Pluralistic: Reverse engineers bust sleazy gig work platform (23 Nov 2024)
Sat, 23 Nov 2024 14:14:10 +0000Today's links
- Reverse engineers bust sleazy gig work platform: Mistrust, but verify.
- Hey look at this: Delights to delectate.
- This day in history: 2004, 2009, 2014, 2019, 2023
- Upcoming appearances: Where to find me.
- Recent appearances: Where I've been.
- Latest books: You keep readin' em, I'll keep writin' 'em.
- Upcoming books: Like I said, I'll keep writin' 'em.
- Colophon: All the rest.
Reverse engineers bust sleazy gig work platform (permalink)
A COMPUTER CAN NEVER BE HELD ACCOUNTABLE
THEREFORE A COMPUTER MUST NEVER MAKE A MANAGEMENT DECISION
Supposedly, these lines were included in a 1979 internal presentation at IBM; screenshots of them routinely go viral:
https://twitter.com/SwiftOnSecurity/status/1385565737167724545?lang=en
The reason for their newfound popularity is obvious: the rise and rise of algorithmic management tools, in which your boss is an app. That IBM slide is right: turning an app into your boss allows your actual boss to create an "accountability sink" in which there is no obvious way to blame a human or even a company for your maltreatment:
https://profilebooks.com/work/the-unaccountability-machine/
App-based management-by-bossware treats the bug identified by the unknown author of that IBM slide into a feature. When an app is your boss, it can force you to scab:
https://pluralistic.net/2023/07/30/computer-says-scab/#instawork
Or it can steal your wages:
https://pluralistic.net/2023/04/12/algorithmic-wage-discrimination/#fishers-of-men
But tech giveth and tech taketh away. Digital technology is infinitely flexible: the program that spies on you can be defeated by another program that defeats spying. Every time your algorithmic boss hacks you, you can hack your boss back:
https://pluralistic.net/2022/12/02/not-what-it-does/#who-it-does-it-to
Technologists and labor organizers need one another. Even the most precarious and abused workers can team up with hackers to disenshittify their robo-bosses:
https://pluralistic.net/2021/07/08/tuyul-apps/#gojek
For every abuse technology brings to the workplace, there is a liberating use of technology that workers unleash by seizing the means of computation:
https://pluralistic.net/2024/01/13/solidarity-forever/#tech-unions
One tech-savvy group on the cutting edge of dismantling the Torment Nexus is Algorithms Exposed, a tiny, scrappy group of EU hacker/academics who recruit volunteers to reverse engineer and modify the algorithms that rule our lives as workers and as customers:
https://pluralistic.net/2022/12/10/e2e/#the-censors-pen
Algorithms Exposed have an admirable supply of seemingly boundless energy. Every time I check in with them, I learn that they've spun out yet another special-purpose subgroup. Today, I learned about Reversing Works, a hacking team that reverse engineers gig work apps, revealing corporate wrongdoing that leads to multimillion euro fines for especially sleazy companies.
One such company is Foodinho, an Italian subsidiary of the Spanish food delivery company Glovo. Foodinho/Glovo has been in the crosshairs of Italian labor enforcers since before the pandemic, racking up millions in fines – first for failing to file the proper privacy paperwork disclosing the nature of the data processing in the app that Foodinho riders use to book jobs. Then, after the Italian data commission investigated Foodinho, the company attracted new, much larger fines for its out-of-control surveillance conduct.
As all of this was underway, Reversing Works was conducting its own research into Glovo/Foodinho's app, running it on a simulated Android handset inside a PC so they could peer into the app's data collection and processing. They discovered a nightmarish world of pervasive, illegal worker surveillance, and published their findings a year ago in November, 2023:
That report reveals all kinds of extremely illegal behavior. Glovo/Foodinho makes its riders' data accessible across national borders, so Glovo managers outside of Italy can access fine-grained surveillance information and sensitive personal information – a major data protection no-no.
Worse, Glovo's app embeds trackers from a huge number of other tech platforms (for chat, analytics, and more), making it impossible for the company to account for all the ways that its riders' data is collected – again, a requirement under Italian and EU data protection law.
All this data collection continues even when riders have clocked out for the day – it's as though your boss followed you home after quitting time and spied on you.
The research also revealed evidence of a secretive worker scoring system that ranked workers based on undisclosed criteria and reserved the best jobs for workers with high scores. This kind of thing is pervasive in algorithmic management, from gig work to Youtube and Tiktok, where performers' videos are routinely suppressed because they crossed some undisclosed line. When an app is your boss, your every paycheck is docked because you violated a policy you're not allowed to know about, because if you knew why your boss was giving you shitty jobs, or refusing to show the video you spent thousands of dollars making to the subscribers who asked to see it, then maybe you could figure out how to keep your boss from detecting your rulebreaking next time.
All this data-collection and processing is bad enough, but what makes it all a thousand times worse is Glovo's data retention policy – they're storing this data on their workers for four years after the worker leaves their employ. That means that mountains of sensitive, potentially ruinous data on gig workers is just lying around, waiting to be stolen by the next hacker that breaks into the company's servers.
Reversing Works's report made quite a splash. A year after its publication, the Italian data protection agency fined Glovo another 5 million euros and ordered them to cut this shit out:
As the report points out, Italy is extremely well set up to defend workers' rights from this kind of bossware abuse. Not only do Italian enforcers have all the privacy tools created by the GDPR, the EU's flagship privacy regulation – they also have the benefit of Italy's 1970 Workers' Statute. The Workers Statute is a visionary piece of legislation that protects workers from automated management practices. Combined with later privacy regulation, it gave Italy's data regulators sweeping powers to defend Italian workers, like Glovo's riders.
Italy is also a leader in recognizing gig workers as de facto employees, despite the tissue-thin pretense that adding an app to your employment means that you aren't entitled to any labor protections. In the case of Glovo, the fine-grained surveillance and reputation scoring were deemed proof that Glovo was employer to its riders.
Reversing Works' report is a fascinating read, especially the sections detailing how the researchers recruited a Glovo rider who allowed them to log in to Glovo's platform on their account.
As Reversing Works points out, this bottom-up approach – where apps are subjected to technical analysis – has real potential for labor organizations seeking to protect workers. Their report established multiple grounds on which a union could seek to hold an abusive employer to account.
But this bottom-up approach also holds out the potential for developing direct-action tools that let workers flex their power, by modifying apps, or coordinating their actions to wring concessions out of their bosses.
After all, the whole reason for the gig economy is to slash wage-bills, by transforming workers into contractors, and by eliminating managers in favor of algorithms. This leaves companies extremely vulnerable, because when workers come together to exercise power, their employer can't rely on middle managers to pressure workers, deal with irate customers, or step in to fill the gap themselves:
https://projects.itforchange.net/state-of-big-tech/changing-dynamics-of-labor-and-capital/
Only by seizing the means of computation, workers and organized labor can turn the tables on bossware – both by directly altering the conditions of their employment, and by producing the evidence and tools that regulators can use to force employers to make those alterations permanent.
(Image: EFF, CC BY 3.0, modified)
Hey look at this (permalink)
- How Italy became an unexpected spyware hub https://therecord.media/how-italy-became-an-unexpected-spyware-hub (h/t Bruce Schneier)
-
AI Copyright Claimed My Last Video https://www.youtube.com/watch?v=LrkAORPiaEA (h/t Naked Capitalism)
-
The fluoride debate https://yourlocalepidemiologist.substack.com/p/the-fluoride-debate
This day in history (permalink)
#20yrsago Disney turns movie screenings into search-and-harass ordeals https://web.archive.org/web/20041125033545/http://www.defamer.com/hollywood/movies/mpaa/piracy-paranoia-part-ii-the-life-aquatic-screening-026073.php
#20yrsago Copyrights are awarded without economic rationale https://archive.is/C6T1R
#20yrsago Ed Felten’s lecture: “Rip, Mix, Burn, Sue” https://www.cs.princeton.edu/~felten/rip/
#15yrsago Associated Press loves fair use (we just wish they’d share) https://tushnet.blogspot.com/2009/11/actually-ap-likes-fair-use-after-all.html
#15yrsago Two US senators demand publication of secret copyright treaty https://www.keionline.org/39045
#15yrsago Conscious “coma man”‘s words seemingly delivered via discredited “facilitated communications” technique https://www.wired.com/2009/11/houben-communication/
#15yrsago TV vs Web: consumption characteristics https://www.nngroup.com/articles/media-velocity-tv-vs-the-web/
#15yrsago EFF sets sights on abusive EULAs https://www.eff.org/issues/terms-of-abuse
#15yrsago Record exec arrested for refusing to send a tweet asking Bieber-maddened crowd to disperse https://www.abajournal.com/news/article/cops_arrest_record_exec_claim_he_refused_to_send_crowd-control_tweet
#10yrsago Handbook for fighting climate-denialism https://skepticalscience.com/Debunking-Handbook-now-freely-available-download.html
#5yrsago California’s housing bubble is spilling over into poor and exurban neighborhoods, creating waves of crises https://www.nytimes.com/2019/11/21/us/california-housing-crisis-rent.html
#5yrsago Elizabeth Warren calls Zuck and Thiel’s secret Trump White House dinner “corrupt” https://www.commondreams.org/news/2019/11/21/warren-raises-corruption-alarm-after-trump-zuckerberg-and-thiel-hold-secret-white
#5yrsago Ecommerce sites’ mobile templates hide information that shoppers use to save money https://aisel.aisnet.org/icis2019/behavior_is/behavior_is/16/
#5yrsago Lawyer’s long, weird sigfile setting out when and whether he’s willing to talk on the phone goes viral https://www.fitsnews.com/2019/10/30/is-this-the-worlds-most-self-important-email-signature/
#5yrsago The Labour manifesto: transformation of the welfare system, fair conditions for workers, universal housing, home care for elderly, fully funded NHS, fair taxes for the rich https://jacobin.com/2019/11/labour-party-manifesto-jeremy-corbyn/
#5yrsago The Lincoln Library executive director got fired for renting Glenn Beck the original Gettysburg Address https://www.cbsnews.com/chicago/news/lincoln-library-director-fired-after-renting-out-gettysburg-address-to-glenn-beck/
#5yrsago I made Wil Wheaton recite the digits of Pi for four minutes, then a fan set it to music https://soundcloud.com/nicholasland/pi-funk
#5yrsago A poor, Trump-voting Florida town opened a government grocery store to end its food desert, but it’s “not socialism” https://www.washingtonpost.com/nation/2019/11/22/baldwin-florida-food-desert-city-owned-grocery-store/
#5yrsago Peak billionaire: a billionaire tries to purchase a party nomination to outflank anti-billionaires so he can run against another billionaire https://time.com/5735384/capitalism-reckoning-elitism-in-america-2019/
#1yrago Thankful for class consciousness https://pluralistic.net/2023/11/24/coalescence/#solidarnosc
#1yrago Don't Be Evil https://pluralistic.net/2023/11/22/who-wins-the-argument/#corporations-are-people-my-friend
Upcoming appearances (permalink)
- International Cooperative Alliance (New Delhi), Nov 24
https://icanewdelhi2024.coop/welcome/pages/Programme -
ACM Conext-2024 Workshop on the Decentralization of the Internet (Los Angeles), Dec 9
https://conferences.sigcomm.org/co-next/2024/#!/din -
IA et “merdification“ d’internet: peut-on envisager un nouveau web? (Remote), Dec 12
https://www.unige.ch/comprendre-le-numerique/conferences-publiques1/cycle-5-2024-2025/ia-et-merdification-dinternet-peut-envisager-un-nouveau-web/ -
ISSA-LA Holiday Celebration keynote (Los Angeles), Dec 18
https://issala.org/event/issa-la-december-18-dinner-meeting/ -
Cloudfest (Europa Park), Mar 17-20
https://cloudfest.link/
Recent appearances (permalink)
- Enshittification: Why Everything Suddenly Got Worse and What to Do About It (HOPE XV)
https://www.youtube.com/watch?v=YrciT_dc2sc&list=PLcajvRZA8E0_tLLEh1COeAv-TcaDna2k1&index=32 -
How To Keep IoT From Becoming An IoTrash (Def Con)
https://www.youtube.com/watch?v=tA7bpp8qXxI -
How Big Tech made Trump 2.0 (Real News Network)
https://therealnews.com/how-big-tech-made-trump-2-0
Latest books (permalink)
- The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).
-
"The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
-
"The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
-
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
-
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
-
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
-
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
-
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books (permalink)
- Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
-
Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
Colophon (permalink)
Today's top sources:
Currently writing:
- Enshittification: a nonfiction book about platform decay for Farrar, Straus, Giroux. Friday's progress: 796 words (87388 words total).
-
A Little Brother short story about DIY insulin PLANNING
-
Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS FEB 2025
Latest podcast: Spill, part four (a Little Brother story) https://craphound.com/littlebrother/2024/10/28/spill-part-four-a-little-brother-story/
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
Medium (no ads, paywalled):
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla