Thanks to Samantha Cole at 404 Media, we are now aware that Automattic plans to sell user data from Tumblr and WordPress.com (which is the host for my blog) for “AI” products.

In response to journalists probing this shady decision from Automattic leadership, the company said nothing but published a statement.

This statement, which was presumably filtered through more lawyers than their CEO’s recent Twitter rambling against trans users (or Automattic employees’ statement about his conduct for that matter), betrays a critical misunderstanding of what consent is.

We are also working directly with select AI companies as long as their plans align with what our community cares about: attribution, opt-outs, and control.

Emphasis mine

This is not the tech industry’s most egregious lack of understanding of consent in recent years. That dishonor belongs to LegalFling: A blockchain app for sexual consent.

However, this is still pretty stupid, and the result of an insidious trend that doesn’t get questioned enough in software engineering circles. So I’m asking that my readers shout this from the fucking rooftops.

Opt-Out Is NOT Consent

Opt-out is “our lawyers told us to make this an option to cover our ass, but we don’t want you to actually do it”.

Opt-out is “if you missed the memo, we assume we have your consent”.

The default state of any decision regarding user data should be opted out. Users should instead be required to opt in for your decision to take effect, and they must not be coerced into doing so.

If consent is not explicitly given by an informed user, you haven’t received consent at all, and to pretend otherwise is unethical.

Your users don’t fucking care about opt-out. We care about opt-in.

“But Soatok, That’ll Hurt Our Revenue”

If you have to make money doing unethical things, or by following dubious practices that don’t actually respect other users’ autonomy, then you should go out of business.

https://www.youtube.com/watch?v=AaU6tI2pb3M

End of.

What Automattic Should Do

If Automattic wants to make things right, they must do two things and could do a third thing (but I’m not holding my breath):

First, nuke the existing opt-out mechanism and replace it with an opt-in mechanism. If nobody checks it, then don’t include their data in the sale to Midjourney or OpenAI.

Second, they should make the permission for third-parties more granular. Some of us don’t care about third parties, but do NOT want “AI” companies using their data to enable plagiarism.

Third, if you want to go the extra mile, add support for a plugin that uses Nightshade on all hosted media in all WordPress.com plans, including free plans, to increase your users’ protection against LLM scrapists. See below.

This is my open challenge to Automattic leadership to do better.

This Issue is Bigger than Automattic

The tech industry has gotten very bad at respecting users’ consent lately. Your options are no longer “Yes” and “No” anymore. Instead it’s “Yes” or “Maybe Later”, without a “Never” option.

https://twitter.com/dazabani/status/1313475696958803970

https://twitter.com/dazabani/status/1392459110025625600

https://twitter.com/dazabani/status/1698197949124370765

Even worse, you can rarely uninstall the crapware that nags you with these consent dialogs.

This needs to stop. It’s a toxic mentality and it cultivates a culture that doesn’t respect humanity. (Which is kind of funny to write as a furry blogger.)

If you work in the tech industry, scream very loudly about properly implementing human-respecting consent controls into your software.

Just because it’s widespread doesn’t mean it’s inevitable. Push back against it. Your less privileged, less technical neighbors deserve better.

Addendum on NightShade

Ever since this was first posted, a few people expressed confusion or didn’t grasp the implications of the 3rd suggestion to Automattic above. So I will elaborate.

Nightshade is a technique for poisoning LLM data sets.

The idea is that, for blogs that have not opted into industrial plagiarism enabled by large-scale computing (“AI” for short), the WordPress.com CDN would serve Nightshade-poisoned images, instead of the standard ones provided by the blogger, to all readers.

Then you don’t even have to worry about detecting who’s scraping for AI projects or not. You just serve poison to everyone. If they’re using the images for AI, it ruins their model. If they aren’t, it causes no harm at all.

If OpenAI and Midjourney want non-poisoned images, then instead of scraping, they can abide by boundaries of the bloggers who didn’t opt in and only accept the data that Automattic provides to them without resorting to scraping.

This is a fairly obvious way to protect users from the AI machine.

Nightshade isn’t perfect, but no technology is. The end goal is to make the cost of bypassing Nightshade’s poison higher than respecting the decision of individual authors and artists.

Incentives rule everything around me.

https://soatok.blog/2024/02/27/the-tech-industry-doesnt-understand-consent/

#Automattic #consent #darkPatterns #ethics #MattMullenweg #optIn #optOut #techIndustry #unethicalPractices

Dhole Moments

2024-02-28 03:25:02

Thanks to Samantha Cole at 404 Media, we are now aware that Automattic plans to sell user data from Tumblr and WordPress.com (which is the host for my blog) for “AI” products.

In response to journalists probing this shady decision from Automattic leadership, the company said nothing but published a statement.

This statement, which was presumably filtered through more lawyers than their CEO’s recent Twitter rambling against trans users (or Automattic employees’ statement about his conduct for that matter), betrays a critical misunderstanding of what consent is.

We are also working directly with select AI companies as long as their plans align with what our community cares about: attribution, opt-outs, and control.

Emphasis mine

This is not the tech industry’s most egregious lack of understanding of consent in recent years. That dishonor belongs to LegalFling: A blockchain app for sexual consent.

However, this is still pretty stupid, and the result of an insidious trend that doesn’t get questioned enough in software engineering circles. So I’m asking that my readers shout this from the fucking rooftops.

Opt-Out Is NOT Consent

Opt-out is “our lawyers told us to make this an option to cover our ass, but we don’t want you to actually do it”.

Opt-out is “if you missed the memo, we assume we have your consent”.

The default state of any decision regarding user data should be opted out. Users should instead be required to opt in for your decision to take effect, and they must not be coerced into doing so.

If consent is not explicitly given by an informed user, you haven’t received consent at all, and to pretend otherwise is unethical.

Your users don’t fucking care about opt-out. We care about opt-in.

“But Soatok, That’ll Hurt Our Revenue”

If you have to make money doing unethical things, or by following dubious practices that don’t actually respect other users’ autonomy, then you should go out of business.

https://www.youtube.com/watch?v=AaU6tI2pb3M

End of.

What Automattic Should Do

If Automattic wants to make things right, they must do two things and could do a third thing (but I’m not holding my breath):

First, nuke the existing opt-out mechanism and replace it with an opt-in mechanism. If nobody checks it, then don’t include their data in the sale to Midjourney or OpenAI.

Second, they should make the permission for third-parties more granular. Some of us don’t care about third parties, but do NOT want “AI” companies using their data to enable plagiarism.

Third, if you want to go the extra mile, add support for a plugin that uses Nightshade on all hosted media in all WordPress.com plans, including free plans, to increase your users’ protection against LLM scrapists. See below.

This is my open challenge to Automattic leadership to do better.

This Issue is Bigger than Automattic

The tech industry has gotten very bad at respecting users’ consent lately. Your options are no longer “Yes” and “No” anymore. Instead it’s “Yes” or “Maybe Later”, without a “Never” option.

https://twitter.com/dazabani/status/1313475696958803970

https://twitter.com/dazabani/status/1392459110025625600

https://twitter.com/dazabani/status/1698197949124370765

Even worse, you can rarely uninstall the crapware that nags you with these consent dialogs.

This needs to stop. It’s a toxic mentality and it cultivates a culture that doesn’t respect humanity. (Which is kind of funny to write as a furry blogger.)

If you work in the tech industry, scream very loudly about properly implementing human-respecting consent controls into your software.

Just because it’s widespread doesn’t mean it’s inevitable. Push back against it. Your less privileged, less technical neighbors deserve better.

Addendum on NightShade

Ever since this was first posted, a few people expressed confusion or didn’t grasp the implications of the 3rd suggestion to Automattic above. So I will elaborate.

Nightshade is a technique for poisoning LLM data sets.

The idea is that, for blogs that have not opted into industrial plagiarism enabled by large-scale computing (“AI” for short), the WordPress.com CDN would serve Nightshade-poisoned images, instead of the standard ones provided by the blogger, to all readers.

Then you don’t even have to worry about detecting who’s scraping for AI projects or not. You just serve poison to everyone. If they’re using the images for AI, it ruins their model. If they aren’t, it causes no harm at all.

If OpenAI and Midjourney want non-poisoned images, then instead of scraping, they can abide by boundaries of the bloggers who didn’t opt in and only accept the data that Automattic provides to them without resorting to scraping.

This is a fairly obvious way to protect users from the AI machine.

Nightshade isn’t perfect, but no technology is. The end goal is to make the cost of bypassing Nightshade’s poison higher than respecting the decision of individual authors and artists.

Incentives rule everything around me.

https://soatok.blog/2024/02/27/the-tech-industry-doesnt-understand-consent/

#Automattic #consent #darkPatterns #ethics #MattMullenweg #optIn #optOut #techIndustry #unethicalPractices

I quit my job towards the end of last month.

When I started this blog, I told myself, “Don’t talk about work.” Since my employment is in the rear view mirror, I’m going to bend that rule for once. And most likely, only this one time.

Why? Since I wrote a whole series about how to get into tech for as close to $0 as possible without prior experience, I feel that omitting my feelings would be, on some level, dishonest.

Refusing Forced Relocation

I had been hired in 2019 for the cryptography team at a large tech company. I was hired as a 100% remote employee, with the understanding that I would work from my home in Florida.

Then a pandemic started to happen (which continues to be a mass-disabling event despite what many politicians proclaim).

The COVID-19 pandemic forced a lot of people who preferred to work in an office setting to sink-or-swim in a remote work environment.

In early 2020, you could be forgiven for imagining that this new arrangement was a temporary safety measure that we would adopt for a time, and then one day return to normal. By mid 2022, only people that cannot let go of their habits and traditions continued to believe that we’d ever return to the “normal” they knew in 2019.

As someone who had been working remote since 2014, as soon as the shift happened, many of my peers reached out to me for advice on how to be productive at home. This was an uncomfortable experience for many of them, and as someone who was comfortable in a fully virtual environment, I was happy to help.

By early 2021, I was considered to not only be a top performer, but also a critical expert for the cryptography organization. My time ended up split across three different teams, and I was still knocking my projects out of the park. But more importantly, junior employees felt comfortable approaching me with questions and our most distinguished engineers sought my insight on security and cryptography topics.

It became an inside joke of the cryptography organization, not to let me ever look at someone else’s source code on a Friday, because I would inevitably find at least one security issue, which would inevitably ruin someone’s weekend. I suppose the reasoning was that, if the source code in question belonged to a foundational software package, it carried the risk of paging the entire company as we tried to figure out how to mitigate the issue and upstream the fix.

(I never once got earnestly reprimanded for finding security bugs, of course.)

I can’t really go into detail about the sort of work I did. I don’t really want to name names, either. But I will say that I woke up every day excited and motivated. The problems were interesting, the people were wonderful, and there was an atmosphere of respect and collaboration.

Despite the sudden change in working environment for most of the cryptography organization in response to COVID-19, we were doing great work and cultivating the same healthy and productive work environment that everyone fondly remembered pre-pandemic.

Art: CMYKat

And then the company’s CEO decided to make an unceremonious, unilateral, top-down decision (based entirely on vibes from talking to other CEOs, rather than anything resembling facts, data, or logic):

Everyone must return to the office, and virtual employees must relocate. Exceptions would be few, far between, and required a C-level to sign off on it. Good luck getting an exception before your relocation decision deadline.

Hey, tech workers, stop me if you’ve heard this one before.

To the credit of my former managers, they sprung this dilemma on me literally the day before I went to a hacker conference–a venue full of hiring managers and technical founders.

On Ultimatums

If I had to give only one bit of advice to anyone ever faced with an ultimatum from someone with power over them (be it an employer or abusive romantic partner), it would be:

Ultimately, never choose the one giving you an ultimatum.

Art: AJ_LovesDinos

If your employer tells you, “Move to an expensive city or resign,” your best move will be, in the end, to quit. Notice that I said, in the end.

It’s perfectly okay to pretend to comply to buy time while you line up a new gig somewhere else.

That’s what I did. Just don’t start selling your family home or looking at real estate listings, and definitely don’t accept any relocation assistance (since you’ll have to return it when you split).

Conversely, if you let these assholes exert their power over you, you dehumanize yourself in submission.

(Yes, you did just read those words on a blog written by a furry.)

If you take nothing else away from this post, always keep this in mind.

Art: MarleyTanuki

From Whence Was This Idiocy Inspired?

Nothing happens in a vacuum.

When more tech workers opted to earn their tech company salaries while living in cheaper cost-of-living houses, less tech worker money circulated to big city businesses.

This outflow of money does hurt the local economies of said cities, including the ones that big tech companies are headquartered in. In some cases, this pain has jeopardized a lot of the tax incentives that said companies enjoy.

That’s why we keep hearing about politicians praising the draconian way that the return-to-office policies are being enforced.

At the end of the day, incentives rule everything around us.

Companies have to kowtow to the government in order to reduce their tax bill (and continue pocketing record profits–which drive inflation–while their workers’ wages stagnate).

This outcome was incredibly obvious to everyone that was paying attention; it was just a matter of when, not if.

Signs of Things to Come

Do you know who was really paying attention? The top talent at most tech companies.

After I turned in my resignation, I received a much larger outpour of support from other very senior tech workers than I ever imagined.

Many of them admitted that they were actively looking for new roles; some of them for the first time in over a decade.

Many of them already have new gigs lined up, and were preparing to resign too. Some of those already have.

Others are preparing to refuse to comply with either demand, countering the companies’ ultimatums with one of their own: Shut up or fire me.

What I took from these messages is this: What tech companies are doing is complete bullshit, and everyone knows it, and nobody is happy about it.

With all this in mind, I’d like to issue a prediction for how this return-to-office with forced relocation will play out, should companies’ leaders double down on their draconian nature.

My Prediction

Every company that issued forced relocation ultimatums to their pre-pandemic remote workers will not only lose most (if not all) their top talent in the next year, but they will struggle to hire for at least the coming decade.

The bridge has been burnt, and the well has been poisoned.

Trust arrives on foot, but leaves on horseback.

Dutch proverb

The companies that issued these ultimatums are not stupid. They had to know that some percentage of their core staff would leave over their forced relocation mandates. Many described it as a “soft layoff” tactic.

But I don’t think they appreciate the breadth or depth of the burn they’ve inflicted. Even if they can keep their ships from sinking, the wound will fester and their culture will not easily recover. This will lead to even more brain drain.

Who could blame anyone for leaving when that happens?

Unfortunately, there is a class of people that work in tech that will bear the brunt of the ensuing corporate abuse: H-1B visa employees, whose immigration status is predicated on their ongoing employment. Their ability to hop from abusive companies onto lifeboats is, on the best of days, limited.

And that? Well, that’s going to get ugly.

There’s still time for these companies to slam the brakes on their unmitigated disaster of failed leadership before it collapses the whole enterprise.

If I were a betting dhole, I wouldn’t bet money on most of them doing that.

Their incentives aren’t aligned that way yet, and when they finally are, it will be far too late.

Toward New Opportunities

As for me, I’m enjoying some well-earned downtime before I start my new remote job.

I wasn’t foolish enough to uproot my life and everyone I love at some distant corporate asshole’s whims, but I also wasn’t impulsive enough to jump ship without a plan.

That’s as much as I feel comfortable saying about myself on here.

If you’re facing a similar dilemma, just know that you’re not alone. Savvy companies will be taking advantage of your current employer’s weakness to pan for gold, so to speak.

You are not trapped. Your life is your own to live. Choose wisely.

Addendum

After I posted this, it made the front page of Hacker News and was subsequently posted in quite a few places. After reading some of the comments, I realize a few subtleties in my word choice didn’t come across, so I’d like to clarify them.

When I say “RTO is bullshit”, I don’t mean “office work is bullshit” or anything negative about people that prefer in-person office work. I mean “the forced relocation implementation of transitioning a whole company to never-remote (a.k.a. RTO) is bullshit”.

If working in an office is better for you, rock on. I don’t have any issue with that. The bullshit is the actions taken by company’s leadership teams in absence of (or often in spite of) hard data on remote work versus in-person work. The bullshit is changing remote worker’s employment agreements without their consent and threatening “voluntary resignation” as the only alternative (even though that’s pretty obviously constructive dismissal).

When I discussed ultimatums above, I’m specifically referring to actual ultimatums, not colloquial understandings of the word. If you can talk with the person and negotiate with them, it’s not a goddamn ultimatum. What I was faced with was an actual ultimatum: Comply or suffer. I chose freedom.

Hope that helps.

CMYKat made this, I edited the text

Regarding some of the other comments, I come from the “I work to live” mindset, not the “I live to work” mindset. My opinions won’t resonate with everyone. That’s okay!

Update: I wrote a follow-up to this post to address a lot of bad comments I saw on HN and Reddit.

https://soatok.blog/2023/10/02/return-to-office-is-bullshit-and-everyone-knows-it/

#business #businessEthics #forcedRelocation #returnToOffice #Society #techIndustry #Technology #ultimatums #work

Dhole Moments

2020-06-08 08:11:00

I probably don’t need to remind anyone reading this while it’s fresh about the current state of affairs in the world, but for the future readers looking back on this time, let me set the stage a bit.

The Situation Today

(By “Today”, I mean early May 2020, when I started writing this series.)

In the past two months, over 26 million Americans have filed for unemployment, and an additional 14 million have been unable to file.

Federal Reserve chairman, Jerome Powell, says we’re in the worst economy ever.

In a desperate bid of economic necromancy, many government officials want to put millions more Americans at risk of COVID-19 before we can develop a vaccine and effective treatment. And we still don’t even know the long-term effects of the virus.

I’m not interested in discussing the politics of this pandemic or who to blame; I’ll leave that to everyone else with an opinion. Instead, I want to acknowledge two facts that most people probably already know:

1. This was mostly avoidable with competent leadership and responsible preparation
2. Most of us have rough times ahead of us

I can’t do anything about the first point (although most people are focused on it), but I want to try to alleviate the second point.

What This Series is About

Whether you lost your job and need an income to survive, or you’re one of the essential workers wanting to avoid being sacrificed by politicians for the sake of economic necromancy, I wrote this guide to help you transition into a technology career with little-to-no tech experience.

This is not a magic bullet! It will require time, focus, and effort.

But if you follow the advice on the subsequent posts in this series, you will at least have another option available to you. The value of choice, especially when you otherwise have none, is difficult to overstate.

I am not selling anything, nor are there ads on these pages.

This entire series is released under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Why Work in Tech?

Technology careers aren’t everyone’s cup of tea, and they might be far from your first choice, but there are a couple of advantages that you should be aware of especially during this pandemic and lockdown:

1. Most technology careers can be performed remotely.
2. Most technology careers pay well.

The first point is especially important for folks living in rural areas hit hard by a lack of local employment opportunities.

A lot of the information and suggestions contained in this series may be applicable to other domains. However, my entire career has been in tech, so I cannot in good conscience speak to the requirements to gain employment in those industries.

Why Should We Trust You?

You shouldn’t. I encourage you to take everything I say with a grain of salt and fact-check any claims I make. Seriously.

My Background

I’m currently employed as a security engineer for a cryptography team of a larger company, although I don’t even have a Bachelor’s degree. I’ve worked with teams of all sizes on countless technology stacks.

I have been programming, in one form or another, since I was in middle school (about 18 years ago), although I didn’t start my professional career until 2011. I’ve been on both sides of bug bounty programs, including as my fursona. A nontrivial percentage of the websites on the Internet run security code I wrote under my professional name.

Art by Khia

My Motivation

Over the past few years, I’ve helped a handful of friends (some of them furries) transition into technology careers. I am writing this series, and distributing it for free because I want to scale up the effort I used to put into mentoring.

I’m writing this series under my furry persona, and drenching the articles with queer and furry art, to make it less palatable to bigots.

Art by Kerijiano

Series Contents

1. Building Your Support Network and/or Team
2. Mapping the Technology Landscape
3. Learning the Fundamental Skills
4. Choosing Your Path
5. Starting and Growing an Open Source Project
6. Building Your C.V.
7. Getting Your First Tech Job
8. Starting a Technology Company
9. Career Growth and Paying It Forward

The first three entries are the most important.

The header art for this entire series was created by ScruffKerfluff.

https://soatok.blog/2020/06/08/furward-momentum-introduction/

#Technology