The only way to *truly* billionaire-proof the internet is to a) abolish billionaires and b) abolish the system that allows people to become billionaires. Short of that, any levees we build will need constant tending, reinforcement, and re-evaluation.
--
If you'd like an essay-formatted version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2025/01/23/defense-in-depth/#self-marginalization
1/
That's normal. No security measure (including billionaire-proofing the internet) is a "set and forget" affair. Any time you want something and someone else wants the opposite, you are stuck in an endless game of attack and defense. The measures that block your adversary today will only work until your adversary changes tactics to circumvent your defenses.
2/
For example, mining all the links on the internet to find non-spam sites worked brilliantly for Google, because until Pagerank, there were zero reasons for spammers to get links to point to their sites. Once Google became the dominant way of finding things on the internet, spammers invented the linkfarm. This principle can be summed up as "Show me a ten-foot wall and I'll show you an eleven-foot ladder."
3/
Security designers address this with something called "defense in depth": that's a series of overlapping defenses that are meant to correct for one another's weaknesses. Your bank might use a password, a 2FA code, and - for extremely high-stakes transactions - a series of biographical questions posed by a human customer service over a telephone line.
4/
I've written extensively about defending a new, good internet from billionaire enshittifiers. For example, in this post, I described how Bluesky could be made enshittification-resistant with the use of "Ulysses Pacts" - self-imposed, binding restrictions on enshittification:
https://pluralistic.net/2024/11/02/ulysses-pact/#tie-yourself-to-a-federated-mast
5/
A classic example of a Ulysses Pact is "throwing away the Oreos when you go on a diet." Now, it doesn't take a lot of work to devise a countermeasure your future, Oreo-craving self can take to defeat this measure: just drive to the grocery store and buy more Oreos. This even works at 2AM, provided you live within driving distance of an all-night grocer.
6/
That doesn't mean you shouldn't throw away those Oreos. Depending on how strong your Oreo craving is, even a little friction can help you resist the temptation to ruin your diet. We often do bad things because of momentary impulses that fade quickly, and simply airgapping the connection between thought and deed works surprisingly well in many instances.
7/
This is why places with fewer guns have fewer suicides of all kinds: there are plenty of ways to kill yourself, but none are quite so quick and reliable as a gun. People in the grips of a suicidal impulse who don't have guns have more chances to let the impulse pass (this is also why gun control leads to fewer all-cause homicides). So just because a measure is imperfect, that doesn't make it worthless.
8/
If you're trying to give up drinking, you throw away all your booze, but you also go to meetings, and you get a sponsor who can help you out with a 2AM phone call. You might even put a breathalyzer on your car's ignition system. None of these are impossible to defeat (you can get an Uber to the liquor store, after all), but they all create friction between the thing you want, and the thing your adversary (your addiction) is trying to get.
9/
They strengthen the hand of you as defender of the sober status quo, against the attacker who wants you to relapse.
Critically, all these defensive measures buy you time that you can use to organize and deploy more defenses. Maybe the long Uber ride to the liquor store gives you enough time to think about your actions so you call your sponsor from the parking lot. Defense is useful even when it only slows your adversary, rather than stopping your adversary in their tracks.
10/
Scaling up from personal defense to societal-scale security considerations, it's useful to think of this as a battle with four fronts: code (what is technically im/possible?), law (what is il/legal?), norms (what is socially un/acceptable?) and markets (what is un/profitable?). This framework was first raised a quarter-century ago, in Larry Lessig's *Code and Other Laws of Cyberspace*:
https://commons.wikimedia.org/wiki/File:Code_And_Other_Laws_of_Cyberspace_Version_2_0.pdf
11/
Lessig laid out these four forces as four angles of attack that challengers to the status quo should plan their strategy around. If you want to liberalize copyright, you can try norms (the "Free Mickey" campaign), laws (the *Eldred v. Ashcroft* Supreme Court case), code (machine-readable Creative Commons licenses) and markets (open access/free software businesses).
12/
Each one of these helps the other - for example, if lots of people believe in copyright reform (norms), more of them will back a Humble Bundle for open access materials (markets), and more lawmakers will be interested in changing copyright statutes (law), and more hackers will see reason to do cool things with CC licenses, like search engines (code).
13/
But the four forces aren't just for attackers seeking to disrupt the status quo - they're just as important for defenders looking to create and sustain a new status quo. Figuring out how to "lock a system open" is very different from figuring out how to "force a system open." But they're both campaigns waged with code, law, norms and markets.
We're living through a key moment in enshittification history.
14/
Millions of people have become dissatisfied with legacy social media companies run by despicable, fascism-friendly billionaires like Elon Musk and Mark Zuckerberg and are ready to leave, despite the costs (losing contact with friends who stay behind).
15/
While many of them are moving to group chats and private Discord servers,tens of millions have moved to new social media platforms that advertise (though they don't necessarily deliver) decentralization: Mastodon (and the fediverse) and Bluesky (and the atmosphere).
Decentralization is itself a defensive countermeasure (code). When a service has diffuse power, it's harder for any one person to take it over.
16/
Federation adds another defensive layer, because users who don't like the way one server is run can move to another server, with varying degrees of data- and identity-portability. That makes it harder for server owners to squeeze users to make money (markets), and gives them an out if server owners try it anyway.
17/
Federation with decentralization is my favorite anti-enshittification defense. It's powerful as hell. It's the main reason I endorse Free Our Feeds, an effort to (among other things) build more Bluesky servers to decrease the centralization and give users dissatisfied with Bluesky management an alternative:
https://pluralistic.net/2025/01/20/capitalist-unrealism/#praxis
That said, decentralization and federation are not perfect, set-and-forget defenses.
18/
Take email - the oldest, most successful federated system of them all. Email is nominally decentralized, but most email traffic goes through a handful of extremely large servers run by a cartel of companies (Google, Apple, Microsoft, and a few ISPs). These companies collude (or, more charitably, coordinate) to block email from non-cartel companies, in the name of fighting spam.
19/
This makes running your own mail server so hard that it is nearly impossible (that is, if you care about people actually receiving the email you send them):
https://pluralistic.net/2021/10/10/dead-letters/
What's interesting about enshittified email is that it didn't start with corporate takeover: it started with volunteer-maintained blocklists of untrustworthy servers that most email operators subscribed to, defederating from any server that appeared on the list.
20/
These blocklists of bad servers were opaque (often, their maintainers would operate anonymously, citing the threat of retaliation from criminal scammers whose servers appeared on the list). They had little or no appeal process, and few or no objective criteria for inclusion (you could be blocklisted for how your email server was configured, even if no one was using it to send spam).
21/
@pluralistic "normals (what is socially un/acceptable?)"
I think you meant "norms" not "normals" here.
This article lays out a great case for decentralization and explains the nuances behind creating systems that are resistant to enshitification.
The problem however with #Bluesky and #FreeOurFeeds is that it all sounds good, but success rests on developing new technology that is unproven 'vaporware' and dependent upon cooperation with a potentially adversarial entity that holds all the cards.
See this critique: https://mastodon.online/@mastodonmigration/113873141877248672
more...
Returning to the #FreeOurFeeds (FOF) initiative discussion (for background see links below)... @[email protected] has a new piece (https://pluralistic.net/2025/01/20/capitalist-unrealism/) that extends his "fire exit" analogy and discusses how it is not corporate ownership, VCs or profit motive alone that causes enshitification. It also requires captive users, and FOF will make it so Bluesky users are not captive. It all sounds good, but it's not realistic because the assumptions behind it are based on vaporware marketing. more...
References
Supporting FOF:
https://freeourfeeds.com/
https://www.technologyreview.com/2025/01/17/1110063/we-need-to-protect-the-protocol-that-runs-bluesky/ (@elipariser)
https://pluralistic.net/2025/01/14/contesting-popularity/#everybody-samba (@pluralistic)
https://pluralistic.net/2025/01/20/capitalist-unrealism/ (@pluralistic)
Critique of FOF:
https://mastodon.online/@mastodonmigration/113829076223876008
https://notes.ghed.in/posts/2025/bluesky-free-our-feeds-mastodon/ (@cebedo)
https://malici.ous.computer/@shellsharks/statuses/01JHN5A9844W3SMPE2A39K0V4J (@shellsharks)
Background:
https://dustycloud.org/blog/how-decentralized-is-bluesky/ (@cwebber)
https://dustycloud.org/blog/re-re-bluesky-decentralization/ (@cwebber)
The tax structure prevented this problem 60 years ago.
@pluralistic It is not enough to simply abolish them as described in (a) and (b), but abolish the businesses that accumulate massive influence (often with help of massive wealth). Internet is at risk of hijacking into warped version (see Google doing that...ditto Apple and Microsoft, likely a few others to lesser degrees). Need to rethink the whole thing again.
Edit: Word "not" was missing. Fixed.
@pluralistic small correction:
> Bluesky is a B-corp
B-corp is a certification, not a form of incorporation. Bluesky doesn’t have that certification. What they are is a Public Benefit Corporation, aka a PBC.
@pluralistic and speaking of enshittification-resistant company structures, I highly recommend reading about Steward Ownership:
ekana
Cory Doctorow
Merc
Mastodon Migration
arensb
SpaceLifeForm
This account has moved
Erlend Sogge Heggen