Month: April 2025

color me perplexed

In the early through mid 2000s, my nerdier friends and I had a reputation for being able to remove malware (back then, we didn’t really call it “malware”) from computers. Save for a few bricked machines due to our novice and woefully incomplete grasp of the command regedit, we would clean the malware off of your computer for $20. If we couldn’t do it, there was no charge.

Back then, it was still common to have desktop computers set up in a computer desk in a “computer room,” or “home office,” illuminated by an overhead boob light and the ethereal glow of the then-ubiquitous CRT monitor.

Revisiting the spyware era

The most difficult software to remove on computers in the 2000s was a flavor of malware called spyware (or “adware”, which is the same thing). The word “spyware” is not often used today because so much software can be classified as spyware in one form or another that the word has almost no meaning. The word was invented by Zone Labs (now Check Point) after a parent noticed an alert from their Zone Labs personal firewall about data being sent back to the Mattel toy company via the children’s edutainment program Reader Rabbit.

The majority of spyware, though, was delivered through a browser. Browser security controls, especially in Internet Explorer, were weak, and the web was still a Wild West of cobbled-together HTML, fan pages, and Flash Player content. If you remember web toolbars, you’ve come to the right era.

Spyware was particularly difficult to remove because the creators of spyware had resources and the financial motivations to continue developing spyware products that were compelling, purported to offer (or did offer) a legitimate service, and would only work effectively if they maintained a deep persistence in the target operating system.

Of the most notorious spyware operators masquerading as a legitimate business was the Claria corporation, which essentially invented behavioral marketing. Claria made a pack-in software called Gator eWallet, included as an optional-but-easy-to-miss install with other software of the time (think Kazaa, which is not something I thought I would be writing about in 2025) that was free, of an otherwise questionable nature, or both. Gator eWallet was an autofill program that captured and used personal data to sell advertisements with very limited user understanding as to how the program actually accomplished this (by displaying copious amounts of targeted and non-targeted advertising in the form of pop-up ads). If you want a more extensive history of the Gator eWallet program and how it worked, I found one written by Ernie Smith for Tedium in 2021. Ernie appears to be quite active on BlueSky (I don’t have a BlueSky).

Of note in Smith’s writeup is that an article decrying Claria/Gator for their practices is still available online through PCMatic, even in 2025.

Gator, like most Windows applications, had an uninstall capability baked into the Control Panel, but in practice the uninstall function did not work, or it only worked until the browser was re-launched and would be reinstalled, or would be installed again through some other vector. In any event, artifacts of Gator persisted deeply in Windows XP, and they remained in operation until overwhelming negative consumer sentiment killed the company despite a couple of failed rebrands.

But it’s OK now…right?

Unfortunately, the negative consumer sentiment that killed Claria and made spyware an untenable business model did not persist. Whether by intent or not, and I suspect the former, tech companies have continued their slow and insidious war against individual privacy for nearly 30 years, and they’re winning.

Gator was the first software I thought of when I read an article from TechCrunch about the upcoming Perplexity browser, called Comet: “Perplexity CEO says its browser will track everything users do online to sell ‘hyper personalized’ ads.” To quote Julie Bort from TechCrunch:

“CEO Aravind Srinivas said this week on the TBPN podcast that one reason Perplexity is building its own browser is to collect data on everything users do outside of its own app. This so it can sell premium ads.”

And:

“Srinivas believes that Perplexity’s browser users will be fine with such tracking because the ads should be more relevant to them.”

In case it wasn’t already clear what I was getting at here: you, the user, should not be fine with this. Nor should you be fine with half-baked features like Recall, a Microsoft service that will “help you” remember your computer activities but will almost assuredly be used at some point to sell advertisements at some point.

The takes I read on this thing from the webosphere are astounding. The prevailing theory is one of ambivalence. There is also a sense of fatalist defeatism, all the way to one commenter saying “well, Elon has all of the data anyway,” and other insidious variants of the old “I have nothing to hide” argument.

Y’all, this is not OK.

One of the most compelling papers I have read about the subject of privacy is not from the cybersecurity space directly, but from law. The 2007 paper is by Daniel Solove, a then-student and now-professor at The George Washington University School of Law, and is called “‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.” Solove decomposes the argument in plain language, and I highly recommend reading the paper in its entirety. Solove approaches the subject from the context of government surveillance – 2007 was the apex of discourse around the NSA PRISM program – but the current state of advertising tech applies wholesale, and I don’t figure Solove predicted (or could have predicted) the speed and scale of the erosion of digital privacy through 2025.

One of Solove’s more curious conclusions is that privacy is actually poorly defined:

“Ultimately, any attempt to locate a common core to the manifold things we file under the rubric of “privacy” faces a difficult dilemma.”

And lands here:

“The term privacy is best used as a shorthand umbrella term for a related web of things.”

And finally:

“In many instances, privacy is threatened not by singular egregious acts, but by a slow series of relatively minor acts which gradually begin to add up.”

One of the cruxes of Solove’s argument is you need not be acutely injured to be a victim of the erosion of privacy. The rise and fall of spyware as a “legitimate” service shows that people did in fact perceive injury at both their erosion of privacy, a poor understanding of how their privacy was being invaded, and the constant interruption by pop-up ads. We have since come to accept the structural decline of privacy in exchange for being, ourselves, products to advertisers. Death by a thousand platforms.

How did this happen? We focused too narrowly on the quality of service we get for “free” in exchange for giving up privacy, and fell into the same trap of systematic and systemic myopia that fuels the “I’ve got nothing to hide” argument and (by extension) facilitates the continued enshittification of the web.

On top of all this is a practical consideration: in exchange for serving you “hyper-personalized ads,” what benefit does the Comet browser actually offer you?

For a social media platform, the tradeoff is pretty obvious. For Comet, the benefits aren’t really all that clear. It markets itself extensively as an AI-powered browser. I don’t really know anyone who is interested in an AI-powered browser, and don’t really understand why companies feel a need to bake AI into anything and everything from the bottom up. But I know what I do not want, and that is “hyper personalized ads.” If I want to use AI today, I can just go to ChatGPT, and ChatGPT does not serve ads (today).

Tech money strikes again

So here is where we get to the thing in the podcast with Perplexity’s CEO, Aravind Srinivas, that spawned the TechCrunch article. Buckle up:

“People like using AI, they think it’s giving them something Google doesn’t offer.”

Yes, the “something” is “information quickly without ads.”

“We want to get data even outside the app to better understand you, because some of the prompts that people do in these AIs is purely work related. It’s not, like, that personal. On the other hand, like, what are things you’re buying? Which hotels are you going…which restaurants are you going to? What are you spending time browsing – tells us so much more about you that we plan to use all the context to build a better user profile…and show some ads there.”

Look. I’m no CEO. I’m not trying to pick on this guy. He’s successful and has a business. I do not. I’m just some fucko on the internet. I get it.

But essentially what he is saying is this: “it’s a problem that people are able to use AI without ads, and we need to solve that problem by showing them ads, and the only way we will get them to pay attention to the ads is by spying on them extensively.”

That is the most big tech-ass big tech shit I have ever heard. I am sure someone in the boardroom at VC capital whatever came up with this, and everyone just thought it was a great idea and just decided to go with it. It has really nothing to do with providing a good user experience and everything to do with making money.

In conclusion

The point I am trying to make is just to consider that we have seen and continue to see an erosion of privacy beyond a fatalist and narrow scope like “well, they have my data anyway,” or “well, I have nothing to hide.” OK, so stop giving it to them, and “having nothing to hide” is 1) not true and 2) not exactly the point.

I don’t really know how else I can illustrate the extent to which advertising tech creates opportunities for advertisers by using you as the product. I’m not going to suggest that every one of these tradeoffs is not worth it – sometimes it is. If you are getting real value out of a free social service, that’s fine, all I ask is that you zoom out a little bit to understand the context, value, and nautre of the data you are generating for them.

welp

own your web presence

Update 4/28: LinkedIn has reinstated my account.

As an effect of being laid off, I decided to open a new LinkedIn account. I dislike LinkedIn (and all social media) generally, but beggars can’t be choosers when unemployed. The last time I had a LinkedIn account was a little over 18 months ago. I closed it because I just didn’t find it that useful, and most of the messaging I received was sales-related or recruiters who would send things like this:

“Are you interested in a role in Richmond?”
“I live in the DC area, it’s about 100 miles away from Richmond, so no.”
“Oh, I’m sorry. The location filter tool in LinkedIn kind of sucks.”

So anyway I need to find a job so I decided to open a new account using the same email address. Less than a week after I opened it, I was browsing positions while sitting at Dave’s Hot Chicken (which was just okay) and I was kicked out of the mobile app. I went to sign in again, and LinkedIn prompted me to “verify my identity,” which I had already done through CLEAR, so I was puzzled as to why I was being asked to do this a second time through a different verifier.

Cue a bizarre and kafkaesque process where I sent LinkedIn a picture of my driver’s license, and then had to do a live verification – essentially, a video selfie. After completing these steps, LinkedIn informed me that my account was suspended, and that they should have my “request” (what they mean is the request that got created as part of me sending them a picture of my ID, but if you want to make someone really paranoid this is certainly the exact verbiage to use) to have my account put “back on LinkedIn” in two days. Well, it has now been more than two days.

When I go to the site, it seems to be indicating that my account is suspended because they are not able to verify my identity. When I click “Verify your identity,” I am told that a request is already created to verify my identity. I am not able to contact any kind of support, because in order to contact support, you need to be logged into LinkedIn, which I cannot do because they apparently can’t verify my identity even though I provided it through two different verifying companies. So that’s cool. Maybe I’m in a database somewhere as deceased and I don’t know it. (Spoiler alert: I’m not dead.)

I’m just trying to get a job, man.

I really have no idea if or when they are going to restore my account, or what the problem is. I could simply create another one with a different email address, but I don’t want to give them a reason to ban me from the platform, so I won’t.

At any rate, it’s almost irrelevant, because if anyone wanted to know who I was, they can go to this website, which I have operated for several years. “Yes but how do we know who you are?” Well, I had to buy this domain name, hosting package, and TLS certificate with a credit card in my name. Obviously, anything can be faked, but in aggregate that should be more than what most social sites give you at a glance.

When I was an undergrad at the University of Mary Washington, which was a very long time ago, some very smart and forward-thinking people decided that the future of the web was in owning web presence. They called, and still call, this “Domain of One’s Own.” They were ahead of their time with Domain of One’s Own. At the time, social media services like Twitter (X) were nascent. LinkedIn and Instagram did not exist. Now, each social media service is offering more or less the same experience, there is no realistic avenue for support or help, and because they are so prolific it’s really no wonder that we have instances of “LinkedIn hell.” This is, of course, a separate and more nuanced conversation than the rampant and punishing toxicity plaguing all of these services by generally bringing out the absolute worst in humanity.

This episode with LinkedIn is not unique to the internet, or to LinkedIn. It truly baffles me that so many job applications request a link to a LinkedIn profile, and sometimes the link is a required field. There are any number of valid reasons (besides the low quality content) people don’t have a LinkedIn account, and requiring someone to have a social media presence when they value their privacy is 1) bad 2) creating complicit partners in the gradual enshittification of the internet.

I run this website through Namecheap and they more or less take care of all of the backend hosting for me. It isn’t turnkey like WPengine or SquareSpace, but it’s not a heavy lift to set up your own website, nor is it particularly expensive. I have seen enough of social media to know what happens to it in the long run: even LinkedIn succumbed to the short-form video trend.

So if you don’t have a domain of your own, you should try it, because you have a story that deserves to be told outside of the confines of any one social media platform that purports to offer a “free” product.

If you want to produce your own content free of arbitrary governing policies, have control over your own destiny, not have to send a picture of your ID to an organization that doesn’t make it clear what they are going to do with it, and don’t want to look at ads, you should take the time and very marginal amount of work to make that happen.

We do actually have the ability to say “no” to these social media companies and make the web more authentic and democratic. If you are looking to start, I recommend checking out the very fine folks over at Reclaim Hosting (as in, literally, “reclaim your digital identity”) or Namecheap if you have a bit more experience.

Cybersecurity welp

i got laid off on paradise point

Post author By joemac
Post date April 12, 2025
No Comments on i got laid off on paradise point

It was always going to be a long day. We were awoken on the 18th deck of the Norwegian Escape by engine noise, particularly unusual as our room was forward on the ship. In an impressive maneuver, the Escape’s captain had backed her up on the pier at St. Thomas, USVI, in front of the Enchanted Princess. We had tickets for the gondola up to Paradise Point, a scenic overlook, the base of which is about a half mile walk from the pier.

If you take this excursion, prepare for a long wait. The line to get into the gondola was over half an hour, but as a US territory our regular Verizon service kept the kids entertained (yes, we gave them THE PHONES) without any extra fees. The ride is standing room only and does indeed provide a magnificent view of the richly verdant St Thomas and the surrounding azure seas of the Caribbean and Atlantic.

Paradise Point is something of an elaborate tourist trap that aggressively markets such overpriced libations as the “Bailey’s Bushwacker [sic],” which you should skip in favor of a frosty(TM) at the recently renovated Wendy’s at the bottom of the overlook. The bushwacker is advertised as a “chocolate piña colada” which really should be an indication that you should not get it, in spite of – or maybe because of – its total lack of piña and/or colada. Numerous tchotchkes and mediocre nachos were also available for sale. It was here we met a fellow tourist who, in her 50s, had inexplicably never heard the word “tchotchke,” which bodes poorly for us as tchotchke aficionados in our late 30s who enjoy cruising. Keep the AARP card warm for me.

At any rate, tchotchkes or not, the views were worth the cost of the ticket.

The kids, either unwilling or unable to appreciate the resplendence, were satiated by an oversized game of Connect Four on the point, which they played repeatedly despite not knowing at all how the game worked. If played by certain adults, the game could have been called “tariffs,” actually. This provided precious and brief time between our 3-year-old’s meltdowns to take some pictures and continue reflecting on my decision to spend $14 on Bailey’s, ice, and Kahlua.

Literally minutes after taking this picture I received a phone call from an unknown number that I ignored. The caller left me a voicemail, it was my manager’s manager’s manager calling me with some “important information.” I had an inkling as to what this was about, but didn’t have my work phone, and I couldn’t be sure. So I called back and it was the aforementioned 3x manager, my manager’s manager (the 2x), and HR. And sure enough, drink in hand, gazing upon the magical Wendy’s of the West Indies, I was cooked, or “RIF’d” in government parlance, albeit with a fairly generous severance package considering my short tenure.

I mouthed the words “LAID OFF” to Ashley who shot me a distinct “aw shit” look. I was hired to guide strategic decision making at the IRS with regard to their cybersecurity program, which I guess is no longer an area of interest for the part of the government that collects money. In a cruel irony, I had escaped multiple rounds of layoffs at my last employer and was optimistic about the stability provided by a company like MITRE (I accepted the offer before Trump’s inauguration). It was immediately, or maybe even before, I started that I felt like I’d perhaps made a mistake in joining given yet another round of “extraordinary times.” But MITRE, much like the rest of the country, were dealt a bad hand with Trump’s election. In fact, this wasn’t entirely a surprise; when talk of layoffs was picking up the previous week, I remarked in an internal team chat that if I were in a position of leadership at MITRE or any other federal contractor, I would be looking at people like myself (new, uncleared, an unapologetic exhibitor of dad humor and 90s karaoke) if I needed to quickly cut costs.

I’m angry and disappointed – not for my own career, which will survive, but that I too was summarily DOGE’d in the service of billionaires and our current president, noted adulterer and convicted felon. To be clear, I’m not against the idea of DOGE on principle, and would have been fine with being laid off had I worked myself out of a job. Maybe I would’ve earned a commemorative tchotchke for that one, maybe a novelty headstone adorned with a Shiba Inu. “Here lies Joe. He got DOGE’d.”

As for the vacation, we had paid for it full several months ago, so we enjoyed it. Norwegian Cruise Line took good care of us, as they always do. It was truly a “there’s nothing I can do about this right now, today, tomorrow, or this week” situation, and I was grateful to not be the one in the extremely unenviable position (dear Elon: laying people off is supposed to feel bad) of making the calls. Now that I’m back, it does sting in a more tangible way, but I’m ready to move forward, because that’s all I can do. I’m grateful that I got to work at MITRE. A quote from the great sage Jimmy Buffett is apropos here: “if life gives you limes, make margaritas.”

Anyway. This too shall pass. I didn’t waste any of the Bailey’s though. Consider that bush wacked.