The Giant Analog Stick

Posted on Updated on

Four years ago next month, I backed an omnidirectional treadmill through Kickstarter. I was lucky enough to actually get one through a myriad of shipping delays, eventual cancellations, and an extra $200 in shipping (!).

Despite all of these, mine actually shipped, arriving just two weeks ago. I’ve since posted progress photos of the build and the final setup on Twitter, as well as some of my initial impressions.

This post intends to list what I’ve discovered using this thing, for those that might eventually want to get an Omni or similar device into the future, and whom want a bit more than what tech journalists have to say from using a demo unit.

The Good: It’s a fantastic omnidirectional treadmill and joystick with most games

I’ve been taking daily walks in No Man’s Sky, which has been fantastic for the purpose. My current setup uses a monitor instead of a 3D head-mounted display, mostly to limit the number of wires and the overall cost of my setup.

Even in this limited setup, the Omni is still fantastic to use. To use it, you put on special shoes and walk — at full range of motion — on a low-friction dinner plate. It takes some getting used to, but once I got all the hardware together, it did not take long at all to get acquainted with running around and exercising on the thing daily.

The Omni itself is also, surprisingly, compatible with most Windows games — owing to input mapping with x360ce.* Despite how it markets itself as a “VR treadmill”, there’s no software interaction between the Omni unit and any VR setup. It instead acts as a form of joystick that you array peripherals around.

Surprisingly enough, the most fun I’ve had with this thing is with an inexpensive platforming game named Refunct. I mapped a Switch Pro controller and Omni into a single x360 pad using the correct settings in x360ce’s UI. After a brief bit of twiddling with dead zones to ensure my walking speed mapped well to the games I play, I got up and running — literally — and had a blast.

The Bad: So, about the setup difficulty

As you can probably tell from the nest of jargon and tooling above, the Omni does not work well out of the box. It took me approximately two days of twiddling with wires and software to arrive at a setup that works for me — and that’s without relying on the VR bits at all.

The library of supported Omni games is, at present, very small. Beyond the library of supported games, the “full VR experience” seems to involve elaborate wire-hanging setup and heavy configuration — including x360ce or some input mapper as above, and vorpX to add VR to older games.

The depth of configuration should be considered a barrier to anyone without time or technical expertise to play with Windows DLLs and input or 3D injection libraries. I suspect over time this will get easier, but don’t expect things to just work with this device as it currently exists.

Overall: Great exercise device for the current state of VR

However, this may not be too much of a barrier for people currently investing in VR. For those folks that have the time and money to burn on a full VR setup, or even a partial one like I describe here, the experience is very immersive and intuitive to use once you get it up and running.

As such, this solves a problem: it’s a great treadmill that helps the operator not be bored while exercising. It’s a step (ha!) beyond what one might typically have in a home setup, being about on par with gym or arcade equipment.

But for anyone looking for a simpler or less elaborate exercise setup, it’s probably better to try DDR, StepmaniaWii Fit U, take a jog around the block, or get a gym membership, depending on your exercise needs. All of these are excellent options, at least until you get bored after the hundredth run of the same song or Mii faces on Wuhu Island.

The Omni excels if you’d like to take a jog in a walking simulator and completely forget that you’re still getting aerobic exercise. I can see the Omni really catching on with better support and a hardware revision or two. But for now, unless you have a very specific need you’d like to solve — as I did — it’s possibly better to wait until then.


* I have not tested this setup under Wine, but owing to the fact the Omni maps as a PC joystick and connects to a PC via USB, it’s entirely possible this would work, too.

Fascism is a Political Rootkit

Posted on Updated on

CW: politics.

While performing my daily link roundup to personally research L’Affaire Russe (no affiliation, just being an informed citizen), I stumbled upon this interview on how to prevent Trump from consolidating authoritarian power. While incomplete and dedicated to hawking a book by its interviewee, its primary takeaway is that we are dealing with a fascistic grab for power and should act accordingly. At this point, I think more than sufficient evidence exists to make this claim.

That said, for modern audiences, it’s not entirely clear what a fascist grab for power looks like. Many are aware, for example, of the Reichstag Fire that predated Hitler’s rise to power prior to World War II. Many are similarly aware of what is happening in Turkey right now.

In fact, after World War II, the US War Department put out its own video detailing how Hitler rose to power. Despite its propagandistic nature, it provides a strong parallel to Trump today:


But amidst the disinformation, smoke, and mirrors thrown up by this administration, it’s still difficult to get a grasp from where the final blow will come to our democracy, or whether it will come at all. While considering how to answer this, I realized that ten years in computer security have given me a useful metaphor.

In security, the highest level of compromise of a system is called rooting, so called because of the name of the superuser account on Unix systems. Many applications known as rootkits exist to weaponize and automate this process, not just by gaining root access, but by persisting at this authority level for as long as possible, against the wishes of users of the machine.

This provides a good framework from which to understand fascism. Fascism itself is not just a debased method of government, but also an exploit framework to get there — by repeatedly weakening and exploiting vulnerabilities in a system’s protections against escalation of power, with the ultimate goal of persisting at the highest level of authority possible.

In this model, the damage to the underlying system is incidental to the goal of consolidating authority. It does not matter who or what is harmed, so long as the result is a marginal increase in power and weakening of protections against it.


In this framework, there is no singular deathblow to democracy. Instead, it is death by a thousand tiny cuts — be they calling the media “the enemy of the people”,  inciting violence to silence dissent of authority, or changing the rules of the Senate to chair a complicit judge to the highest court in the country.

The danger is not then the single death blow, but the phalanx of weaker erosions that slowly destabilize democracy and more fully install the fascist into power. And once there, it is the weakening of the system’s own protections to keep the fascist in power indefinitely.

Rootkits and fascists, by their very nature, are very difficult to remove once they have maximum authority. Because each erosion is used as a tool to accelerate future erosions, it is vital to start early, protect the system and fight every attempt to weaken the system’s protections. This means that we are all the blue team in this exercise to protect US democracy from those that would root it.

Of course, it is impossible to fight on all fronts simultaneously. This is why it’s important to specialize: to pick the battles you yourself are adept at fighting, and stick to them to the degree practicable. And remember, this is not a duty you can discharge once and go on your way: you must commit to continuing to protect these systems, as one compromise can mean their destruction.

The primary benefit of being the blue team is you have the system’s resources at your disposal — freedom of assembly, freedom of press, freedom of speech, and the levers of democracy in calling and petitioning your representatives — until those resources are compromised. It is a fight that is predominantly on our side, unless complacency, complicity, or fear of the fascist’s own power take root to convince you otherwise.


So I will leave you with this: as with a rootkit virus aimed at obtaining full authority over our democracy, fight escalation and consolidation of power. Commit to it as often as is possible for you. Share the load. Organize. Resist. Rest. Repeat.

Together, we can protect this republic from those that would see it, and all of us, destroyed for their own power. Let’s do this together. For all our sakes.

Personal: An Emotional Postmortem

Posted on Updated on

This post is deeply personal and is being shared publicly only to allay concerns and miscommunication with my peer group since 2015. Content is unfiltered and may not contain appropriate warnings.

What happened?

In late 2015, I separated from long-term previous roommates, whom will not be named here. The emotional trauma of that separation, contributed to by repeated miscommunication and an aura of suspicion and defensiveness, caused me to have a prolonged, low-grade emotional breakdown that concluded one year later.

This postmortem is to give insight into what happened to me, why I acted as I did, and why I chose to separate myself from my friends as I did, so I can move on with my life and give closure to friends both current and former.

Why are you (the author) choosing to talk about this now?

Because people are still understandably afraid of me after I emotionally collapsed inwards and pulled away from most people I care for. I’ve tried writing this several times before and could not explain it succinctly or well (at current tally, I have over a dozen separate drafts in WordPress alone over the past 12 months).

Emotional issues, especially those of trauma and mental health, even those of temporary emotional breakdown, are difficult to discuss openly without inviting attacks or eroding one’s own credibility.

I feel it necessary I discuss this to help rebuild trust with people I care for. Having one open central document seems like the most efficient method of doing so.

What caused you to emotionally break down?

Extreme suspicion and anger directed towards me in a situation that was extremely socially precarious and, in many ways, toxic. Tension had already been building prior to this occurrence.

After I had been given multiple assurances that I might be moving into a new home with my previous roommates in 2015, a single individual of that collective triangulated me by telling me otherwise, then repeatedly silenced my concerns and dissent.

This led to an extremely unhealthy dynamic of escalating tensions that led to me fleeing my home temporarily (in August of 2015) to relieve social and emotional pressure. This person’s influence also led to my being suddenly and forcefully ejected from an arrangement I believed I was a part of (I would thereafter fall back to my original plan, moving into a house with a different good friend of mine) and a flotilla of rumors about what had transpired. Many of these rumors and speculation centered on my alleged attempts to emotionally harm my then friends, which were and remain flatly untrue.

Several months and one house purchase later, after a long hiatus and separation from friends to let the matter cool, I was invited to attend mutual gatherings of friends whom I had not seen for some time due to the complexity of these issues. To allay potential upcoming social friction, I chose to approach the same individual that had triangulated me before in good faith, to apologize for my part and to own up to my own poor behavior.

This apology backfired. I attempted unsuccessfully thereafter to approach the friends running the gather for advice. When this too backfired due to ongoing unaddressed suspicions from the community, I fled that community — and subsequently emotionally broke down on Twitter, causing friends to (understandably) distance themselves from me further.

Why did you go into hiding?

At this point, I chose to part with my entire community and contingent of mutual friends to give myself space and emotional bandwidth, as well as to distance myself from alleged rumors that I was attempting to cause harm. Full separation seemed to be the best and only course of action here, as any action or inaction on my part could easily be misinterpreted as proof of alleged wrongdoings that I, myself, did not even have full information on.

This was not easy. After assessing the situation at the time, I chose to make this change public. I also chose to provide a private account of what happened to mutual friends, so they could better understand what I was dealing with.

However, I failed to respect just how much I had pushed myself and how much I could emotionally handle. Without the support of my community, with two therapists themselves utterly paralyzed by the complexity of this issue, and with multiple barriers to effectively using a private account, I chose to unpack this issue publicly on Twitter to relieve mounting emotional pressure. This led to my being — understandably! — called out for making the matter public, and directly led to my subsequent temporary resignation from the service for the entire month of September (2016).

Since that time, I have pulled back considerably from most of my friends and chosen to not speak about the matter at all, until I could do so in a manner that was effective. I feel that I have recovered enough emotional stamina to be able to do so here.

Did you really try to [harm anyone’s relationship, take advantage for personal gain, or add rumor here]?

No. In fact, the very allegation is what caused me to back off so much and give people space away from me.

How could this have been handled better?

I’m not entirely sure. More experienced counsel and a process to have handled this within my community would have helped tremendously.

I used every tool I had available to privately and professionally handle this situation. I certainly should not have disclosed it publicly on Twitter — though please understand that the disclosure is an outgrowth of several key communication and procedural failures leading up to what eventually became public.

I choose not to address what could have been done better by other people here. That is their own personal business.

Please forgive me for pulling back so far after accusations of bad faith were leveled at me. To not interfere with an ongoing romantic relationship I was accused of straining, I found it best to sever all ties to prevent any allegations of meddling.

Most importantly: the presumption of good faith was and still is needed. I am terrible at explaining all this, terrible at drama, terrible at complex social relationships, terrible at managing the individual emotional anxieties of a chaotic community, and terrible at emotionally handling being thrown into a triangle dynamic that broke longstanding friendships I cared deeply about. Please understand that I am true to my word and sincerely want my friends to succeed.


For reading this. I’m sure this does not make a whole lot of sense to people not involved, but to those that are, understand that I did my very best here to navigate one of the most socially treacherous situations I have experienced to date.

Please understand, despite all appearances from having pulled away and isolated myself, that I do care. I did not want to make things worse. This is why I chose to step away.

I sincerely apologize to anyone that I scared or made fearful, both for the lead-up and for having publicly emotionally broken down last year. I really did try to do my best. I’m sorry.

With that said, I’m not going anywhere. If any of this is helpful or needs further discussion, please feel free to contact me privately — on Twitter, on Discord, or on Telegram if you already have that contact. If you do not, please feel free to ask for my private contact on public Twitter.

Thank you again for reading.

A Layperson’s Guide to the Trump-Russia Scandal

Posted on Updated on

Content warning: politics, for pretty obvious reasons.

First, some boilerplate: The primary audience for this article is US citizens that desire a synopsis of what is happening in government, as well as for friends looking in from other countries that would like a succinct summary of what is happening in the US, up to this point. For day-by-day reading, I recommend sources like WTF Just Happened Today for a sourced accounting of what we know so far.

Please note that I am not a lawyer, nor do I have any specialized prior or current expertise or knowledge beyond being technically literate and employed in the civilian software industry in the United States. The views and interpretations that follow are my own, do not reflect those of my employers past or present, and are based upon evidence available to anyone. Where possible, links are provided.

Due to its highly mutable nature, Wikipedia is not used in any source for this document.

Welcome to what is likely the biggest political scandal in modern US history. It seems as if every day, some new shred of evidence or metaphorical shoe drops more damning than the last. The evidence is dizzying, almost impossible to keep in context even for American citizens following it daily, and this is before considering the scale of the disinformation campaign being levied both domestically and abroad to muddy its understanding and distort truth.

What follows is my understanding of the information reported so far, according to public documentation available to US citizens and sourcing provided by moderate news agencies in the United States (such as articles from the New York Times and the Washington Post), erring on the side of left-leaning. This does not include far-left or far-right sourcing, nor does it include anything with “alt” in its title, as most “alternative” sources of media cannot be used to cleanly separate conspiracy theory from fact — and in many cases, exist to promote conspiracy theories and misinformation.

Let’s get right to it:

What is the central issue of the Trump-Russia scandal?

The Trump-Russia scandal, often called “Trumpgate” or “Russiagate” due a popular obsession with and striking similarity to the Richard Nixon Watergate scandal, emerged as a result of the hacking of and subsequent leaks from the Democratic National Committee and John Podesta’s private email account during the 2016 US presidential election. In collaboration with the private security firm CrowdStrike, US intelligence officials determined that Russia was responsible for these hacks with “high confidence”, with a Russian affiliated pseudonym known as Guccifer 2.0 taking responsibility for part of the attack.

What is known is that during the election, these leaks were incredibly damaging to the Democratic presidential campaign of Hillary Rodham Clinton, primary opponent to the far-right Republican businessman Donald John Trump. It is widely reported that these leaks contributed to her shocking electoral college loss during the election, despite having a popular vote lead of approximately 2.5 million votes.

At issue IS NOT whether these hacks occurred, nor whether they were the result of state-sponsored actors from Russia; this information has since been widely corroborated by multiple intelligence agencies and private information security and intelligence firms, both domestic to the United States and abroad under Five Eyes surveillance.

At issue IS whether the 2016 Trump campaign knowingly abetted, financially supported, and itself colluded with the same state actors from Russia to swing the 2016 presidential election. Doing so would place them in jeopardy of multiple felonies, though notably not treason as strictly defined, in addition to placing a current sitting president in jeopardy of impeachment and debasing the legitimacy of the 2016 presidential election.

This is especially salient because during the lead-up to the 1972 US presidential election, a similar scheme was carried out by Richard Nixon to bug the Democratic National Committee at the Watergate hotel, leading to his eventual impeachment, as evidence was revealed over the next two years. If proven, this would be the same caliber of scandal, but with the unprecedented additions of modern technology, allegedly laundered financial emoluments, and alleged collusion with a foreign power by a sitting US president and his administration. And this does not speak for the multitude of domestic and private abuses of power waged on the American people over the past 86 days.

The United States Constitution, the US’ central document upon which its government institutions and laws are established, does not define what to do in these cases. While it does specify the terms of impeachment and a chain of command for who should become president under these circumstances, the constitution neither specifies the terms for a new election nor what to do when an entire administration of its Executive branch is subsequently criminally held accountable.

What is a leak, a strategic leak, and how does the press verify them?

A leak in the context of this article is a typically-anonymous release of classified, potentially incriminating, or damaging information without authorization. An example of a leak would be the 1972 release of privileged information on the Nixon campaign by the pseudonymous informant “Deep Throat” (believed today to be W. Mark Felt). This was pivotal to the eventual impeachment and subsequent resignation of Richard Nixon.

strategic leak is a leak with a strategic agenda. In the above example and sourcing, the strategy was proclaimed to be to “‘protect the office’ of the presidency and ‘effect a change in its conduct before all was lost.'”

Strategic leaks do not necessarily need to occur for whistleblower purposes or purposes that protect the public good. It is widely assumed, for example, that Donald J. Trump may have leaked two pages of his own 2005 tax returns in an effort to discredit the ongoing investigation. Wikileaks was also claimed just yesterday to be a “non-state hostile intelligence service often abetted by state actors like Russia” by CIA Director Mike Pompeo, despite his own support of the service one year prior.

The press generally uses these leaks as starting points for broader investigative journalism. Depending on the news outlet, these are scrutinized to varying degrees, including attempts to verify the credibility of document sourcing, cited evidence, and supporting evidence brought to light by the presence of new information. In general, the more evidence, the better, with anonymity neither crediting nor discrediting the veracity of the evidence presented.

We can thus understand that a leak is not itself factual evidence. It is up to the verifiable evidence presented within that leak, the procedures under which that evidence is carefully scrutinized by its recipient, and any supporting evidence that it brings to light to determine the efficacy and veracity of the data presented. In a real sense, this means news agencies must act as scientists to verify the factual basis for evidence presented to them — with varying degrees of success.

An additional impact of a leak is it is an ipso facto declassification of that information. Especially if the information is highly classified or typically never seen by the public (such as the FISA warrant on Carter Page), this has the impact of making the information public and, thus, potentially admissible to legal proceedings that follow.

What is open-source intelligence (OSINT)?

Open-source intelligence is information derived from publicly available sources. This is the information you find in Google, find in the library, and find in reading online publications and social media like Twitter.

This article only uses these open materials, both because I do not have access to any privileged information, and because so much of this information has been placed in the public eye in a very short period of time.

The Christopher Steele Dossier

One of the largest and most controversial developments in the Trump-Russia scandal came in January with the release of a 35-page dossier to BuzzFeed News by the former MI6 intelligence officer Christopher Steele.  Also known as the “golden showers” dossier for its salacious personal information about Trump himself, this dossier implicates multiple individuals of the Trump campaign as having colluded with Russia. Many of the claims present in the dossier have yet to be publicly substantiated, despite at least one key claim having been reportedly verified by US officials and circumstantial evidence supporting its claims about a 19.5% sale of Rosneft.

In the ensuing mêlée of leaks that followed parallel to this dossier, it was discovered that Trump national security advisor Michael Flynn had discussed sanctions with Russian ambassador Sergey Kislyak before the Trump campaign took office. This quickly led to his resignation, as well as a broader inquiry into meetings with Kislyak by other members of the Trump campaign (useful infographic here).

The Steele dossier and the leaks subsequently following it blew the entire investigation of the Trump campaign open between January 10th and February 13th of 2017, notably surrounding Trump’s January 20th inauguration. Damaging leaks would continue in subsequent months, up to and inclusive of the present day (and presumably, into the days and weeks that follow this summary article).

Who are the key players implicated in the Trump-Russia scandal?

Ignoring Donald J. Trump himself (whose connections are cited at the end), the key players in the scandal follow. Because an incredible amount of information continues to come out about this scandal daily, these are covered in alphabetical (instead of chronological) order:

  • Michael Flynn, now-former National Security Advisor
  • J.D. Gordon, former foreign policy advisor and Pentagon spokesman, and former national security advisor to the Trump campaign
  • Jared Kushner, son-in-law (married to Ivanka Trump) and senior advisor to Trump
  • Paul Manafort, former campaign manager for the 2016 Trump campaign
  • Carter Page, oil industry consultant and former Trump advisor
  • Wilbur Ross, former US investor and politician, now US Secretary of Commerce
  • Jeff Sessions, former politician and lawyer, now US Attorney General (who lied under oath at his own confirmation hearing)
  • Roger Stone, Republican lobbyist with alleged private contacts to Guccifer 2.0
  • Rex Tillerson, former ExxonMobil chairman and CEO, now US Secretary of State
  • Donald Trump, Jr., son of the president and one of the trustees of the Trump estate

You can find an approximate list of their involvement in the ongoing scandal here.

Other notable names adjacent to the scandal that you may also hear (appearing in no particular order):

In short: it’s a fucking mess.

What about Donald Trump?

In addition to all of the links cited above, it was recently discovered that Paul Manafort received $13 million in loans from two of Trump’s businesses after Manafort’s ties to Ukrainian money laundering emerged. This would potentially place this payment by Trump in violation of the Foreign Corrupt Practices Act, with Manafort later registering as an agent of a foreign power.

This places criminal proceedings onto a stack of already voluminous evidence for impeachment before Trump even took office. It also establishes a direct link between Trump himself and aiding and abetting the hacking of the 2016 election, given Manafort’s involvement in the Trump side of the 2016 hacking (as alleged in the Steele dossier).

Needless to say, if proof of the relevant Steele dossier claims is established, it would mean that the Trump campaign itself, including Trump himself, were directly involved in the 2016 DNC and Podesta hack.

And for all of the reasons listed above: that’s a pretty big deal.

What motivated this scandal? (OR: why did this insanity happen in the first place?)

In extreme brevity: money and power.

While speculation rages about the palace intrigue of connections and factions in the ongoing scandal and its investigation, nearly all ties point back to the US side being corrupted by financial self-interest and consolidation of power. On the Russian side, the motivation appears to be destabilization of Western order to further its own political agenda, including protecting its interests as a petrostate.

And these are only the motivations observed or speculated so far: it’s very likely additional motivators will be found as the investigation continues.

What about Vice President Mike Pence?

Of all of the individuals involved in the scandal, almost nothing is said of Pence. However, given his direct involvement in the Trump campaign and his decisions to confirm many of the individuals listed above, charges of conspiracy are very likely.

Given the illegitimacy of the 2016 election should any of the above evidence turns into indictments or convictions, his political career is also likely to be over when the Trump-Russia scandal breaks, regardless of whether any criminal charges stick.

What about Hillary, Bernie, Stein, or [your favorite candidate here]?

I’m not touching that with a 100 foot pole.

Regardless of which running candidate was your favorite, I would argue that the Trump-Russia scandal overshadows the entire election proceedings. What if scenarios about other candidates are of far less importance at the present time.

Why are you (the author) writing this?

Mostly, to keep my own facts and evidence straight and so I can save the energy of explaining this individually to friends and family. If you find this post useful, feel free to share it widely.

Note that I’m putting myself at risk here if this administration outpaces attempts to hold it accountable. Should that occur, further attempts to suppress the truth are likely. Exercise extreme caution if this post disappears from the public Internet before the ongoing scandal concludes.


To you for reading this, and also to the many, many, many investigative journalists and other individuals sharing these articles on social media.  The strongest resistance begins with championing corroborated facts and evidence that get us as close to the truth as possible. Thank you to everyone out there fighting the good fight.

Edit: the original version of this post erroneously stated the leaked tax return pages as originating from 2015. They are from 2005.

How to: escape LiveJournal

Posted on Updated on

A few months ago, LiveJournal moved its main servers to Russia. Its community noticed. Now, they’ve changed their ToS in ways that will probably make you rethink keeping a blog with them.

One of the easiest ways to get off the platform is to migrate to Dreamwidth. Some, however, may desire to take the extra step of archiving their content offline, be it to keep a backup, enable easier searching, or just plain not risk their data with a new owner.

For this, I recommend ljdump, which still seems to be maintained and is very simple to use. Note that you will need to download Python. Basic proficiency on the command line to use this tool is helpful, though a GUI is also available on the project’s Github page.

Alternatively, you can also use simpler tools from the command line if you feel so inclined. Wget is a good option (ie, wget –mirror, but may be a bit cumbersome for users that want a friendlier tool, especially for getting the cookies necessary to log in for private comments.

Here are some additional archiving resources (helpfully linked by siderea):

PS: I have chosen to delete my personal LiveJournal account as of today, as I ceased posting to it some time ago. You can find its old content over on Dreamwidth.

The blog you are currently reading, of course, is where I will continue to post new content.

A Quick Primer on the recent FCC Ruling Clusterfuck

Posted on Updated on

Disclaimer: while I am a software engineer variably-employed in computer security, I am not a lawyer. Please take any legal opinions posted here with a grain of salt. Avoid anything legally hazardous without speaking with a lawyer. This document also represents my own personal views, instead of those of my employer, et cetera.

Note, especially for non-US citizens: the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are separate US federal agencies. These are not used interchangeably.

Yesterday, our 45th president approved Senate Joint Resolution 34, repealing last year’s FCC order for consumer privacy for broadband and other telecommunications services that themselves followed this 2015 ruling. These documents are a lot to take in, and there is an incredible amount of misinformation about their impact, so let’s break down what this means.

The 2016 FCC order, which would not have been in effect until later this year, would have resolved an open legal question in common carrier law. Specifically, when the FCC began treating broadband and other Internet service providers as “more like telephone networks [that] could be regulated as ‘common carriers'”, it created a situation in which the FTC no longer had jurisdiction to govern the companies that now received this designation. As FTC lawyers would later state, this problem is “especially severe in the area of consumer data privacy”, as this created a vacuum within which previous rules around privacy did not apply.

In other words, by getting common carrier designation, service providers such as AT&T, Xfinity, Spectrum, and Verizon were suddenly able to work around FTC laws previously governing their sharing of private consumer information. The now-rejected 2016 order would have explicitly covered by late 2017:

  • Financial information
  • Health information
  • Social Security numbers
  • Precise geo-location information
  • Information pertaining to children
  • Content of communications
  • Web browsing history
  • Application usage history, and the functional equivalents of web browsing history or application usage history
  • VoIP and other voice service call data

Needless to say, this is a big deal. Not just because these service providers will now lack explicit guidance and regulation in an area of legal ambiguity, but also because they can share subsets of this information for marketing and profit motivation today. The removal of this 2016 order also shelves any attempts companies would have made for compliance before the deadline, and in some cases, may actively encourage these providers to become worse.

The main problems with having these data available for paid sharing and marketing purposes — even if you believe you have “nothing to hide” — are twofold. First, these data are being collected in ways that may be sensitive to attack or breach across a very large attack surface (and thus, subject to breach from a large number of service providers). Second, many of these data can be used for identity theft, real-world stalking behavior, or as we are learning with a growing body of evidence, used to help swing a presidential election through propaganda tailored to individual consumer biases. And these are just top-of-mind scenarios of potential abuse.

If you especially care about any of these outcomes, here are a few things you can do about it:

  1. At a minimum, follow this guide by Matt Kiser. Setting up two-factor, using separate passwords per service, always using HTTPS (or just plain TLS), and blocking third party content and ads solves most of the problem of background collection of your information. As noted in the guide, you can do much more. Tune as necessary.
  2. Request your own records. While it is unclear how ISPs will implement their own data sharing procedures in the FTC vacuum, you can request these records from many other businesses today to get an idea of what they might look like. (Note: this is a 2010 article containing dead links, so you may need to search for the correct ones).
  3. Set up a credit freeze to preemptively protect yourself from identity theft.
    • The positive: this makes it substantially more difficult to turn leaked personally identifying information into a credit disaster.
    • The downside: secondary verification to obtain credit is a pain, often requiring paying a small fee and a pin to have the freeze temporarily lifted.

Note that in addition to the big three (Experian, Equifax, and TransUnion), Innovis is a fourth bureau also worth freezing. While you’re at it, you may want to also opt out of prescreened credit to save yourself on junk mail.

Many people have proposed that this change means you must also set up a VPN if you live in the United States. This is flatly untrue, and in many cases can cause more harm than good if the VPN service you choose has worse data hygiene or sharing policies than your home ISP. However, having these options available in the event they are needed is exceptionally handy, especially if you are concerned about passive collection of DNS traffic or if things get worse than they are today.

Should you opt to set up a VPN for general use or in case of emergencies, I strongly recommend first reading this short primer by the EFF. With the possible exception of Tor, steer clear of free providers: as they say, when the service is free, the product is typically you.

I’ve chosen NordVPN for the time being, based on their low cost, generally favorable reviews, large server presence, strong privacy, use of OpenVPN, excellent configuration guides (including router guides), and ability to accept Bitcoin. But as always (and especially as this guide ages), make your own decisions based upon your own needs.

Typically, VPN providers will give you a client that runs from your desktop computer, laptop, or phone automatically. This is handy if you have a very small number of devices that you wish to connect, and is in many cases the easiest option to start using a new provider on a personal machine.

However, for connecting a large number of devices or providing the connection to an entire household, I recommend buying a cheap wireless router that supports DD-WRT (FTP containing most recent builds from 2017). Doing so allows you to connect devices to the VPN “on the fly”, while performing configuration only once.

In my case, I set this up in a few hours using a WRT54G v2.0 that I bought from a thrift store for $5. For most, a similar setup is viable as a weekend project with very little financial investment.

If you do opt to go this route, make sure to carefully read the installation guides and make sure that your router has enough available storage space for DD-WRT’s VPN build, which will come with OpenVPN preinstalled. Setup is typically GUI-driven, and once you have DD-WRT set up, setting up a VPN tunnel can be as easy as following a guide depending on your provider.

Comments are disabled, but please let me know on Twitter if this guide helped you or if you have any questions or comments.

Of Kink Culture and Consent

Posted on Updated on

Content warning: discussion of abuse in online and kink communities

Lately, the shift in online discourse on Twitter, due primarily to goings-on in America, has made it much easier to talk about and share cautionary stories of abuse. While these goings-on in Washington D.C. remain and continue to be abjectly horrible, a side effect of this is lots, and lots, and lots of very useful resources that have been published about how to identify, mitigate, and dismantle the mechanics of abuse, particularly by those that hold power.

One such article was recently shared by Eve Rickert and Franklin Veaux about abuse in the BDSM and poly communities. While this post is by no means political, it resounds with my own experiences — primarily in kink and kink-adjacent communities in the furry fandom over the past 10 years. Having been party to or adjacent to my own share of fallings-out in these communities, when I see a post like this one cross my feed about abuse in the TF (transformation roleplay) community, it feels all too familiar.

The very concept of entitlement to another person, as Franklin puts it, seems incredibly strange when put in black and white. And yet, this is exactly what happens. It can be seen in toxic male culture, in toxic political culture, and in many many many retellings of abusive relationships. And, when this entitlement meets kink or kink-adjacent communities, especially ones with implied or undefined models of consent, it’s a recipe for major consent violations and abuse that follows, both online and off.

Let’s talk about Rainfurrest for a moment.

Rainfurrest was, and possibly historically remains, one of the most open furry conventions to kink communities. This was, to many, one of its greatest strengths. From the perspective of inclusiveness, of these communities and many, many others, RF was fantastic.

However, RF paired this inclusiveness with not paying attention to abuse within its communities. Without direction, this vacuum was slowly filled by increasingly destructive and entitled individuals year over year — not just destructive towards other con goers, but also to the physical property of the convention space. This lack of enforcement against openly destructive behavior ultimately helped shutter the convention.

I’ve seen this pattern in other communities, both in reinterpreting why they failed to identify and adequately handle abuse, and in why these communities ultimately split based on willingness to tolerate entitlement. Each story has eerie similarity in how a pattern of consent violations belies entitlement by individuals. groups, or even entire communities, and how this contributes to abuse that follows.

This post is not meant to resolve or air grievances about particular communities. Rather, I will stop here and say to survivors and to those experiencing this daily: this situation is common. You are not alone if you have experienced the gaslighting and bystander effect of a community built on a sense of entitlement, especially if you are a woman and/or part of the LGBTQIPA+ or kink communities.

Here’s a summary of links interwoven into the document above that might be helpful in identifying, understanding, and making a safe exit from communities that grow too toxic. I wish I’d had many of these articles years ago:

  • Understanding and handling abuse (1, 2)
  • Definitions (gaslighting, bystander effect)
  • Supporting articles, sexism (1, 2)
  • Supporting articles, politics (1)
  • Supporting articles, kink and kink adjacent (1, 2, 3)

With unending gratitude to the many, many people whom have shared these articles over the past several months. Thank you for continuing to be awesome.

(My thoughts on what to actually do about this, in re, how to build communities that are resilient to these issues, are not yet defined. Hopefully, these articles also provide some insights towards that end.)