many people are so over-exposed to this polished and curated filter bubble, I fear they’ve lost sight of the human experience, and how badly we all struggle and fuck up all the time.
The isolation sure isn’t helping.
The Political Queer Experience
Being LGBTQIA+ in the United States of America is quite an experience, whew, let me tell ya.
https://twitter.com/DogpatchPress/status/978408138612158464
https://twitter.com/NazifurReceipts/status/1325207247157301249
Sometimes I have to ask myself: Does anyone really believe that the Trump administration or the GOP is actually pro-LGBT? Surely nobody could have missed the memo? To wit:
- GLAAD has outlined all the ways that Trump has harmed LGBT rights.
- The Human Rights Campaign has outlined Trump’s timeline of hate.
- The Republican Party platform for 2020 under Trump’s leadership (PDF) specifically called for a reversal of Obergefell v. Hodges (the case that allowed for gay marriage rights). See Page 9.
It’s even worse when you hear from alleged “Gays for Trump” or even “Furries for Trump”.
It’s bizarre; how can so many people support someone who wants to hurt them?
Enter Dean Browning
Dean Browning is a political candidate from Pennsylvania who lost the Republican primary in 2020. He also runs a PAC.
When he’s not siphoning money from the pockets of gullible American conservatives, Dean Browning likes to pretend to be a black gay guy named Dan Purdy on social media to try to deceive the public about the Republicans’ intentions for the LGBTQIA+ community.
https://twitter.com/SoatokDhole/status/1326270305933942784
His cover was blown when he forgot to switch to his alt account (which apparently is owned by his adopted son?) to attempt to astroturf a critic. He then tried to offer “context” into the tweet.
Neither the original fuck-up nor his nonpology went unnoticed:
https://twitter.com/NerdyBlkGyrl/status/1326285558570692608
https://twitter.com/studentactivism/status/1326270324783132673
Sometimes the unseen gets revealed to us through truly spectacular mistakes.
Furries Improve Everything
I know I just talked about politics and we’re all sick of it, but I want to briefly visit this topic one more time for the sake of setting the stage.
Remember this?
https://twitter.com/thatbilloakley/status/1325152158866567168
Never one to miss a beat, Coopertom (the cat fursuiter from the infamous cursed photo) decided to remake this hilarious performance art of a gaffe in VRChat.
https://twitter.com/thecoopertom/status/1325710953305026560
This blew up. You’ve probably seen news coverage of this event. It made The Verge, it made BuzzFeed. Hell, it even made PC Gamer.
For many readers, this is the first time they read about the furry fandom in a positive light.
For the first many years of the furry fandom’s existence, our media strategy was nonexistent.
We kinda just winged it (with apologies to avian furries), and the end result was an episode of CSI about furries that was so inaccurate and bad in its portrayal of the furry fandom as sex-obsessed losers that if you type “that episode” into Google, it’s the first search result.
Unfortunately, this has stuck in the public imagination for many, many years since. Almost every interaction I’ve had online has been colored by a history of bad press that the many recent years of fair coverage hasn’t abated.
As a result, almost nobody outside of the furry fandom truly has the slightest clue about who we really are, or how incredible the community can be.
Even most furries don’t know this!
Let’s circle back to Coopertom. What many of the folks who saw the news coverage of his VRChat world didn’t see is that he later posted this…
https://twitter.com/thecoopertom/status/1325912477209649154
…followed a few hours later by this:
https://twitter.com/thecoopertom/status/1326000299954343937
I don’t think even Coopertom anticipated how much love and kindness he would be met with by the community he’s been a part of for at least a decade. He surely wasn’t counting on it. You can hear that much in his voice.
Everyone who hates furries because an old CSI episode portrayed us in an unflattering light–or because of the actions of a scant few individuals that did terrible things and are consequently not welcome in our community–has chosen to blind themselves to what this fandom is really about, and they will forever be Plato’s cave-dwellers as a result.
The furry fandom has always been about humanity.
Whether to celebrate or to critique? That depends on the individual.
Anyone who tells you different is missing the point. (To be explicit: The point isn’t sex, although we aren’t exactly prudes.)
Can We Take the Blinders Off?
A few years ago there was a TED talk to commemorate 1000 TED Talks, in which the speaker recursively used Amazon Mechanical Turk to summarize each of the talks into six words each, and then to summarize the summaries, etc. until he landed on a mere six.
https://www.youtube.com/watch?v=e5pklFtGthY
In the same spirit, I’ve been thinking what the six words that describe the furry fandom would be. (Spoiler: See the title of this blog post.)
Whether you’ve been a furry since the days of SomethingAwful trolls or are just discovering your interest for anthropomorphic characters, you’re not alone.
No matter how depressed, frustrated, stressed, angry, despaired, hollow, hopeless, or scared you might feel about your life, it gets better.
This video was made before the pandemic, but it hits differently after:
https://www.youtube.com/watch?v=waAVJtE23Wo
If I can be said to be coping well (and making blogging seem easy as a result), it’s simply because I’m privileged to have so many good friends to lift up my spirits. It’s not a reflection of me being somehow special, and it isn’t a poor reflection on you or anyone else if you aren’t.
But on the other paw, I utterly failed to gripe about a recent irksome instance of sensationalist cryptography reporting, as well as the recent anti-encryption legislation in the Five Eyes nations. So maybe I’m not doing as hot as some of you might think I am? Win some, lose some.
https://twitter.com/thecoopertom/status/1326373134161862657
https://soatok.blog/2020/11/11/youre-not-alone-it-gets-better/
#coping #happiness #LGBTQIA_ #mentalHealth #pandemic #Politics #Society
I rarely think about the labels that describe me.That isn’t because of privilege (I spent many years painfully aware of them), but because my friends are incredibly supportive and we’ve been able to cultivate an environment where I’m not constantly reminded of why I don’t “belong”. (It took many grueling years to achieve that, and I’m still reminded of my weirdness if I leave home for any appreciable length of time. Fortunately, I’m a bit of a homebody.)
The majority of people don’t think about their labels either, but for privileged reasons, until a minority calls it to their attention. Then you get almost-comical indignant hot takes of the “don’t call me cis, that’s a slur!” variety.
At least, they would be comical if they weren’t so stupid and dangerous.
Identity
Identity is a funny thing. I actually find rather insulting the proposition that you can take the vast diversity of the lived experiences of billions of people and compress it into one bit of information.“Are you a YES or a NO?” “Are you X or Y?” “Are you good or evil?”
Labels are a lossy compression algorithm. They’re meant to simplify and convey ideas so they’re more broadly accessible and easily understood. In practice, people are overly reliant on them, and they become a crutch.
Sure, you can think of me as an androsexual, demisexual, cisgender male with a dhole fursona, but do most of us even know what that means?
Pride
Pride is a protest against unjust systems. Pride started with a riot in response to police violence and discrimination. You probably didn’t learn about Pride in great detail in history class (if at all).Pride parades in recent years have been co-opted by what some call “rainbow capitalism”.
And this obviously feels really gross, but at the same time, it’s often somehow forgivable that companies use Pride Month (June) to show active support for their LGBTQIA+ employees. (If nothing else, it assures us that we won’t suddenly become unemployed if someone accuses us of falling in love with a person with the “wrong” phenotype, etc.)
There are currently a lot of hard conversations taking place about a different target of police violence and discrimination.
I hope that the protests happening today will result in the change our world needs, so that everyone can live equally without fear or shame for who they are.
This will almost certainly require dismantling racist systems and rebuilding them without the tainted legacy they originated from.
That being said, I’ve never really been fond of the emotion, pride. It feels inherently reckless to me. At the same time, I acknowledge it’s a great foil for the emotions that bigots want us to feel (fear, shame, despair, self-loathing, etc.). If that works for you, I’m happy. Keep on keeping on.
Rather than pride, I’ve always sought contentment and joy in my life.
Authenticity means a lot to me, and being fearlessly and shamelessly me is something I shouldn’t have to work for or feel proud about; nor should anyone else.
Contentment and joy… there used to be another word folks used to encapsulate that genre of emotion: Gay.
It always comes full-circle, doesn’t it?
A Dream To Seek
Society has numerous institutions and systems that are designed and implemented to ensure discrimination and injustice against people who are different than their architects.
As long as bigoted institutions and systems exist, society will always need movements like Pride and Black Lives Matter to resist atrocity and inspire loud authenticity, in equal measure.
So it might sound odd to say without the above context, but as a strong proponent of human rights and equality, I dream of the day when these movements no longer need to exist; for the day when their job is done and we have moved past the specter of hate that continues to haunt each generation that survives its direct violent influence. I say this knowing that this day will probably never come (at least in my lifetime).
Until bigotry is abolished, and bigotry’s apologists recognize that they’re little more than asymptomatic carriers of that vile psychic pathogen, I will continue to strive to enable everyone I can reach to enjoy the same peace that my friends and I have built at home.
No matter your sex. No matter your gender. No matter the gender(s) you’re attracted to (if any). No matter your race or ethnicity.
The labels people use to describe us shouldn’t condemn anyone to a life of misery and injustice.
The day we cultivate a society that is absent of, and resistant to, the kind of hate and discrimination we’ve seen for centuries will be a day worthy of pride.
And the only way to get there is to acknowledge a simple truth: Black Lives have to Matter in order for the superset (“All Lives”) to Matter.
What Do Your Labels Mean?
This will probably be my only Pride Month post on this blog, so I suppose it makes sense to explain them.I’m a guy, who’s attracted to guys (thus, androsexual)… but I don’t exactly have a “type”. I have to genuinely like a person to find them attractive. That’s the demisexual part.
Most people understand being gay, conceptually. Asexuality might also click readily without a lot of exposition.
Being demi is weird: You spend a lot of time wondering if you’re asexual or not, until you actually develop feelings for someone else for the first time.
Cisgender just means “not transgender”; that is to say, I identify as the same gender I was assigned at birth.
If that’s helpful to know, cool. But you don’t have to think of me in those terms. I’m just Soatok.
https://soatok.blog/2020/06/09/pridemonth/
If living through the COVID-19 pandemic has taught us anything–and it surely hasn’t–it would be the importance of friendship and community to our physical and emotional well-being.
For more on the subject of People Who Ought to Know Better Not Learning the Obvious Lessons from Misfortune, one needs look no further than social media.
Popularity
One of the reoccurring topics of the Discourse on Furry Twitter is those gosh-darned popufurs–loosely defined as “anyone with a higher follower account than you”.
I’ve written an analysis post back when I posted on Medium that covered friendship and popufurs, which inspired Stormi to create a YouTube video about the topic:
I’ve never experienced popularity, but I’ve been close personal friends with a few people who do, and I’ve witnessed the fallout of parasocial relationships. Archantael did a really good video on that subject:
https://www.youtube.com/watch?v=cXGyKaOEz8I
Loneliness
One of the most dangerous falsehoods that too many furries believe about popularity is that you can’t be popular and lonely at the same time.
Loneliness was already an epidemic before COVID-19, and the prolonged social isolation has led to a lot of relationship strain, to say the least.
In the past year, we’ve seen a lot of long-term, loving relationships end abruptly. We’ve seen people who were coping with mental health issues suddenly succumb to them. Tempers hasten. Patience shorten. It’s been a royal clusterfuck, and at least in America, there’s no end to it in sight.
Friendship
I think a big problem that rarely gets talked about is that our society is plagued by weird beliefs about what friendship is or ought to be.
The “Friend Zone” Myth
One of the most deplorable myths about friendship is the so-called “friend zone”. The story goes something like this:
- When you meet someone, they’re a stranger. No arguments there.
- Once you and them start to gain familiarity, they become an acquaintance.
- After you’ve spent some time as an acquaintance, they become a friend.
- At this point, if your gender identities and sexual orientations are compatible, you’re expected to move onto some sort of romantic interest–be it a friendship “with benefits”, romantic partner, or something in-between.
- Once you’ve courted a number of flings, you progress towards a higher caliber of relationship. Namely: Marriage.
The reasoning goes: If you befriend a potential romantic partner, and remain friends, you’re somehow stuck on a less valuable step than what you should desire, and therefore should feel bad about it.
That’s what people say when they accuse someone of being in the “friend zone” by another person.
This mental model of viewing relationships is just dripping with the sort of hetero-normative patriarchy that feminists famously oppose, but not enough people actually listen to long enough to realize they also have your best interests in heart when they levy their critiques.
The belief in the Friend Zone leads to the cheapening of friendships in pursuit of sexual and romantic fulfillment. It’s inherently exclusionary to platonic expressions of love, asexuality, and polyamory.
Toxic Positivity
Life sometimes sucks.
Sometimes, the only way to cope with the suckage of life is to commiserate to your friends.
A good friend will listen, empathize with your experiences, and maybe even share their own. Friendship is rooted in shared vulnerability and appreciation.
But sometimes you encounter one of the Toxic Positivity proponents. “You’re bringing me down.” “Why are you depressed all the time?” We’ve heard it all before.
But toxic positivity is often more subtle than that. I’ll give you an example:
A good friend will tell you when you’re being an asshole, and try to talk you down from making foolish mistakes that will only hurt your future happiness.
Sometimes these conversations are tense and stressful. Sometimes you have to seem cruel to be kind. People are complicated.
And while I can understand not wanting to deal with high levels of stress all the damn time, there comes a time when you have to deal with the problems in front of you. Negative peace leads to a net negative.
Social Climbing and Disposable Friends
This one’s straight out of the “Actions Speak Louder Than Words” genre, and often follows from toxic positivity.
Some people try to walk the social graph in order to position themselves near popular members of the community so they might benefit from others’ popularity.
Some people treat their friends as disposable and temporary, moving from group to group over the years, rather than face accountability for their own terrible behavior.
Some people do both of those things.
https://www.youtube.com/watch?v=BI0lfO9_BAc
Happiness
Friendship and community are essential for humans to be happy. This is the conclusion of The Happiness Hypothesis.
Happiness does not come from within. It’s not something that you can summon into existence through sheer force of will.
Happiness does not come from without. It’s not a lost treasure that you have to go forth and dig up somewhere.
Happiness comes from in-between; from the strong and weak bonds in our lives. It’s our sense of closeness and vulnerability to others within our close friendships and broader communities that lead to happiness.
https://www.youtube.com/watch?v=4q1dgn_C0AU
Asking Ourselves “Why?”
Why do people pursue romance at the expense of friendships?
Why do people construct filter bubbles based on superficial positivity?
Why do people try to use others as stepping stones towards their ambitions or treat their friendships as disposable and temporary?
Why do we as a social species do all of this when we need friendships and communal bonds to be happy?
I think a lot of the time, the answer boils down to “ego”.
Ego
We as a species pay lip-service to friendship when it serves our self-interest, but discard its importance the second friendship becomes inconvenient.
Our ego–especially if we practice monogamous relationships–dictate that the only way to be “successful” in sex and love is to be in a committed relationship and friendship is just a stepping stone on the way to the real goal.
Our ego gets bruised when our friends show us tough love by speaking the truth.
Our ego drives us to strive for bigger numbers and stronger dopamine hits, even if it means using and abusing people along the way.
That’s what I take it to mean when Buddhists say that desire and ignorance lie at the root of suffering.
We want things, and we don’t know why we want them, but we do. And we will destroy ourselves and everyone we profess to love in pursuit of it. We’ll even destroy the habitability of our only planet in service to these desires.
Or we could, simply, not do that. If there’s one thing our ego loves, it’s to be reminded that we have a choice. That we’re in control.
As a hacker, exploiting a mechanism to undermine its normal goals is something I find a lot of beauty in. Hijacking the self-destructive nature of your own ego in service of your better nature is a masterpiece.
Choice
You are the protagonist of your own story. You can’t control what the universe throws as you, but you do get to decide what it means for you. Why not choose a better lesson?
And that’s usually enough to lead us to making better decisions, showing greater affection and appreciation for the people in our lives, and being more capable at coping with the endless hellscape that is other, often shitty, people.
https://www.youtube.com/watch?v=CSM3Uml4Xpo
Soatok’s Friends
I’m fortunate to know a lot of excellent people, both within and without the furry fandom. Most of my closest friends don’t have enormous social media followings. Some of my friends do!
I believe it’s important for friendships to be genuine and not transactional.
Belmont / Doomalorian
My oldest friend recently made a fursona, so he can be more involved with my participation in the furry fandom.
Most of you don’t know him yet, but if you think I’m cool, you’ll almost certainly like him too. We’ve been friends for over 12 years and live together.
His furry account is @BelmontLion.
He also has a non-fandom account, @Doomalorian, which is also his Twitch.tv channel.
https://twitter.com/Doomalorian
In the future, I’ll be picking up Twitch streaming again. I’ll probably play a bunch of games with my friends and generally just have a lot of fun with it. If that sort of thing interests you, stop by his streams and maybe give him a follow.
https://soatok.blog/2020/10/22/nearly-everyone-underestimates-the-importance-of-good-friendships/
#friends #friendship #furries #furry #FurryFandom #Society
As America prepares for record-breaking infection statistics on a daily basis, many of us are looking at other countries safely reopening and wondering, “Why can’t we have nice things?”
Of course, everyone has their favorite target to blame for this catastrophe. Democrats blame Republicans. Republicans blame Democrats.
I’m not interested in blame. Regardless of who takes the blame in the end, the responsibility for fixing this problem is shared among everyone. Instead, I’m more interested in answering the “Why?” question.
Why Did Things Get This Bad?
There are a lot of popular theories–many of them politically useful–about why the COVID-19 crisis is particularly bad in the United States.
A Failure of Trump’s Leadership?
Let’s get this one out of the way:Was the current hellscape we found ourselves in a direct consequence of Donald J Trump’s failure to ethically and responsibly use his power as President of the United States in the best interest of the people?
https://www.youtube.com/embed/svrxYLvJYto?feature=oembed
“It’ll miraculously go away in April!” – Morons
It’s certain that Trump has totally failed at leadership, but I don’t think that’s a satisfactory explanation for the current crisis.https://www.youtube.com/embed/s9vzT-0hchw?feature=oembed
That is not to say that Trump is without fault! Just that the problem is bigger than one idiot in a three piece suit.
Challenges Due to Scale?
A lot of the countries that performed better at responding to COVID-19 had smaller populations and occupied smaller land masses than the United States. Is that a reasonable explanation for why the USA suffers?Per-capita analyses and samples from other countries with similar populations and occupied surface area would be consistent with the USA if that was the reason. This problem is mostly uniquely American.
Are the Protesters at Fault?
COVID-19 has an incubation period of up to two weeks.The first signs of an uptick in COVID-19 infections was visible early into the nationwide Black Lives Matter protests, which implicates an earlier cause. The most likely one was the Memorial Day weekend celebrations that took place before George Floyd’s murder sparked widespread outrage.
Indeed, a further analysis did not show an uptick of COVID-19 infections even 4 weeks into the nationwide protests (which is two incubation periods).
Instead, the sharp spike in COVID-19 infections–factoring in the incubation period–coincided with states reopening their bars and restaurants. (Especially Florida.)
Why Things Are So Bad Today
The problem that America faces is the same one we’ve been faced with for many decades: Rampant Anti-Intellectualism.https://www.youtube.com/embed/bZnBL2dFgyI?feature=oembed
American anti-intellectualism is the juxtaposition of proud ignorance and conspiracy theories.
Let me ask all you female mask wearing ASSHOLES… are you ready to put a burka on next?That mask is NOT about your safety…. it's about MIND CONTROL
The only reason I know masks are worthless is because Andrew Cuomo keeps telling EVERYONE to wear one
Stick it up your ass!
— 🇺🇸🍺TRUMP WON🍺🇺🇸 (@PISDI94_96) June 30, 2020
Tweet is also archived in case it gets deleted.
Anti-intellectualism takes many forms:Every single time y'all tell me you're not ready to submit a talk on a subject you've been researching for months, I want you to think about "I don't actually ride in Ubers" internet-commentator guy. pic.twitter.com/aK2LAcFtzb— Lesley Carhart (@hacks4pancakes) July 1, 2020
People are so willing to die on the hill of their ignorance that even literally dying doesn’t deter them from campaigning for self-destruction.
RIGHT NOW: Dozens are marching in Sanford chanting “My body. My choice.” They are protesting after a mask order went into place in Seminole County today. pic.twitter.com/kMT7EebDKN— Stephanie Buffamonte (@StephBuffamonte) July 1, 2020
The reason that things are so bad in the United States of America boils down to the following:
- Too many Americans are proud to be ignorant, and in many cases, argue in support of “my ignorance is just as good as your facts”.
- Too many Americans are susceptible to bullshit conspiracy theories.
- Too many Americans are so selfish and short-sighted that they’d rather go to bars and waste money they don’t have on alcohol and shallow conversation than save the lives of the people they profess to love and care about.
- Conservative politics and media is a death cult that literally turned “wearing a mask to stop COVID-19” into a culture war issue.
- The people I’ve described in points 1-4 vote in every election, to make sure someone representing their bullshit has a seat at the political table.
It’s far too tempting to scapegoat the sitting President–especially when they’re as terrible as Donald J Trump. But if you do that, you’re ignoring the reason that he’s in the oval office to begin with.
Willful Ignorance Kills
I’ve talked about this before, when I used to write on Medium:
- https://medium.com/@soatok/american-ignorance-in-2020-c72c78d11dbb
- https://medium.com/@soatok/dear-furries-bullshit-and-misinformation-will-hurt-you-4a6f531d62bd
The sole cause for the situation we’re in is the same anti-intellectualism that Isaac Asimov complained about back in 1980.
Even if you want to solely blame Donald Trump, about 40% of Americans currently approve of his presidency (archive).
How to Escape This Hellscape
The only way to get out of the mess we’re in today is to stop tolerating ignorance and bullshit in your daily life. (Yes, this means you too, furry fandom! It’s not “all fun and games” anymore.)
That means, at a minimum:
- Not spreading the Myers-Brigg personality test bullshit
- Not giving the anti-LGBTQIA+ bigots at Chick-Fil-A any money
- Listening to experts (this means: SCIENTISTS, not talk show hosts or politicians)
- Being willing to admit “I don’t know” and then being curious enough to seek the truth
- Stop reading or financially supporting biased news media
Even if we manage to get out of the current COVID-19 hellscape without addressing these flaws, the next catastrophe will hit us just as hard.
Can People’s Minds Be Changed?
No. I don’t think most of the willfully ignorant assholes currently living in America that favor Trump’s presidency today are willing and capable of redemption.There will be exceptions, and we should remain open to the possibility of some people coming around, but in general most of these jerks will dig their heels in when pressured.
Instead, we’re going to have to wait for them to die off naturally.
What we can do in the meantime is promote better education for the American kids.
https://www.youtube.com/embed/ILQepXUhJ98?feature=oembed
A nation of enlightened free-thinkers fully capable of critical thought would be a good thing (even if Carlin thinks it will never happen). And we can get there, eventually.
All it takes is everyone deciding to be humble and actually verify what other people tell them (n.b. by referencing reputable sources).
It might not make a difference today, but in 10 or 20 years, a consistent effort to enable younger Americans to become smarter, wiser, and more empathetic than their parents and grandparents will change the political landscape of our country–and maybe even the world–for the better.
Of course, the Powers That Be know that, which is why we see bullshit like this keep happening during a pandemic:
With a stroke of his veto pen, Gov. Ron DeSantis wiped out the entire $29.4 million budget for a suite of online education services that have become critical to students and faculty during the Covid-19 outbreak https://t.co/6PMop4SIPv— POLITICO (@politico) June 30, 2020
Remember, DeSantis is the governor of the state whose COVID-19 infections-per-day graph looks like this:
You can see a clear data pattern with Florida's COVID-19 with a lull each Sunday. I've computed the baseline for this week (Sunday's numbers) and the last two weeks' increase relative to Sunday. We're easily on track to hit 10,000 new cases Friday-ish, maybe even higher. pic.twitter.com/8pnXF5uEwR— 💙💛 "Dog Boy" Nex' 💙💛 (@NexJql) July 1, 2020
It won’t be easy. Bullshit is everywhere. But it’s doable.
Addendum: A Carnival of Stupid
In case you still had any doubt about the potent lethality of American anti-intellectualism, look no further than this story:Florida teen dies after conspiracy theorist mom takes her to church ‘COVID party’ and tries to treat her with Trump-approved drug: report – https://t.co/Bw3SMVitxx— Jeffrey Levin 🇺🇦 (@jilevin) July 6, 2020
We have to demand better of ourselves before we can demand better of others. But damn if the bar isn’t really, really low to begin with.
I believe someday we'll open up textbooks and find this screenshot under the definition of "cognitive dissonance". pic.twitter.com/n535Obq6SB— 🦊 Ennex is trying this again! 🦊 (@EnnexTheFox) July 7, 2020
The White House Press Secretary on Trump's push to reopen schools: "The science should not stand in the way of this."
— Jim Acosta (@Acosta) July 16, 2020
https://soatok.blog/2020/07/02/how-and-why-america-was-hit-so-hard-by-covid-19/
My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs.
…Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I know.
A lot of people online claim they “hate furries”, but almost none of them quite understand how prolific our community is, let alone how important we are to the Internet. As Stormi the Folf puts it…
I guarantee you the internet would collapse in a most horrific manner if all the furries in the world got Thano's snapped.They *run* the internet in more ways than most people realize
— 🦊Stormi the Folf🐺 🔜FWA (@StormiFolf) April 23, 2020
Stormi is the Potato of Knowledge and Floof
What Stormi’s alluding to is true, and that’s a tale best told by an outsider to our community.
Telecommunications as a whole, which also encompasses The Internet, is in a constant state of failure and just in time fixes and functionally all modern communication would collapse if about 50 people, most of which are furries, decided to turn their pager off for a day. https://t.co/k1UqOv5kpd— Ẑ͚͔͍̻̤̟ä̶̼̗̟͔́̿̾̓n̬͙̫̿͑͊̈̚d̡̰̭̞͖̟̖̟ͬ̚ê̺͖̂ͩ̀̉ͣrͪ̓ (@mmsword) November 28, 2019
Their follow-up tweet that elaborates on furry involvement is here.
So I’d like take the time to explain why nobody should ever underestimate the ingenuity or positivity of the furry community.
The Furry Fandom Has Saved Lives
https://www.youtube.com/embed/3h9sO17CV9A?feature=oembed
This is just one of many anecdotes. You can find many more here.
Although the furry fandom is widely misunderstood, it’s difficult to overstate how many lives have been saved and enriched by our community.
I wanted to share this touching moment. @Reo_Grayfox was telling me his story, and said those lines while staring straight into his fursuit's eyes. Hearing personal stories like this makes you appreciate the vastly diverse reasons why the furry fandom is essential to so many. pic.twitter.com/fD09Wmv6mf— Joaquín Baldwin (@joabaldwin) January 22, 2018
Furries Provide Much-Needed Comfort to Others
In 2016, refugees from the civil war in Syria ended up in a hotel in Canada. This would have been an utterly remarkable fact if it wasn’t the same hotel and weekend as the local furry convention, Vancoufur.
The kids loved it.
This isn’t an isolated incident either. Our community is well-known for kindness and generosity in spades.
https://charcoalthings.tumblr.com/post/132996328881/i-will-defend-furries-to-my-grave
https://wakor.tumblr.com/post/126072529744/ok-you-know-what
What’s there to hate?
The Furry Fandom is Collectively Pretty Bad-Ass
No, not like that.
The fandom is bad-ass in as many ways as the fandom is incredibly diverse.
90s furries built the Internet pic.twitter.com/Gicxme2HkT— SwiftOnSecurity (@SwiftOnSecurity) April 30, 2019
SwiftOnSecurity knows the truth about more than just corn.
So one of my friends said furries pretty much run the US nuclear response communication networks. Just in case you're worried about Trump.— SwiftOnSecurity (@SwiftOnSecurity) November 12, 2016
Seriously.
Some of the Most Talented People You’ll Ever Meet Are Furries
eSports Champions:
https://www.youtube.com/embed/TWhrECl6zOY?feature=oembed
Musicians:
https://open.spotify.com/embed/album/4NlXsjKmcWegIfQEI0JzHK?utm_source=oembed
Artists and costume makers: I could literally link to hundreds of artists here. Follow me on Twitter; I retweet a lot of cute stuff.
Pretty much everything you could aspire to be that isn’t also terrible, if you look hard enough, you’ll find furries in the leaderboards having a fun time with it all.
The only reason to hate furries is thinly-veiled homophobia, because only about 25% of furries are heterosexual.
Why So Curious?
If I’ve made you curious about our community, and now you want to learn more about us, I’ve got you.
https://www.youtube.com/embed/K2XeOxWW2oY?feature=oembed
Psychology Today: What’s the Deal with Furries?
Furry Fandom Documentary When?
https://www.youtube.com/embed/cF9DQQsUcs0?feature=oembed
Ash Coyote is releasing a documentary about our subculture soon, titled The Fandom. You can find out more about it on her YouTube channel.
https://soatok.blog/2020/04/23/never-underestimate-the-furry-fandom/
#furries #furry #FurryFandom #hateMail #positivity #Society
There are two news stories today. Unfortunately, some people have difficulty uncoupling the two.
- The Team Fortress 2 Source Code has been leaked.
- Hackers discovered a Remote Code Execution exploit.
The second point is something to be concerned about. RCE is game over. The existence of an unpatched RCE vulnerability, with public exploits, is sufficient reason to uninstall the game and wait for a fix to be released. Good on everyone for reporting that. You’re being responsible. (If it’s real, that is! See update at the bottom.)
The first point might explain why the second happened, which is fine for the sake of narrative… but by itself, a source code leak is a non-issue that nobody in their right mind should worry about from a security perspective.
Anyone who believes they’re less secure because the source code is public is either uninformed or misinformed.
I will explain.
Professor Dreamseeker is in the house. Twitch Emote by Swizz.
Why Source Code Leaks Don’t Matter for Security
You should know that, throughout my time online as a furry, I have been awarded thousand dollar bounties through public bounty programs.How did you earn those bounties?
By finding zero-day vulnerabilities in those companies’ software.But only some of those were for open source software projects. CreditKarma definitely does not share their Android app’s source code with security researchers.
How did you do it?
I simply reverse engineered their apps using off-the-shelf tools, and studied the decompiled source code.Why are you making that sound trivial?
Because it is trivial!If you don’t believe me, choose a random game from your Steam library.
Right click > Properties. Click on the Local Files tab, then click “Browse Local Files”. Now search for a binary.
Me, following these steps to locate the No Man’s Sky binary.
If your game is a typical C/C++ project, you’ll next want to install Ghidra.Other platforms and their respective tools:
If you see a bunch of HTML and JS files, you can literally use beautifier.io to make the code readable.
Open your target binary in the appropriate reverse engineering software, and you can decompile the binary into C/C++ code.
Decompiled code from No Man’s Sky’s NMS.exe file on Windows.
Congratulations! If you’ve made it this far, you’re neck-and-neck with any attacker who has a leaked copy of the source code.Every Information Security Expert Knows This
Almost literally everyone working in infosec knows that keeping a product’s source code a secret doesn’t actually improve the security of the product.There’s a derisive term for this belief: Security Through Obscurity.
The only people whose job will be made more difficult with the source code leak are lawyers dealing with Intellectual Property (IP) disputes.
In Conclusion
Remote Code Execution is bad.The Source Code being public? Yawn.
Pictured: Soatok trying to figure out why people are worried about source code disclosure when he publishes everything publicly on Github anyway (2020). Art by Riley.
Update: Shortly after I made this post, I was made aware of another news story worthy of everyone’s attention far more than FUD about source code leaks.With the Source leaks happening today, I think everyone is missing the most important part: how much does Valve swear? I tallied up instances of these words in the leak*:"fuck": 116
"shit": 63
"damn": 109*There was some non-Valve stuff in the leak; I didn't count it
— @tj (@tjhorner) April 22, 2020
Well damn if that doesn’t capture my interest.
Now this is the kind of story that makes Twitter worthwhile!Is the RCE Exploit Even Real?
Update 2: I’ve heard a lot of reports that the alleged RCE exploit is fake. I haven’t taken the time to look at Team Fortress 2 or CS:GO in any meaningful way, but the CS:GO team did have this to say about the leaks:We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds.— CS2 (@CounterStrike) April 22, 2020
Fake news and old news are strange (yet strangely common) bedfellows.
https://soatok.blog/2020/04/22/source-code-leak-is-effectively-meaningless-to-endpoint-security/
#commonSense #informationSecurity #infosec #misinformation #reverseEngineering #security #securityThroughObscurity #sourceCode
TROM II: How Mindblowing it is - https://videos.trom.tf/w/nXfbyGrxEVdiuYt2ERWwo9
We are the Universe pondering about its own existence. How sad is it that we've created a society that denies people of this privilege...
#universe #trom #trom2 #tromsite #society #evolution
TROM II: How Mindblowing it is
Watch the entire documentary here - https://www.tromsite.com/documentaries/trom2/videos.trom.tf
Our future ...
#meme #titanic #future #crisis
♲ anonymiss - 2024-10-05 03:03:28 GMT
Symbolic image for the current state of our #civilization.
#meme #future #humanity #crisis #politics #society #capitalism #war #terror #finance #economy #climate #environment #nature #earth #biodiversity #memes #titanic
Symbolic image for the current state of our #civilization.
#meme #future #humanity #crisis #politics #society #capitalism #war #terror #finance #economy #climate #environment #nature #earth #biodiversity #memes #titanic
TROM II: What Gives me Hope - https://videos.trom.tf/w/3gLxDeEf9V6dvaDJYLysRC
#hope #society #humanity #humans #behavior
TROM II: What Gives me Hope
Watch the entire documentary here - https://www.tromsite.com/documentaries/trom2/videos.trom.tf
TROM II: Humans are like water - https://videos.trom.tf/w/btwnwUznSeq6Xoxpo67tsF
#humanbehavior #humans #behavior #bfskinner #society #culture
TROM II: Humans are like water
Watch the entire documentary here - https://www.tromsite.com/documentaries/trom2/videos.trom.tf
TROM II: Everyone should have access to their basic needs - https://videos.trom.tf/w/ok9qzEdRvBwNZPG8udiChM
#basicneeds #needs #poverty #trom #trade #trade-free #capitalism #society #ubi #basicincome
TROM II: Everyone should have access to their basic needs
Watch the entire documentary here - https://www.tromsite.com/documentaries/trom2/videos.trom.tf
TROM II: Money is a limitation tool. @Dima 's story - https://videos.trom.tf/w/haZRcDJ7upSijLsVxwkqQr
#money #capitalism #trade #society
TROM II: Money is a limitation tool. Dima's story
Watch the entire documentary here - https://www.tromsite.com/documentaries/trom2/videos.trom.tf
TROM II: The ridiculous way we use gold as a resource - https://videos.trom.tf/w/kEKXjf9TZXdZs2HZ4zwxu2
#gold #society #capitalism #TradeRuinsEverything #trade #money
TROM II: The ridiculous way we use gold as a resource
Watch the entire documentary here - https://www.tromsite.com/documentaries/trom2/videos.trom.tf
Barbarism vs. Civilization
Don't fall for the #propaganda in the fight against terror. In the last #war in #Afghanistan, you could separate terrorists from #freedom fighters by the fact that one group was supported by the #CIA and the other was not.
#terrorism #meme #politics #civilization #barbarism #military #news #society
♲ Digital Resistance News - 2024-02-24 16:09:17 GMT
#war #terror #military #politics #meme #ethics #humanrights #fail
Why isn't this the #headline on page one of every #media company?
Watch:
#Assange #news #war #politics #freedom #journalism #press #democracy #society #ethics #humanRights #government #Wikileaks
#Kruse #Internet #culture #communication #society
TROM II: 1. Humans
What does Romania, Russia, Latvia, Germany, and the United States have in common? A planet, and the human imagination. We imagine borders, nationalities, and differences. In truth we are all very much the same. We grow up in a culture, we watch the same TV, listen to the same music, follow similar traditions. We are "educated" and "trained" by institutions that are rarely questioned by the masses.
So how does a newborn human become someone in this culture of humans? And how does the human-invented world contrast with the vast universe we are part of?
The same people who sell the #panic, sell the pills.
#internet #socialmedia #socialnetwork #society #discussion #communication #economy
ZDay: How to Grow a Saner Society. A Lifetime Adventure --- by Tio
On 26th of August, 2023, we presented TROM at the annual ZDay event in Prague. This was the last ZDay after a decade long of making them every year.
Our presentation was focused on showcasing in a unique way how our society works and how trade is at the core of most of our issues. In the second half we focused on the positive side: how we and others create trade-free good and services and why this can become a tsunami movement if more of us engage into it, in a decentralized way.
We put a lot of effort into creating a simple narrative and interesting slides with animations, to make it all more fun and easy to understand.
This was the first presentation for Tio and we hope more to follow.
TROM II: A Message to The Aliens (trailer)
A one-marble world, floating in a giant soup of stars and planets, clustered in donut-shaped galaxies.
What are these humans living for?
In a 5 hour, 4 parts documentary, we try to explore their world, to understand what makes them human, what makes them enslave their kind, destroy their habitat, and be unaware of their place in this universe. But also what makes them so special.
Through the lives of 5 humans, we look at the culture that creates them, their struggles growing up on this planet, and where they are headed toward.
Watch it here: https://www.tromsite.com/documentaries/trom2/
https://www.goodreads.com/book/show/8201080-the-master-switch#this :)
#Books #Society #Internet #Web #Monopoly #Media
The Master Switch
In this age of an open Internet, it is easy to forget that every American information industry, beginning with the telephone, has eventua...www.goodreads.com
Names and Locations of the Top 100 People Killing the Planet
source: https://decolonialatlas.wordpress.com/2019/04/27/names-and-locations-of-the-top-100-people-killing-the-planet/Just 100 companies are responsible for more than 70% of the world’s #greenhouse gas #emissions since 1988.
#climate #crisis #earth #problem #economy #world #responsibility #politics #nature #environment #pollution #map #society
