I Refuse to Share Space With Neo Nazis and White Supremacists

December 23, 2023 Nathan Bowling

A quick note: For the last year or so, I have written a newsletter on Substack. For a period, I crossposted those here but as the subscriber base for the newsletter grew I stopped doing that. However, due to choices by leadership at Substack, will no longer use the service. However, you can continue to follow the newsletter here.

I don't have a lot of redlines in my life. But one redline I do have is that if an institution or business says that “Nazis are welcome here” I will take my business elsewhere. In the case of Substack, the leadership of the company has made their choice and now I am making mine. It's not a particularly difficult decision. No, this isn't about freedom of speech; no, it's not about censorship. It's simply my choice.

Here is the statement that necessitated my decision from Hamish McKenzie, co-founder of Substack.

I reject the school of thought that the response to people who would wipe me from existence is some sort of constructive debate in the “marketplace of ideas.”

The Nazi Bar analogy is instructive here: if I found out my favorite bar welcomed Nazis, I would stop going to it. If I found out that a social club I belong to welcomed Nazis, I would stop being a member. I shouldn't even have to explain this, but here we are in the year of our Lord 2023, having to have this silly conversation.

“We’re going to keep Nazis and other white supremacists on our platform because we believe that limiting them is censorship” is a stupid, infantile argument. It's so clownish I'm not going to waste my time explaining.

Here is Chat GPT with a simple breakdown:
Denying monetization and access to services for Neo-Nazis and white supremacists is not a violation of free speech because private companies have the right to set and enforce their own content policies (emphasis added). Free speech protections typically apply to government actions, not private entities
Platforms have the authority to establish guidelines to maintain a safe and inclusive environment, and restricting content that promotes hate speech or violence is within their prerogative. This is not censorship in the legal sense, as individuals are still free to express their views elsewhere on different platforms or through other means.
ChatGPT 3.5: December 22nd, 2023

Choosing to carry and monetize the speech of Neo-Nazis and white supremacists is a commerce choice this company has made and it's a choice that I disagree with, and I'm taking my business elsewhere.

Given that, this will be the last edition of the newsletter sent from Substack. I will spend the next 48 hours transitioning to a different service. I'm trying to figure out if I want to use Buttondown or Ghost. If you have thoughts about either platform, shoot me an email. Both services have drawbacks and are more difficult to use than Substack, but that’s the cost of having taste and boundaries.

There will be a regularly scheduled edition of the newsletter on Sunday. I’ll talk a little about the verdict in the Ellis trial and reviewing the books that I read this year. If you follow the newsletter solely via the Substack App you will lose access to it. But you can get it via your regular email inbox by changing a setting in the app.

Again, you can subscribe to the next iteration of the newsletter here.

Being Choosy About Online Spaces

April 17, 2023 Nathan Bowling

*The speech crisis in the US is as real as the Easter Bunny and the world needs another poorly moderated online platform like Substack Notes like I need a hole in the head*

Over the last few years I have grappled with the size and scope of my digital footprint. I had more than a few “Nate, you’re better than this” moments while reading two books in particular. No Filter by Bloomberg writer Sarah Frier, got me off of Instagram and now I avoid the entire Facebook Suite of apps. Although, leaving WhatsApp while living overseas is nearly impossible because of how integrated it is into commerce here and because family back home seem disinclined to learn how to navigate Signal.

Frier came on the podcast and I found the truthpaste she squeezed undeniable. Her book and our conversation came down to three key points:

Algorithmic social media gives us each our own version of “the truth”, feeding our egos, biases, and prejudices;
This is contributing to political polarization and escalating political violence, undermining our democracy and fraying the fabric of our society;
We have no idea what the long-term implications of any of this are—it is unprecedented in human history—but all seems quite bad.

A fourth point that I walked away from our conversation realizing is that our continued use of these platforms makes us complicit in the societal havoc they wreak.

A little later, I read The Age of Surveillance Capitalism by Shoshana Zuboff. She built on Frier’s ideas as part of a larger critique of post-industrial, late-stage capitalism. While Frier’s book was largely about the societal harm that algorithmic social media heaps upon us, Zuboff leaned into privacy violations and how our data is sold by and to some of the worst among us. I was struck repeatedly by the idea there’s a whole segment of bad actors who produce nothing, but make billions serving up data on our private comms, movements, and purchases to the highest bidder.

It was after finishing Zuboff’s book that I left Twitter for the first time. It was after Elon Musk’s purchase of the platform that I left for good and started writing this newsletter.

Defenders of Musk say he’s a champion of free speech but that claim doesn’t stand up under scruitiny. Musk’s vision of free speech is a limited one. He doesn’t mean the freedom to criticize him—that can get you banned or your verification revoked. He doesn’t mean the freedom to build competing platforms—that can get your API access revoked. He doesn’t mean the ability to organize online anti-fascist networks—that can get you exiled to Mastodon. He, like many on the online right, see free speech as a one way street—a guarantee they and people they like can say whatever troll-y nonsense they want no matter how racist, vile, or bigoted it is.

It’s these issues of free speech and platform choice that I want to center today.

I chose to write on Substack because I didn’t want to be on a platform that I felt was a Nazi Bar. I wouldn't go to a bar that knowingly served Nazis. I wouldn’t go to a church that knowingly welcomed Nazis. I wouldn’t work at a school that knowingly hired Nazis. This made the decision to leave Twitter and write here an easy one.

But this week Substack introduced their Notes feature and… oh, boy.

Substack pre-Notes was a business product. They, the service provider, distribute the newsletter. I, the writer, am responsible for the content. If you, the customer, find my takes unacceptable, you can unsub.

But Notes is different; it is a Twitter clone, another network with an algorithmic timeline. With that comes the need for robust content moderation. I get this. You probably get this but somehow the folks at Substack don’t.

This week in an interview with the Verge, Substack co-founder & CEO Chris Best fell all over himself trying to answer very basic questions about what kind of content they’d allow on Notes.

The question “hypothetically, can someone promote genocide on your platform?” shouldn’t be a hard one, but for Best (and too many tech bros) it is.

I found this really disappointing. This week, a handful of subscribers asked if I will be using Notes. My answer is “nope.” I am not excited about the Notes product. Most of you read the newsletter in your email inbox, the old fashioned way (I get great data on this). You all don’t generally use the Substack app and I don’t plan on using Notes until they can prove it won’t be a Nazi Bar.

One way of reading all of this is that “Nate’s just fragile” and is seeking or creating bubbles or safe spaces. That framing is juvenile AF. It’s not about fragility, it is about being discerning with the company you keep and places you give your time and business.

Beloved, Use a Password Locker but Make Sure it's Not LastPass

March 26, 2023 Nathan Bowling

*I use a password locker and think you should too but there's one provider you should avoid because they seem to have lost the plot*

In a recent newsletter, I wrote about online security and password lockers. Password lockers allow you to create longer, randomized passwords that are more secure than whatever you’re likely to come up with and memorize. The locker then stores them in an encrypted file on your device.

I spent most of Wednesday evening going through the annoying but important process of migrating my passwords off one of those lockers, LastPass. It’s a long story but I think it’s one worth sharing with you.

I started using LastPass in 2016. The service had its ups & downs. At one point, I paid for the premium version but they moved to a pricier monthly sub model and I slid back down to the free tier. The company provides an important service, but they’ve had an extremely rough run of things as of late that I think is worth detailing.

On August 25, 2022 LastPass detected "unauthorized" access to their servers. In their press statement about the incident, they buried this bit of terrible news in paragraph five:

“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.

I am far from an expert in this area—that seems bad though. But it was really just the beginning. They followed that up with an announcement on September 15 about a subsequent breach that read roughly “Yeah, we were breached but your data and passwords are safe. Trust us.”

Then on November 30, they released a statement saying, “we have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information… We are working diligently to understand the scope of the incident and identify what specific information has been accessed.”

This was followed by two other company statements encouraging customers to “stay vigilant” and follow “security best practices,” advice the company clearly should have been taking themselves.

In January, the wheels started falling off the wagon as the company started to drip, drip more news about the access hackers were able to get.

On January 3, a John Doe filed a class action lawsuit on behalf of LastPass users over “failure to exercise reasonable care in securing and safeguarding highly sensitive consumer data in connection with a massive, months-long data breach.” This is when it finally hit me. They hadn’t been breached in August as an isolated incident. The hackers had ongoing access to LastPass’ servers for months.

On January 23, LastPass admitted, “we also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.” Also on January 23, they reported, “the threat actor then exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups.”

Again, I’m no expert in cyber security but you don’t have to be one to see where this is going. Hackers attacked LastPass and the company’s security infrastructure utterly failed. This is when I started exploring alternatives and talking about the issue on the Channel 253 Member Slack.

Then on March 10, Matthew Gault from Vice posted an episode of their Cyber podcast titled LastPass Isn’t Safe and Your Hiking App May be Tracking You. In that episode, Gault quoted Joseph Cox who summarized the situation succinctly:

“The hacker against LastPass was resourceful and persistent, but also that LastPass was not treating its own crown jewels with the serious security practices it should have. A LastPass engineer was accessing critical services from their home computer and network. LastPass had difficulty distinguishing between the activity of the worker and that of the hacker. The sensitive information—in this case, customers’ password vaults that need the user’s master password to decrypt, but could theoretically be brute forced at some point—were stored less in a bank vault and more in a closet.”

That was the last straw for me. The situation is clear: responsible internet users that have concerns about their security and privacy should use randomized passwords and password lockers but those lockers should absolutely not be on LastPass. They simply can't be trusted.

This week I deleted my locker on LastPass and moved to a different service provider. In doing so, I changed my master password and will slowly change my passwords on essential services like banking and investment apps. This is a time suck for sure, but it sucks way less than finding my accounts drained or my zombie Twitter account got hacked and is promoting some crappy NFT project.