I just got an email from a store I bought something at about 4 months ago. It happens, they have my mail, somewhere in their fine print they said that they were gonna send me product recommendations or I clicked a thing because it looked like the box you have to click to get the thing.

I’m not even mad about it, it does sometimes make sense. The store where we order cat food sends out coupons and I can save a bit on chewy treats for our libertarian overlords here, for example. The company that just send me the email about new products? The sell automatic standing desks. How many of those do I buy every quarter? About zero now that I have one – I have only so many rooms to fill and so many bodies to place at tables.

Now of course they could think that I have this huge company with staff who all need standing desks (get one, they’re great, I wished the office I work in had them) but how big are the chances really?

People know the scary stories of “surveillance capitalism” and how Facebook and other platforms knows us better than we do. How they can predict our needs with sophisticated algorithms, shape our world and behavior. Because we are just these simplistic animals that if they see something they need it and buy it.

The standing desk company isn’t the most sophisticated in the world when it comes to data analytics and algorithms I guess. They probably just use some ready-made ecommerce solution that sends out emails. But there are more sophisticated players in that space, with limitless resources and the smartest programmers and statisticians on staff. There is Amazon.

You might have heard for example that Amazon ships products already to fulfillment centers near hotspots before they have been ordered to ship faster and that they then use their algorithmically sorted page to push the things they already transported to your neightborhood to you. That they track and analyze every click you make to try to get you to buy things, especially things you did look at.

These things then follow you around and keep being presented to you. Buy this, you did check it out, right? You want this!

I do buy stuff on Amazon at times (I try to avoid it but sometimes it’s hard) so I have products following me around. I remember a few years ago I was looking to buy a TV, I browsed some and all my recommendations were TVs and then I bought the one I wanted.

But the recommendations didn’t go away. Amazon kept showing me more TVs. Now I needed exactly one TV. I don’t need more of those things in this home. But these things kept following me around in spite of me buying a TV an Amazon based on my comparison.

Digital systems have a tendency to flatten everything. Because flat is easy to implement. We see that more than anywhere with modern “AI” systems but other systems also have the same tendency. What do I mean by that? Flatten?

Amazon for example doesn’t care why you look at an object. Maybe you want to buy something, maybe you just wanted to look up the technical specs or someone sent you a link to a funny review. All the same to Amazon. The complexity of the world flatted to a little “but you looked at this” flag. Same for buying stuff. Amazon builds your profile to suggest things that might be relevant to you but then just adds everything you buy (you can modify it but it’s an annoying process) to your profile. Even the thing you bought for your niece as a birthday gift. Or your dad’s last Christmas present. All these things are being flattened. Stripped of context and nuance and messiness. Perfectly flat and neat. A model build not to understand you but to enable an algorithm to work efficiently. You are just a data provider.

I think this shows us another crack in tech’s narrative of being so uber-powerful and data being the perfect source of truth and future forecasting (another “AI” related narrative here, “AI” is really just the continuation of the tech development of the last 10-15 years, just a bit more wasteful). Because while the algorithms might be smart and efficient and might scale. Might build profiles of people in nanoseconds while comparing products to millions of people in milliseconds all that is built on a flattend world view.

I don’t have a grand point to make here. Just a random observation while deleting mails from my inbox: A lot of discourse might be lead by people thinking themselves to be the smartest people in the room with access to the only real magic there is, data. But when we look at what all that data analytics does it quickly just looks very mediocre. Like something that goes through some motion without understanding context and the world. Like something mimicking something real but without any understanding for it and therefore failing. Kinda like modern “AI” systems.

James Bond films have a certain formula to them. It is more interesting when seen from the perspective of the villain.

He has long been adjacent to money and power, but craves more. Several years ago, he successfully escaped his low-on-the-ladder job at an existing institution. He built a base of power that is independent of institutions. From it, he successfully puppets any organization he needs to. He and his organization are from elsewhere, everywhere, all at once. They have no passport and fly no flags; these concepts are thoroughly beneath them. They move around frequently and are always where the plot requires them to be, exactly when it requires them to be there. No law constrains them. Governments scarcely exist in their universe. To the limited extent they come to any government’s attention, no effective action is taken. The villain rises to the heights of influence and power.

This continues for years.

Then we suddenly hear E minor major 9. We begin the film, telling the end of the story, mostly from Bond’s perspective. The villain is just another weirdo who dies at the climax in act three.

Life imitates art

For years I have used the phrase “Bond villain compliance strategy” to describe a common practice in the cryptocurrency industry. 

In it, your operation is carefully based Far Away From Here. You are, critically, not like standard offshore finance, with a particular address in a particular country which just happens to be on the high-risk jurisdiction list. You are nowhere because you want to be everywhere. You tell any lie required to any party—government, bank, whatever—to get access to the banking rails and desirable counterparties located in rich countries with functioning governments. You abandon or evolve the lie a few years later after finally being caught in it.

Your users and counterparties understand it to be a lie the entire time, of course. You bragged about it on your site and explained it to adoring fans at conferences. You created guides to have your CS staff instruct users on how to use a VPN to evade your geofencing. The more clueful among your counterparties, who have competent lawyers and aspirations to continue making money in desirable jurisdictions, will come to describe your behavior as an “open secret” in the industry. They will claim you’ve turned over a new leaf given that the most current version of the lie only merely rhymes with the previous version of the lie.

And then we begin the third act.

So anyhow, Binance and its CEO Changpeng Zhao (known nearly universally as CZ) have recently pleaded guilty to operating the world’s largest criminal conspiracy to launder money, paying more than $4 billion in fines. This settles a long-running investigation involving the DOJ, CFTC, FinCEN, and assorted other parts of the U.S. regulatory state. Importantly, it does not resolve the SEC’s parallel action.

How’d we get here?

A brief history of Binance

Binance is, for the moment, the world’s largest crypto exchange. Its scale is gobsmacking and places it approximately the 100th largest financial institution in the world by revenue. The primary way it makes money is exacting a rake on cryptocurrency gambling, in particular, leveraged bets using cryptocurrency futures. To maintain its ability to do this, it runs a worldwide money laundering operation with the ongoing, knowing, active participation of many other players in the crypto industry, including Bitfinex/Tether, the Justin Sun empire, and (until recent changes in management) FTX/Alameda.

In his twenties CZ worked in Japan (waves) and New York for contractors to the Tokyo Stock Exchange then Bloomberg. In about 2013 he got interested in crypto and then joined a few projects, including becoming CTO of OKCoin, another Bond villain exchange. Being a henchman is an odd job, so he decided to promote himself to full-fledged villain. In 2017 he did an unregistered securities offering (then commonly spelled “ICO”) for Binance. 

Binance rose meteorically from then until recently, essentially gaining share at the expense of waning Bond villains. To oversimplify greatly, it carved up the less-regulated side of the crypto market with FTX, with Binance mostly taking customers in geopolitical adversaries of the U.S. (most notably greater China) and FTX mostly taking them in geopolitical allies (most notably, South Korea, Singapore, and the U.S.). But the cartels did not partition the globe in a way which fully insulated them from each other.

These operations were intertwined and coordinated. How intertwined? Binance was a part-owner of FTX until SBF decided successfully capturing U.S. regulators was a lot more likely if his cap table named more Californian trees and fewer Bond villains. How coordinated? The name of the Signal chat was Exchange Coordination.

This eventually led to grief as CZ (mostly accurately) perceived SBF was using the U.S. government as a weapon against Binance. He retaliated by strategic leaking, leading to a collapse in the value of FTX's exchange token, a run on the bank, and FTX's bankruptcy.

Where was Binance in all of this?

Binance did a heck of a lot of business in Japan in the early years. This officially ended in March 2018 when the Financial Services Agency, Japan’s major financial regulator, made it extremely clear that Binance was operating unlawfully in serving Japanese customers without registering in the then-relatively-new framework for virtual currency exchange businesses.

As an only-sometimes-following-crypto skeptic, this was the thing which brought Binance to my attention. Binance was piqued, saying that they had engaged the FSA in respectful conversations and then learned they were being kicked out of the country from a news report. Having spent roughly twenty years getting good at understanding how Japanese bureaucratic procedures typically work, I surmised  “...that is a very plausible outcome if you start your getting-to-know-you chat with ‘Basically I am a James Bond villain.’” I think that was the first time the metaphor came to me.

The order expelling them listed their place of business as Hong Kong, with a dryly worded asterisk stating that this was taken from their statements on the Internet and “...there exists the possibility that [this information] is not accurate as of the present moment in time.”

That, Internets, is how a salaryman phrases “I am absolutely aware that you maintain a team and infrastructure in Japan.”

Did Binance exit Japan? Well, that depends. Did CZ personally return to Japan? Probably not. Does Binance continue to serve Japanese customers? Yes, though (Bond villain!) it pretends not to. Where does Binance’s exchange run as a software artifact? As a statement of engineering fact: in an AWS data center in Tokyo. ap-northeast-1, if you want to get technical.

 (Someone needs to write an East Asian studies paper on how Tokyo became Switzerland for Asian crypto enthusiasts due to a combination of governance, network connectivity, latency, and geopolitical risk. I nominate anyone other than me.)

Binance also maintained an office in Shanghai, with many executives working there. It was raided by the Chinese police. Binance denied that the office existed. The spokesman’s quote was pure Bond villain: “The Binance team is a global movement consisting of people working in a decentralized manner wherever they are in the world. Binance has no fixed offices in Shanghai or China, so it makes no sense that police raided on any offices and shut them down.”

This was a lie wrapped around a tiny truth. Internet-distributed workforces containing many mobile professionals do not exactly resemble a single building with all your staff and your nameplate on the door.

Of course, on the actual substantive matter, it was a lie.

We know it was a lie, because (among many other reasons) we have the chat logs where the parts of their criminal conspiracy that operated in the U.S. complain that the parts of their criminal conspiracy that operated in Shanghai kept information from them that they needed to do their part to keep the crime operating smoothly. Coworkers, man.

Binance’s Chief Compliance Officer, one Samuel Lim, apparently is not a fan of The Wire and never encountered Stringer Bell’s dictum on the wisdom of keeping notes on a criminal conspiracy. He writes great copy, most memorably “[We are] operating as a fking unlicensed security exchange in the U.S. bro.” He and many other Binance employees have helpfully documented for posterity that their financial operations teams were, for most of corporate history, working from Shanghai.

Binance also operated in the state of Heisenbergian uncertainty, sometimes known as Malta. Malta has a substantial financial services industry, which welcomed Binance with open arms in 2018 and then pretended not to know him in 2020. This continues Malta’s proud tradition of strategic ambiguity as to whether it is an EU country or rentable skin suit for money launderers. ¿Por qué no los dos? Despite this, Binance would continue claiming to customers and other regulators for a while that it was fully authorized to do business by Malta.

Binance operates in Russia, to enable its twin businesses of cryptocurrency speculation and facilitating money laundering. In 2023 it pretended to sell its Russian operations.

Binance operated in many jurisdictions. The U.K.: kicked out. France: under investigation. Germany, the Netherlands, etc, etc, they required non-teams of non-employees at non-headquarters to keep track of all the places they weren’t registered doing their non-crimes.

A core cadre of the Binance executive team is currently in the United Arab Emirates, where CZ hopes to return. He professes that he will await sentencing there, and pinkie swears that he will totally get back on a plane to the U.S. to show up to it. For reasons which are understandable by anyone with more IQ than a plate of jello, the U.S. is skeptical he will make good on this promise, and is currently, as of Thanksgiving 2023, attempting to keep him in the U.S. He is physically present to sign what Binance advocates believe is the grand compromise to put all his legal worries behind them.

A defining characteristic of Bond villains is that they think they are very smart and everyone else is very stupid. To be fair, when you play back the movie of the last few years of their life, they keep winning and their adversaries look like nincompoops.

Then, they get extremely confident and begin to make poor life choices.

How did this work for so freaking long?

Much like the optimal amount of fraud is not zero, the global financial system institutionally tolerates (and actively enables) some shenanigans at the margin. You can think of Binance, Tether, FTX, and all the rest as talented amateurs capable of engaging the services of professionals. They followed advice and grew like a slime mold into the places where shenanigans are wink-and-a-nudge tolerated.

Why tolerate shenanigans? Some shenanigans are necessary to keep the world spinning.

China has grown into an economic superpower via capitalism while also at times officially having private property ownership be illegal. That circle cannot be squared. We, the global we, want Chinese people to not live in grinding poverty. That requires economic growth. Economic growth required making things the world wanted. Selling those things required integration into the global economic order. That required a willingness to ignore things the Communist dictatorship said were crimes, while simultaneously saying “Oh, bankers definitely, definitely shouldn’t facilitate billionaires committing crimes.”

As I’ve remarked previously, we similarly have complicated preferences with regards to Russian oligarchs. In some years, money laundering for them is, how might a gifted speaker phrase this, “[b]ringing our former adversaries, Russia and China, into the international system as open, prosperous and stable nations.” In other years, money laundering for them is described as funding Russia’s war machine.

Finance is messy because the world is messy.

Some of the shenanigans aren’t strictly necessary or planned, but society considers an expenditure of effort required to curtail them to be wasteful or to compromise our other goals. We had all the technology required to CC regulators on every banking transaction years before slow database enthusiasts decided all transactions would eventually be publicly readable and persisted forever. We simply chose not to implement it. It would have been quite expensive and infringed on the privacy of many ordinary people and firms.

But Binance, and others, forgot the critical step, to the annoyance of their engaged professionals: you have to eventually stop growing and keep to a low profile. You have to simply be content with being fantastically rich. If you do, you can continue showing up to the nicest parties in New York, owning expensive real estate in London, and commuting to a comfortable office in Hong Kong or the Bahamas or many other places.

But crypto kept growing until the control systems could not ignore them any longer. And the control systems cannot continue to avoid knowledge of the crimes.

So, so many crimes. Many of them are what crypto advocates consider as utterly inconsequential, like serially lying on paperwork. And also Binance gleefully and knowingly banked terrorists and child pornographers. That’s not an allegation; that has been confessed to. There is no line a Bond villain will not cross. They will cross them performatively.

And, surprising even me, some crypto characters consciously adopt the aesthetic of Bond villains. Le Chiffre, the villain in Casino Royale, owns a fictional house. That house exists in the physical world, where a location scout said “This certainly looks like the sort of place a Bond villain would live.” Jean Chalopin owned that literal, physical house. (c.f. Zeke Faux’s Number go Up, Kindle location 1175.) As previously discussed, Chalopin is a professional bagman, and his largest client was previously Tether.

What happens to Binance now?

Some believe that Binance admitting to being a criminal conspiracy is actually good news, not merely in the memetic “good news for Bitcoin” sense, but because this upper-bounds Binance’s exposure somewhere below “The United States forcibly dismantles the most important crypto exchange and much of the infrastructure it touches.”

The immediate consequences are about $4 billion in fines. Despite being one of the world’s largest hodlers, the U.S. will not accept payment in Bitcoin, and Binance has agreed to pay in installments over the next two years. CZ and Binance will be sentenced in February.

Some people think the grand bargain was to avoid him getting imprisoned. The actual text of the agreement says that Binance gets to walk away from some parts of it if he is sentenced to more than 18 months. (Senior officials told the NYT they are contemplating asking for more than that.)

Probably more consequentially, the settlements are going to force Binance to install so-called monitors internally. Those monitors are effectively external compliance consultants, working at the expense of Binance in a contractual relationship with them, but whose true customer is the United States. The monitors have pages upon pages of instructions as to exactly how they are to reform Binance’s culture by implementing recommendations to bring onboarding, KYC, and AML processes into compliance with the law everywhere Binance does business, and sure, that is part of the job.

But the other part of the job is that they’re an internal gateway to any information Binance has ever had, or will ever have. This can be queried essentially at will by law enforcement, with Binance waiving substantially all rights to not cooperate.

You might reasonably ask “Hey, doesn’t the U.S. typically require a warrant to go nosing about in the business of people who haven’t been accused of a crime?” And, to oversimplify half a century of jurisprudence, one loses one’s presumption of privacy if one brings a business into one’s private affairs. All of Binance’s customers and counterparties gave up their privacy to Binance by transacting with it. The U.S. has Binance’s permission to examine all of Binance’s historical, current, and future records, at will, for at least the next three years. It also secured a promise that Binance would assist in any investigation.

And so, if one were hypothetically not yet indicted by the U.S., but one had hypothetically done business with one’s now-confessed money launderer, one’s own Fourth Amendment protections do not protect the U.S. from hoovering up every conversation and transaction with Binance.

All of this is certainly good news and we can put this messy chapter behind us, say crypto advocates.

How are Bond villains actually regulated?

Was the Bond villain strategy ever going to work? Did Binance have a reasonable likelihood of prevailing on jurisdictional arguments, like telling the U.S. that the Binance mothership had no U.S. presence and so it should not be subject to U.S. law? No. Crikey, no. The system has to be robust to people lying or acting from less-salubrious jurisdictions, at least to the extent it cares about being effective, and at least some of the time it does actually care about being effective.

The U.S.’s point of view on the matter, elucidated at length in any indictment for financial crimes, is that if you have ever touched an electronic dollar, that dollar passed through New York, and therefore you’ve consented to the jurisdiction of the United States. Dollarization is very intentionally wielded like a club to accomplish the U.S.’s goals.

There exist some not-very-sympathetic people one could point to who ran afoul of this over the years who are still much more sympathetic than Binance. Binance intentionally used the U.S. market and infrastructure to make money. The U.S. was essential to their enterprise. Many peer nations can, and will, make a similar argument.

Binance had tens of percent of their book of business in the U.S. They were absolutely aware of this, knew that some of those users were their largest VIPs or otherwise important, and took steps to maximize for U.S. usage while denying they served Americans.

Their engineers didn’t accidentally copy the exchange onto AWS or deploy it to Tokyo by misclicking repeatedly. The crypto industry playbook for doing sales and marketing looks like everyone else’s playbook for doing sales and marketing. They get on planes, present at events, send mail, hire employees (or otherwise compensate agents), open offices, etc etc.

If having an email address meant you didn’t exist in physical reality anymore, the world would be almost empty.

CZ personally signed for bank accounts for some of his money laundering subsidiaries at U.S. banks, like Merit Peak and Sigma Chain. The SEC traced more than $500 million through one of those accounts.

One major rationale for KYC legislation, as discussed previously, is that it makes prosecuting Bond villains easier. Even if compliance departments at banks are utterly incompetent at detecting Bond villains at signup, having extracted the Bond villain’s signature on account opening documents is very useful to prosecutors a few years down the road. Why have to do hard work quantifying exactly how many engineers work on which days at Binance’s offices in San Francisco when you can do the easy thing and say “Hey, fax me the single piece of paper where the Bond villain signed up for responsibility for all the crimes, please.”

Why do Bond villains sign for bank accounts in highly regulated jurisdictions? Partly it is because of beneficial ownership KYC requirements to open bank accounts. Partly it is because finding loyal, trustworthy subordinates is very hard if you’re a Bond villain, and Bond villains (sensibly!) worry that if the only name on the paperwork is a henchman, eventually that henchman might say “You know, actually, I would like to withdraw the $500 million I have on deposit with you.”

(This is why Bond villains frequently have e.g. the mother of their children sign for bank accounts. Bond villains, again, think everyone else is stupid, and that no one will cotton onto this.)

A subgenre of challenges in people management for Bond villains: you have to hire experienced executives in the United States to run the U.S. fig leaf for your global criminal empire. The people you hire will, by nature, be experienced financial industry veterans who are extremely sophisticated and have access to good lawyers. This combination of attributes is the recipe for being the best in the world at filing whistleblower claims. I expect a few previously executives at Binance U.S. are eventually going to take home the most generous pay packages in the entire financial industry for a few years between 2018 and 2022.

To make this palatable to the American public, those whistleblower rewards are not courtesy of the taxpayer; they’re courtesy of money seized from previous Bond villains. A portion of Binance’s settlement(s) will go to pay the whistleblowers at the next Bond villain. It’s a circle of life.

News that will break shortly

Different regulators have differing ability to prosecute complex cases, but they basically all have the ability to read simple legal documents. That is one of the things they are best at doing.

Binance will suffer a wave of tag-along enforcement actions, in the U.S. and globally. Partly this will be for face saving; global peers of the U.S., which Binance has transacted billions of dollars in, will largely not want to signal “Oh we’re totes OK with money laundering for terrorists and child pornographers”, and so they’re going to essentially copy/paste the U.S. enforcement actions. They will then play pick-a-number with Binance’s new management team, who will immediately cave.

The earliest version of this is probably only weeks away, but Binance will deal with it for years.

More interestingly, and likely more expensively, the SEC is going to hit Binance like a ton of bricks. They were one of the few regulators which opted out of consolidating with the DOJ’s deal. They think they have Binance dead to rights (they do), and tactically speaking, the deal makes their life even easier. Binance has waived ability to contest some things the SEC will argue. The SEC can now proxy requests for evidence to Binance’s monitors through other federal agencies.

Binance has had the enthusiastic cooperation of many people who walk in light in addition to their co-conspirators who walk in shadow. Those people, lamentably inclusive of some in the tech industry who I feel a great deal of fellow-feeling for, are going to start cutting off access to Binance. Compliance departments at their corporate overlords, which were either entirely in the dark or willing to be persuaded that a new innovative industry required some amount of flexibility with regards to controls, are (today) having strongly worded conversations which direct people to lose Binance’s number.

Binance has pre-committed to helping with the efforts to cauterize them from the financial system. They also pre-committed to assisting in, specifically, the investigation of their sale of the Russia business. That investigation will conclude that the sale was a sham (a Bond villain lied?) designed to avoid sanctions enforcement. Ask your friends in national security Washington how well that is going to go over.

Binance is going to be slowly ground into a very fine paste.

Many crypto advocates believe the U.S. institutionally wants to see Binance reform into a compliant financial institution. They are delusional. The U.S. is already practicing their lines for the next press conference. This course of action allows them to deflate Binance gradually while minimizing collateral damage, which responsible regulators and law enforcement officials actually do care quite a bit about.

The U.S. is aware that many high-status institutions and individuals, which are within the U.S.’s circle of trust, actively collaborated with Binance. Most of them will escape serious censure.

A few examples will be made, especially in cases where it is easy to make an example, because the firm is no longer operating financial infrastructure. This will take ages to happen and be public but relatively quiet, insofar as senior U.S. regulators will not get on TV to make international headlines announcing it. It will be one of the stories quietly dribbled out on a Friday to the notice mostly of people who draft Powerpoint decks for Compliance presentations. If you want a flavor for these, join any financial firm and pay attention during the annual training; you’re stuck going to it, anyway.

You seem a little smug, Patrick

I’m not breaking out the Strategic Popcorn Reserves yet, but I will admit to a certain amount of schadenfreude here. The world was grossly disordered for many years. It has corrected a relatively small amount.

We are a nation of laws. I’d support reforming some of them; a lot of the AML/KYC regulatory apparatus harms individuals who have done no wrong. Much is not well-calibrated in terms of societal costs versus occasionally facilitating a Bond villain’s self-immolation.

However, in the interim, one cannot simply gleefully ignore the laws because the opportunity to do so allows you to become wealthy beyond the dreams of avarice. Even staunch crypto advocates looking at Binance’s conduct see some things they are not happy to be associated with. Not all of the crimes were victimless crimes.

There exists the possibility that there is some salvageable licit business in crypto. People enjoy gambling. But if you factor out the crime, the largest casino in the world is not that interesting a business relative to the one that Binance et al ran the last few years.

I do not know if we’ll ever have a world with this scale of crypto businesses without the crime. The crime was the product. An opportunity to transform global financial infrastructure was greatly overstated and has not come to pass. I do not expect this to change.

I'm seeing more and more folk post, "we got out of IE, we can get out of Chrome," on social media, referencing the nigh-monopoly Chrome has on the browsing experience. Unless you're using Firefox or Safari, you're using Chrome or a Chromium-derived browser. For those of you too young to remember what internet life under Internet Explorer was like, here is a short list of why it was not great:

• Once Microsoft got the browser-share lock in, it kind of stopped innovating the browser. It conquered the market, so they could pull back investment in it.
• IE didn't follow standards. But then, Microsoft was famous for "embrace and extend," where they adopt (mostly) a standard, then Microsoftify it enough no one considers using the non-MS version of the standard.
• If you were on a desktop platform that didn't have IE, such as Apple Macintosh, you were kinda screwed.

Google Chrome took over from IE for three big reasons:

• They actually were standards compliant, more so than the other alt-browsers (Mozilla's browsers, Opera, and Safari)
• They actually were trying to innovate in the browser
• Most important: they were a megacorp with a good reputation who wanted everyone to use their browser. Mozilla and Opera were too small for that, and Apple never has been all that comfortable supporting non-Apple platforms. In classic dot-com era thinking, Google saw a dominant market player grow complacent and smelled a business opportunity.

This made Chrome far easier to develop for, and Chrome grew a reputation for being a web developer's browser. This fit in nicely to Google's plan for the future, which they saw as full of web applications. Google understands what they have, and how they got there. They also understand "embrace and extend," but found a way to do that without making it proprietary the way Microsoft did: capture the standards committees.

If you capture the standards committees, meaning what you want is almost guaranteed a rubber stamp from the committee, then you get to define what industry standard is. Microsoft took a capitalist, closed-source approach to embrace and extend where the end state was a place where the only viable way to do a thing was the thing that was patent-locked into Microsoft. Google's approach is more overtly FOSSY in that they're attempting to get internet consensus for their changes, while also making it rather harder for anyone else to do what they do.

Google doesn't always win. Their "web environment integrity" proposal, which would have given web site operators far greater control over browser extensions like ad-blockers, quietly got canned recently after internet outrage. Another area that got a lot of push back from the internet was Chrome's move away from "v2 manifest" extensions, which include ad-blockers, in favor of "v3 manifest" plugins which made ad-blockers nearly impossible to write. The move from v2 to v3 was delayed a lot while Google grudgingly put in abilities for ad-blockers to continue working.

Getting off of Chrome

The circumstances that drove the world off of Internet Explorer aren't there for Chrome.

• Chrome innovates constantly and in generally user-improving ways (so long as that improvement doesn't majorly affect ad-revenue)
• Chrome listens, to a point, to outrage when decisions are made
• Chrome is functionally setting web standards, but doing so through official channels with RFCs, question periods, and all that ritual
• Chrome continues to consider web-developer experience to be a number one priority
• Alphabet, Google's parent company, fully understands what happens when the dominant player grows complacent, they get replaced the way Google replaced Microsoft in the browser wars.

One thing has changed since the great IE to Chrome migration began, Google lost its positive reputation. The old "don't be evil" thing was abandoned a long time ago, and everyone knows it. Changes proposed by Google or Google proxies are now viewed skeptically; though, overtly bad ideas still require internet outrage to delay or prevent a proposal from happening.

That said, you lose monopolies through either laziness of the monopolist (Microsoft) or regulatory action, and I'm not seeing any signs of laziness.

This is a controversial take, but the phrase "it's industry standard" is over-used in technical design discussions of the internal variety.

Yes, there are some actual full up standards. Things like RFCs and ISO-standards are actual standards. There are open standards that are widely adopted, like OpenTelemetry and the Cloud Native Computing Foundation suite, but these are not yet industry standards. The phrase "industry standard" implies consensus, agreement, a uniform way of working in a specific area.

Have you seen the tech industry? Really seen it? It is utterly vast. The same industry includes such categories as:

• Large software as a service providers like Salesforce and Outlook.com
• Medium software as a service providers like Box.com and Dr. Chrono
• Small software as a service providers like every bay area startup made in the last five years
• Large embedded systems design like the entire automotive industry
• Highly regulated industries like Health Care and Finance, where how you operate is strongly influenced by the government and similar non-tech organizations
• The IT departments at all of the above, which is much smaller than they used to be due to the SaaS revolution, but still exist
• Scientific computing for things like space probes, satellite base systems, and remote sensing platforms floating the oceans
• Internal services work at companies that don't sell technology, places like UPS, Maersk, Target, and Orange County California.

The only thing the above have any kind of consensus on is "IP-based networking is better than the alternatives," and even that is a bit fragile. Such out there statements like "HTTP is a standard transport" are ones you'd think there would be consensus on, but you'd be wrong. Saying that "kubernetes patterns are industry standard" is a statement of desire, not a statement of fact.

Thing is, the Sysadmin community used this mechanic for self-policing for literal decades. Any time someone comes to the community with a problem, it has to pass a "best practices" smell test before we consider answering the question as asked; otherwise, we'll interrogate the bad decisions that lead to this being a problem in the first place. This mechanic is 100% why ServerFault has a "reasonable business practices" close reason:

Questions should demonstrate reasonable information technology management practices. Questions that relate to unsupported hardware or software platforms or unmaintained environments may not be suitable for Server Fault.

Who sets the "best practices" for the sysadmin community? It's a group consensus of the long time members, which is slightly different between each community. There are no RFCs. There are no ISO standards. The closest we get is ITIL, the IT Infrastructure Library, which we all love to criticize anyway.

Best practices, which is "industry standard" by an older name, have always been an "I know it when I see it" thing. A tool used by industry elders to shame juniors into changing habits. Don't talk to me until you level up to the base norms of our industry, pleeb; and never mind that those norms are not canonicalized anywhere outside of my head.

This is why the phrase "it's industry standard" should not be used in internal technical design conversations

This phrase is shame based policing of concepts. If something is actually a standard, people should be able to look it up and see the history of why we do it this way.

Maybe the "industry" part of that statement is actually relevant; if that's the case, say so.

• All of the base technology our market segment run on is made by three companies, so we do what they require.
• Our industry are startups founded in 2010-2015 by ex-Googlers, so our standard is what Google did then.
• Our industry computerized in the 1960s and has consumers in high tech and high poverty areas, so we need to keep decades of backwards compatibility.
• Our industry is VC-funded SaaS startups founded after 2018 in the United States, who haven''t exited yet. So we need to stay on top of the latest innovations to ensure our funding rounds are successful.
• Our industry is dominated by on-prem Java shops, so we have to be Java as well in order to sell into this market.

These are useful, important constraints and context for people to know. The vague phrase "industry standard" does not communicate context or constraints beyond, "your solution is bad, and you should feel bad for suggesting it." Shame is not how we maintain generative cultures.

It's time to drop "it's industry standard" from regular use.

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold “as-is” from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns.

Phones may end up in police custody for any number of reasons — such as its owner was involved in identity theft — and in these cases the phone itself was used as a tool to commit the crime.

“We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner,” the researchers explained in a paper released this month. “Unfortunately, that expectation has proven false in practice.”

The researchers said while they could have employed more aggressive technological measures to work out more of the PINs for the remaining phones they bought, they concluded based on the sample that a great many of the devices they won at auction had probably not been data-wiped and were protected only by a PIN.

Beyond what you would expect from unwiped second hand phones — every text message, picture, email, browser history, location history, etc. — the 61 phones they were able to access also contained significant amounts of data pertaining to crime — including victims’ data — the researchers found.

Some readers may be wondering at this point, “Why should we care about what happens to a criminal’s phone?” First off, it’s not entirely clear how these phones ended up for sale on PropertyRoom.

“Some folks are like, ‘Yeah, whatever, these are criminal phones,’ but are they?” said Dave Levin, an assistant professor of computer science at University of Maryland.

“We started looking at state laws around what they’re supposed to do with lost or stolen property, and we found that most of it ends up going the same route as civil asset forfeiture,” Levin continued. “Meaning, if they can’t find out who owns something, it eventually becomes the property of the state and gets shipped out to these resellers.”

Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients.

An overview of the phone functionality and data accessibility for phones purchased by the researchers.

One phone had full credit files for eight different people on it. On another device they found a screenshot including 11 stolen credit cards that were apparently purchased from an online carding shop. On yet another, the former owner had apparently been active in a Telegram group chat that sold tutorials on how to run identity theft scams.

The most interesting phone from the batches they bought at auction was one with a sticky note attached that included the device’s PIN and the notation “Gry Keyed,” no doubt a reference to the Graykey software that is often used by law enforcement agencies to brute-force a mobile device PIN.

“That one had the PIN on the back,” Levin said. “The message chain on that phone had 24 Experian and TransUnion credit histories”.

The University of Maryland team said they took care in their research not to further the victimization of people whose information was on the devices they purchased from PropertyRoom.com. That involved ensuring that none of the devices could connect to the Internet when powered on, and scanning all images on the devices against known hashes for child sexual abuse material.

It is common to find phones and other electronics for sale on auction platforms like eBay that have not been wiped of sensitive data, but in those cases eBay doesn’t possess the items being sold. In contrast, platforms like PropertyRoom obtain devices and resell them at auction directly.

PropertyRoom did not respond to multiple requests for comment. But the researchers said sometime in the past few months PropertyRoom began posting a notice stating that all mobile devices would be wiped of their data before being sold at auction.

“We informed them of our research in October 2022, and they responded that they would review our findings internally,” Levin said. “They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren’t wiped.”

A copy of the University of Maryland study is here (PDF).

This is the first post in Italian on this blog in over ten years, mostly because it only really applies to readers who would be understanding Italian in the first place. Please see the summary on Mastodon, if you’re curious.

Sono praticamente cresciuto con La Settimana Enigmistica. Non riesco ad immaginare nessuno, in Italia, che non conosca almeno di nome questa rivista, che viene pubblicata da quasi un secolo, ininterrottamente. Quand’ero bambino, mia madre compilava le parole crociate ogni settimana, lasciandomi i giochi più semplici, come La Pista Cifrata, Che Cosa Apparirà? e Aguzzate La Vista — e man mano che sono cresciuto, mi ha insegnato a risolvere le parole crociate, semplici, crittografate e senza schema.

Purtroppo, perché la vita va come viene a volte, mentre da bambino sia La Settimana che Topolino erano dei punti di riferimento settimanali, col tempo sono diventati molto meno regolari. Con l’eccezione dei mesi passati in ospedale, dove almeno avevo a disposizione un’edicola e tanto tempo da perdere. Ma è stato solo quando me ne sono andato dall’Italia che mi sono reso conto quanto mi mancasse La Settimana.

Non è un caso che non abbia più scritto praticamente nulla in italiano da quando me ne sono andato — per quanto fossi sempre stato un bravo studente di grammatica, non sono mai stato portato nello scrivere temi in classe, o in generale nella scrittura creative italiana. Ma in aggiunta a tutto questo, scrivere in italiano è difficile da quando passo praticamente tutto il tempo a pensare e scrivere in inglese. Per dare un esempio, solo dopo aver scritto quasi tutto questo paragrafo mi sono reso conto di andare a togliere la maiuscola da italiano e inglese — vanno maiuscoli in inglese.

La Settimana Enigmistica, e in particolare, ma non solamente, le Parole Crociate, sono un’ottima ginnastica mentale per mantenere almeno un minimo di connessione con la lingua, e con il Paese. Per fare un esempio, ho scoperto che 3 Italia e Wind si fossero fuse… in una delle domende dell’Edipeo enciclopedico!

Ma come ho fatto a leggere la Settimana da Dublino (prima) e Londra (poi)? O per i molti mesi che sono stato in viaggio negli Stati Uniti, Cina, o altrove? Beh, nove anni fa, fu lanciata La Settimana Enigmistica Digitale — una versione completa della Settimana Enigmistica disponibile su tablet, sia iOS che Android. Ovviamente mi ci sono fiondato subito — eventualmente comprando un tablet Samsung con S-pen principalmente per questo motivo!

Negli scorsi nove anni, ho comprato (tra abbonamenti e numeri sfusi) 224 numeri della Settimana digitale. Non li ho sfogliati o risolti tutti, principalmente per motivi di tempo. Ma quando ho avuto tempo, modo, ed energie, sono stati un’ancora verso le mie origini, la mia “coperta di Linus” se vogliamo dirla così. L’applicazione non ha sempre funzionato molto bene a vederla bene, e non ha mai sfruttato le capacità moderne di dispositivi con il supporto per penne EMR per disattivare il touchscreen quando si usa la penna, ma almeno dal mio punto di vista non è stata una pessima scelta.

Purtroppo la rivista ha deciso di abbandonare questa applicazione in favore ad una nuova:

Caro lettore,martedì 9 maggio verrà rilasciata una nuova applicazione, in sostituzione di quella attuale. La nuova App sarà scaricabile dagli store e sarà supportata da dispositivi tablet con sistema operativo iOS 14 e Android 7 o versioni successive.

A causa di questo cambio di piattaforma, per facilitare il passaggio alla nuova App, a partire dal 03/05/2023 verrà inibita la possibilità di sottoscrivere abbonamenti nella vecchia versione.

Al rilascio della nuova applicazione, gli abbonamenti attivi già sottoscritti verranno trasferiti in modo da continuare la fruizione del servizio sulla nuova App. Le riviste verranno pubblicate anche sull’applicazione attuale fino al numero del 8/06/2023 e saranno giocabili fino al 10/07/2023, data in cui essa verrà dismessa definitivamente.

La Settimana Enigmistica — 26 Aprile 2023

Con poco più di una settimana di anticipo dal lancio della nuova versione, La Settimana Enigmistica ha deciso di dare una grossa scrollata di spalle ai lettori di lunga data. Giusto per essere chiari, ho chiesto conferma se fosse previsto che la nuova applicazione avesse a disposizione i precedenti numeri:

Buongiorno,

nella nuova applicazione i possessori di un abbonamento attivo avranno accesso anche ai numeri vecchi compresi nel loro abbonamento.
Saranno però presenti solo i numeri pubblicati negli ultimi 12 mesi, per cui i numeri precedenti al maggio 2022 non saranno sicuramente disponibili.

Ci scusiamo per il disagio, purtroppo l’avanzamento tecnologico ci ha imposto un aggiornamento della piattaforma.

La Settimana Enigmistica — 28 Aprile 2023

Ora, l’ultimo numero che ho acquistato nell’applicazione precedente risale a Febbraio 2022 (non ho comprato numeri recentemente perché onestamente ho accumulato tantissimi numeri che non ho completato) in che significa che, dopo luglio, la vecchia applicazione sarà rimossa e non avrò più modo di completare questi numeri. Ho continuato la conversazione con il supporto, chiedendo se avessero l’intenzione di permettere a chi ha comprato i numeri in precedenza di accedere ai PDF usati dall’app, ma ho ricevuto una risposta negativa, e nessuna offerta per risolvere la questione.

Ora, è verissimo che, da sviluppatore di Software Libero incluso VLC, comprendo benissimo il problema che “l’acqusito” di contenuti digitali provvisti di DRM non sia mai al sicuro, ma non ho mai visto nessun fornitore di servizi digitali suggerire ai propri lettori, con poco più di qualche mese a disposizione, di buttar via fino a nove anni di contenuti. Non stiamo parlando di un film o due o di qualche videogioco — chi si è abbonato al lancio e ha continuato a ricevere numeri finora, andrà a perdere oltre €600 in contenuti!

In tutto questo, temo che la Settimana Enigmistica abbia fatto un errore di fondo, però. Il DRM non è mai uno strumento assoluto, e poiché invece di inventare un nuovo formato per distribuire la rivista digitale, la vecchia applicazione sfruttava dei PDF perfettamente standard, l’unica difficoltà nel poterli utilizzare è la necessità di trovare la password che ognuno di questi possiede — e visto che mi hanno infranto il cuore, mi sono impegnato (neanche tanto) e ho trovato il modo di recuperare tali passwords.

Non pubblicherò il codice per ritrovare le password fino a Luglio! Inizialmente avrei voluto pubblicarlo oggi, ma ho un certo timore per il fatto che, sia in UK dove abito che in Italia dove La Settimana ha sede, la circonvenzione dei DRM anche per copia privata è illegale. In Italia, tecnicamente, è possibile farne una copia analogica, ma non credo sia di nessun interesse andare a stampare La Settimana digitale.

La mia speranza è che La Settimana veda quanto disruttiva sia la loro idea, e decida di caricare tutti i numeri precedenti sulla nuova applicazione — nel qual caso non avrò motivo di pubblicare il codice necessario. Tecnicamente, sono andato a violare le condizioni generali d’uso della vecchia applicazione. Allo stesso tempo, nulla nelle condizioni di vendita fornite da La Settimana Enigmistica Digitale suggerisce la loro capacità di distruggere i miei acquisti senza fornire un rimborso.

Nel frattempo se avete comprato numeri sulla vecchia applicazione vi consiglio di scaricarli tutti, e di fare una copia dei dati presenti. In particolare, su Android, vi servirà l’intera cartella Android/data/com.atono.lasedigitale/files/lase_digitale/Issues (tecnicamente escludendo le anteprime, ma vi consiglio di prendere l’intera cartella). Non so se o come sia possibile fare altrettanto su iOS — e non so se i PDF usati su iOS siano gli stessi usati su Android.

Come, tecnicamente, ci sono riuscito

Anche se aspetterò di pubblicare il codice nel momento in cui l’applicazione smetterà di funzionare (sempre che La Settimana Enigmistica non senta ragioni per cambiare idea), posso almeno fornire una breve descrizione.

L’applicazione Android (e immagino pure la versione iOS) scarica dei semplici file PDF per ogni numero acquistato, in aggiunta ad un file chiamato issue.json (che non è, a prima vista, un file JSON) e ad una quantità di anteprime a bassa risoluzione. Purtroppo tali PDF sono protetti da password quindi non sono direttamente apribili da un lettore PDF qualsiasi — al contrario delle restrizioni su duplicazione e stampa, che sono implementate “a parola d’onore”, i file PDF protetti da password sono cifrati.

Prima ancora di avere un modo di recuperare la password, ho scaricato tutti i numeri che ho comprato negli anni e fatto una copia dell’intera cartella Issues dal mio tablet — nel dubbio, in qualche modo le password potrebbero essere spuntate fuori. Come primo tentativo, ho lasciato il mio PC provare a trovare la password di forza bruta per una notte, senza risultati — come farò vedere fra poco, questa missione sarebbe stata completamente impossibile.

Il giorno dopo, in preda a… non disperazione, ma sicuramente noia, mi sono lamentato su Mastodon della situazione, e il mio amico ed ex-collega Pierre mi ha ricordato di fare una copia dell’applicazione stessa, nel caso in cui fosse più semplice riversare l’implementazione.

Presa la copia dell’applicazione, che non pare essere stata aggiornata dal 2011, c’ho dato un’occhiata veloce — pur sapendo che Android non è il mio forte, e non avendo mai provato a fare reverse engineering di Java in vita mia. Ma appena ho estratto il file APK (è solo un file ZIP con una struttura specifica), mi sono accorto di una cosa abbastanza banale: l’applicazione usa MuPDF.

MuPDF è un’applicazione, e una libreria, al momento sviluppata da Artifex (gli stessi di GhostScript) che permette di includere PDF direttamente in un’applicazione. In particolare, la vecchia applicazione della Settimana Digitale, usa un’estensione JNI per chiamare MuPDF dal codice Java dell’applicazione Android. Questo significa che anziché avere un’implementazione oscura (od oscurata) per decifrare i PDF, l’applicazione deve semplicemente chiamare la funzione authenticatePassword. Anche senza il minimo di esperienza in Java, trovare dove il codice chiama questa funzione dovrebbe essere banale.

Tra l’inizio del mio thread su Mastodon e avere il PDF aperto su Microsoft Edge (conoscendone quindi la password) mi ci sono volute circa cinque ore — di queste ne ho buttate un paio per tentare di far funzionare Flatpak su WSL/Ubuntu (non ha funzionato), ed eventualmente per installare Fedora Workstation su una macchina virtuale (dove Flatpak ha funzionato e Jadx mi ha permesso di aprire il codice molto semplicemente), e un’altra ora persa per via di un refuso che continuava a darmi la risposta sbagliata.

Quando pubblicherò il codice sarà abbastanza ovvio, ma per il momento vi basti sapere che non avrei mai potuto recuperare la password per forza bruta: si tratta di una password con lettere (minuscole e maiuscole), numeri, e simboli, per un totale di 28 caratteri! Secondo Hive Systems, servirebbero oltre ventiseimila miliardi di anni per ritrovare la password!

In realtà, già dal codice è possibile restringere lo spazio di ricerca: la parte centrale della password è fomata da 12 caratteri costanti che includono simboli — mentre i restanti 16 sono presi dall’alfabeto base64 (che, con l’eccezione dell’ultimo carattere, comprende 63 simboli.) Questo significa che, anche conoscendo la parte costante, ogni numero è richiederebbe selezionare la password corretta tra 225787570473400320: C^R(63, 15)×64.

Un quarto di milioni di bilioni. Volendo generare una lista di queste possibili password, assumendo 29 bytes per password, avremmo bisogno di oltre 5.6EiB (Exibibyte). Come confronto, i primi 100 trilioni di cifre di π occupano “solamente” 82 Terabyte.

Una volta conosciuta la password, qpdf permette di decifrare i file preservando tutti gli attributi e contenuti.

Cosa si fa ora?

Prima di tutto effettuate una copia di backup dei numeri che avete acquistato! Come ho detto, assicuratevi di copiare l’intera cartella Issues (che in questo caso, se non masticate l’inglese, significa numeri, della rivista, non problemi).

Poi vi consiglierei di mandare una mail alla Settimana, per chiedergli spiegazioni, e per fargli comprendere quanto non sia una bella cosa distruggere gli acquisti di nove anni dei propri lettori. Sarebbe molto più semplice se gli sviluppatori e l’editore cambiassero idea e preservassero gli acquisti nella nuova applicazione.

Io nel frattempo ripulirò per bene il codice per il programma che recupera queste password così che non sia utilizzabile solo da me. Se nulla sarà cambiato, nel momento in cui la vecchia applicazione sarà rimossa o smetterà di funzionare, lo pubblicherò, cosi tutti gli altri lettori potranno recuperare gli acquisti perduti.

E ovviamente, tornerò a risolvere le Parole Crociate dei numeri che già possiedo e non ho completato — eccetto lo farò sul mio ReMarkable 2, anziché con la loro app. È anche più realistico!