The Great Lockout: Online "Account Eviction" as a Business Model
It's an irony of our time that the excessive "account security measures" so aggressively pushed by Surveillance Valley, have proved more likely to lose you your account than protect it against hackers. But is the "account protection" scam just a data/control grab, or is locking us out of our rented cyberhomes actually part of the plan?
First we thought they were trying their best. Then we thought they needed to try harder. Then we thought they were grossly incompetent. And now?… Well, now it's slowly dawning on us that for many years, the cybertech giants have been breaking their products on purpose.
Forced implementation of a system which will blatantly increase the odds of a user losing their account, suggests that the intention is, in fact, FOR THE USER TO LOSE THEIR ACCOUNT.
It's been hard for us to comprehend that a commercial enterprise would deliberately make a product worse. I mean, why replace a process that requires two mouse clicks, with a process that requires fourteen mouse clicks? And why would we, the userbase, tolerate that?
Well, fourteen mouse clicks produces a lot more data than two mouse clicks, and data is money, so there's a very clear imperative from the viewpoint of the tech business.
Tolerance, meanwhile, is always a balance of options. If there's no alternative, our tolerance can be near infinite. And monopolists, as we've seen, are very good at making sure there's no alternative. In the past, rivals had to compete for business on the quality of their products or services. But here in the age of oligopoly, there's no incentive for providers to compete. Even when we're paying, we're treated much more like slaves than customers. We're no longer wooed. We're bought, sold, threatened, extorted and imprisoned.
The fact that corporations can flat-out steal people's money or property, and the police won't make an arrest, tells us we've entered a truly frightening era of corporate anarchy.
And when we're no use as slaves? Well, maybe the plan is to digitally evict us. To lock us out of the homes we made on an oligarch's turf, with no right of appeal or review. The landlord hides, uncontactable, behind a wall of weasel words, as the digital-worldly goods our rented homes contained, are confiscated for sale, resale, and re-resale.
LOGIN AS A DYSFUNCTION
It's not hard to see why Big Brother would be so aggressive in pushing increasingly intrusive and oppressive login methods. Setting up as arbiter-in-chief, at an identity checkpoint in front of vital public resources, is just about the most obvious way of starting an unelected, global dictatorship - which has been Surveillance Valley's goal for many a year.
Strong, secret passwords are totally safe. Industry standard limitations on login attempts prevent passwords from being brute forced. The reason cybertech fascists want rid of passwords is that they empower us to control the amount of personally identifying information we hand over. Big Brother wants to take away that control. Bullshit like 2FA, 3FA and biometric auth are the brainwashes it's using to seize the autonomy we previously had, and mandate ID checks where they're entirely unnecessary.
It plays into the classic Big Brother trope of an authoritarian evil having to know everything about us, and ultimately, exploiting that information against us.
But in much the same way that search engines, a few years ago, had us wondering if they were deliberately hiding what we searched for, logins have begun to raise the question: do these companies actually intend to lock us out of our accounts? Are they making logins so difficult to maintain in the longer term, that losing access to our accounts becomes inevitable? Our hunch about the search engines proved well-founded. Will we be right about the logins too?
A LOGIN IS NO LONGER FOR LIFE
One of the most compelling elements in the theory that logins are deliberately being made too conditional to satisfy beyond the short term, is the confiscation factor.
When we lose access to an online account - effectively a home we're renting - the landlord gets to "keep the furniture". We can no longer delete our content, our data… The account drops into a grey area in which the service provider can feasibly blame us for the fact that they stole our possessions. If we lose our means to log in, it's considered to be our fault. But if the service provider is imposing login conditions against our will - conditions we may for a variety of reasons be unable to satisfy - then the loss of access is being imposed on us by the landlord.
For example, on Twitter, Chad Loder drew attention to the plight of unhoused people, whose phones are stolen at an extremely high rate, and against whom enforced, phone-based 2FA is a literal weapon. For someone in that position, 2FA can make the projected lifespan of an online account very short indeed. It's vastly more likely that some people will lose an account with 2FA than an account protected solely by a password they can remember. They know that, but are powerless to mitigate the problem because tech providers are forcing them to log in under conditions they can't maintain.
We know at least some reasons why providers are heavy-handed in pushing these unnecessarily complex and gatekeeper-dependent login schemes. But force? Actual force?…
Forced implementation of a system which will blatantly increase the odds of a user losing their account, suggests that the intention is, in fact, FOR THE USER TO LOSE THEIR ACCOUNT.
And tech giants absolutely do use force. I have an old Paypal account which, thankfully, I never got as far as connecting with a bank account. It now has 2FA on it, which I never asked for or set up. I can't log into the account without phone verification via a landline number, which I naively entered when setting up the account many years ago. Paypal weren't even suggesting 2FA back then.
I won't go through their bullshit phone verification charade, and that means I can't even access the account to delete it. I considered verifying the number and then deleting the account, but those fascist assholes never really delete your data anyway, so all I would have done is hand them a tidy little ID rubberstamp for the data brokers. Without verification, the account could be fake, and that's the way I'm leaving it. I put Paypal's emails on block and left the account for dead. But had there been money in that account, and I'd lost/changed my landline number, I'd have been just one more addition to the long list of people who Paypal has literally robbed in broad daylight.
CORPORATE ANARCHY
The fact that corporations are able to flat-out steal people's money or property, and the police won't go round and arrest them, tells us we've entered a truly frightening era of corporate anarchy. An era in which the public can be, and indeed are being, terrorised by anyone with serious wealth. Theft is a business model in Silicon Valley, and we're only just beginning to see the devastation that mass, above-the-law crime causes to society. But to stay within the bounds of this post's title, how big a problem will "account-eviction" become in the longer term?
A limitation on login attempts is the REAL second factor that makes a strong, secret password totally secure.
The short answer is: as big a problem as we allow it to become. We should all now be considering the odds of login ambushes, in which demands are made at the doorstep of our rented digital homes. Higher rents, in the form of either money or data, Or demands for commodities we can supply at present, but may not be able to supply in future.
What happens if Musk paywalls the whole of Twitter and we're not prepared to pay? Do we "lose the furniture"? What happens? We don't know. Which is why, since that prospect hit the street, I've deleted all but one of my Twitter accounts. The single account that remains is locked, and does not reference my identity. I can deal with it if I lose access.
Similarly, when Google began vowing to force 2FA upon users, I moved all of my correspondence out of Gmail, and shut down my use of Adsense. When Github jumped onto the same bandwagon I closed two accounts, wiping out a range of popular musical software downloads which have amassed hundreds of thousands of blog visits.
FIGHT THE FIGHT
I know it's difficult to let important achievements go, or to migrate a load of contacts across to another service, but seriously, stop fucking caving in every time these assholes crack the whip, and they will stop doing it. And better still, distribute your presence across a wide range of services, so that when someone does start making threats, you can tell them to pound sand with minimum disruption to your life.
ON GUARD
In my opinion, some tech giants really do seek to withdraw access to online accounts for some user types. This might include inactives, anons, or very especially, financial customers with positive balances. Inactives have been an acknowledged target for account closure for decades, so we know deliberate zapping is a thing. What we don't know, is how many target groups there are.
But anecdotally at least, we're seeing more people being locked out of online accounts in a way that allows the service provider to dodge responsibility. In a way that looks like it's the user's fault. And the increase in that type of "eviction" conforms to two observations…
- The increase appears to be exponential.
- Most ironically, its rise in our culture aligns closely with the rise of the narrative that "passwords are not secure".
Strong, secret passwords are secure.
And more than that, they give us complete autonomy over the amount of personal information we wish to provide. Don't fall for Surveillance Valley's nauseatingly repetitive scare tactics. They've made a career out of telling us our security is inherently at risk, when the real risk to our security is their unnecessary hoarding of our personal data.
The endgame with Passkeys is for Surveillance Valley to mine your fingerprints and sell them to the police. You may not care, and you may think that fingerprint logins are 100% unhackable, and you may think that once you have your fingerprint login set up, you'll never have to worry about losing an account again.
But as the age of quantum computing dawns, the only thing that will really make accounts unhackable is the thing that's made them unhackable for as long as we can remember. A limitation on login attempts - the REAL second factor that makes a strong, secret password totally secure. And if you think for one second that once those grasping tech overlords have your fingerprints, that will somehow be enough for them, I fear you are very much mistaken.
As long as Surveillance Valley wants a new piece of data, there will always be some "security risk" they can present as an excuse for demanding it with menaces.
Stop giving in. Not tomorrow. Do it now. The burglary is in progress, but there's still a lot more to take. Why wait until they've swagbagged everything before saying enough is enough?