The Apple Wiki is a community effort to document Apple’s amazing devices and software. We hope to pass this information on to the next generation of hackers so that they can go forth into their forebears’ footsteps and break the ridiculous bonds Apple has put on their amazing devices. You can contribute here, just create an account. Currently there are 3,471 users, with 6,085 articles (and 56,735 key pages).

The recent federal raid on the home of Washington Post reporter Hannah Natanson isn’t merely an attack by the Trump administration on the free press. It’s also a warning to anyone with a smartphone.

Included in the search and seizure warrant for the raid on Natanson’s home is a section titled “Biometric Unlock,” which explicitly authorized law enforcement personnel to obtain Natanson’s phone and both hold the device in front of her face and to forcibly use her fingers to unlock it. In other words, a judge gave the FBI permission to attempt to bypass biometrics: the convenient shortcuts that let you unlock your phone by scanning your fingerprint or face.

It is not clear if Natanson used biometric authentication on her devices, or if the law enforcement personnel attempted to use her face or fingers to unlock her devices. Natanson and the Washington Post did not respond to multiple requests for comment. The FBI declined to comment.

Natanson has not been charged with a crime. Investigators searched her home in connection with alleged communication between her and government contractor Aurelio Luis Perez-Lugones, who was initially charged with unlawfully retaining national defense information. Prosecutors recently added new charges including multiple counts of transmission of defense information to an unauthorized person. Attorneys for Perez-Lugones did not comment.

The warrant included a few stipulations limiting law enforcement personnel. Investigators were not authorized to ask Natanson details about what kind of biometric authentication she may have used on her devices. For instance, the warrant explicitly stated they could not ask Natanson which specific finger she uses for biometrics, if any. Although if Natanson were to voluntarily provide any such information, that would be allowed, according to the warrant.

Andrew Crocker, surveillance litigation director at the Electronic Frontier Foundation, told The Intercept that while the EFF has “seen warrants that authorize police to compel individuals to unlock their devices using biometrics in the past,” the caveat mandating that the subject of the search cannot be asked for specifics about their biometric setup is likely influenced by recent case law. “Last year the D.C. Circuit held that biometric unlocking can be a form of ‘testimony’ that is protected by the 5th Amendment,” Crocker said. This is especially the case when a person is “forced to demonstrate which finger unlocks the device.”

Crocker said that he “would like to see courts treat biometric locks as equivalent to password protection from a constitutional standpoint. Your constitutional right against self-incrimination should not be dependent on technical convenience or lack thereof.”

Related

Crossing the U.S. Border? Here’s How to Protect Yourself

Activists and journalists have long been cautioned to disable biometrics in specific situations where they might face heightened risk of losing control of their phones, say when attending a protest or crossing a border. Martin Shelton, deputy director of digital security at Freedom of the Press Foundation, advised “journalists to disable biometrics when they expect to be in a situation where they expect a possible search.”

Instead of using biometrics, it’s safest to unlock your devices using an alphanumeric passphrase (a device protected solely by a passcode consisting of numbers is generally easier to access). There are numerous other safeguards to take if there’s a possibility your home may be raided, such as turning off your phone before going to bed, which puts it into an encrypted state until the next time it’s unlocked.

That said, there are a few specific circumstances when biometric-based authentication methods might make sense from a privacy perspective — such as in a public place where someone might spy on your passphrase over your shoulder.

The post Washington Post Raid Is a Frightening Reminder: Turn Off Your Phone’s Biometrics Now appeared first on The Intercept.

Today’s links

• Threads’ margin is the Eurostack’s opportunity: Move fast and break kings.
• Hey look at this: Delights to delectate.
• Object permanence: Frank Chu; MPAA x TSA; Flint truths; Pastel Q; Bernie meme.
• Upcoming appearances: Where to find me.
• Recent appearances: Where I’ve been.
• Latest books: You keep readin’ em, I’ll keep writin’ ’em.
• Upcoming books: Like I said, I’ll keep writin’ ’em.
• Colophon: All the rest.

Threads’ margin is the Eurostack’s opportunity (permalink)

OG App is the coolest app you’ve never heard of. Back in 2022, two teenagers unilaterally disenshittified Instagram by making an “alt-client” that restored all the parts of Insta that made it a success and blocked all the antifeatures that Meta crammed down users’ throats after they had them locked in.

Here’s how OG App worked: first, it popped up a browser window and loaded the Instagram login screen. Then, after you’d logged into Insta, it stole the “session key” (the cryptographic proof that you were logged into your account). That let it impersonate you to Insta’s servers, and slurp down the whole feed that Insta had queued up for you.

After grabbing your feed, OG App deleted all the ads, all the slop, all the boosted content, all the months-old clickbait that The Algorithm (TM) had surfaced. What was left was pristine: the posts from people you followed, in reverse-chronological order. To make this all even sweeter, OG App sent no data back to Meta as you used it, except for the likes and comments you intended to transmit to the company. All the other data that Meta’s apps gather got blocked: everything from your location, to which posts you slowed down your scrolling on, to accelerometer readouts that revealed minute changes in how you hold your phone from second to second.

Boy did people like this! By the end of the day, OG App was in the top ten charts for both Google and Apple’s app stores. By the next morning, it was gone. Meta sent a takedown notice to the app store duopoly and they killed OG App on its behalf (there is honor among thieves):

https://techcrunch.com/2022/09/27/og-app-promises-you-an-ad-free-instagram-feed/

The funny thing is, the OG App creators were just following the Facebook playbook. When Facebook opened up to the general public in 2006, it had the problem that everyone who wanted social media already had an account on Myspace, and all of Facebook’s improvements on Myspace (Zuck made a promise never to spy on his users!) didn’t matter, because Myspace had something Facebook could not match: Myspace had all your friends.

Facebook came up with an ingenious solution to this problem: they offered Myspace users a bot. You gave that bot your Myspace login credentials (just as OG App did with your Insta credentials) and the bot impersonated you to Myspace (just as OG App did with Insta), and it grabbed everything queued up for you on Myspace (just as OG App did with Insta), and then flowed those messages into your Facebook feed (just as OG App did with Insta).

This was very successful! Users didn’t have to choose between their friends on Myspace and the superior design and privacy policies of Facebook. They got to eat their cake and have it, too.

This is actually a very old and important pattern in tech. It’s what “move fast and break things” looks like when it’s actually disrupting sclerotic and decaying companies that lock us in, take us for granted, and treat us like shit. It’s what Apple did when they cloned the MS Office file formats and released iWork, whose Pages, Numbers and Keynote let Microsoft users escape from the prison of Windows and bring their documents with them:

https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay

But like every pirate, the tech companies dreamed of being admirals. Once they’d attained the admiralty, they announced that when they did this stuff, it was progress, but if anyone does it to them, it would be piracy.

What’s more, they were able to take advantage of a metastasizing blob of IP laws that the US Trade Representative spread around the world (with threats of tariffs for noncompliance). Soon, nearly every country had enacted laws that made it a literal crime for their entrepreneurs and technologists to fix America’s defective tech exports by adding privacy tools, bridging old services into new ones, or reading and writing America’s ubiquitous proprietary file-formats:

https://pluralistic.net/2026/01/01/39c3/#the-new-coalition

For decades, this system was immovable. The world couldn’t afford tariffs on its exports to the USA, and it was able to maintain the pretense that America’s platforms were trustworthy neutral parties, that would not be weaponized against their own national interest at the behest of the American state.

Obviously, that is dead now. Donald Trump, debilitated by white matter disease and his endemic incontinent belligerence, has flipped the table over in a poker game that was rigged in his favor because he resented having to pretend to play (TM November Kelly):

https://pluralistic.net/2026/01/26/i-dont-want/#your-greenback-dollar

EU member-states are minting new “digital sovereignty” ministries as fast as they can print up new business cards, the EU itself has just appointed its first “Tech Sovereignty, Security and Democracy” czar:

https://commission.europa.eu/about/organisation/college-commissioners/henna-virkkunen_en

They’re building the “Eurostack,” a fleet of EU-based data centers that will host free, open, auditable, trustworthy equivalents to the US tech giants’ offerings:

https://pluralistic.net/2025/06/25/eurostack/#viktor-orbans-isp

But Eurostack is about to run into a wall: Article 6 of the EU’s own Copyright Directive, which prohibits reverse-engineering and modification of tech products. It’s a law that the US Trade Rep lobbied hard for, winning the day by promising tariff-free access to the US for Europe’s exports (a promise Trump has now broken):

https://pluralistic.net/2025/10/15/freedom-of-movement/#data-dieselgate

So long as Europe continues to hold up its end of this one-sided bargain, it will not be able to create the reverse-engineering based tools to let EU companies, governments and households get their data out of US tech silos, let alone let them build and enjoy successors to OG App, which will make it easy for them to leave US social media without sacrificing contact with the people who matter to them.

Which brings me to Threads, Meta’s latest social media network. Threads is built on Activitypub and Mastodon, these being open/free, auditable and trustworthy protocols, designed to support “federated” social media. That’s social media that runs on servers managed by lots of different entities, whose users can all connect to one another no matter which server they use. Meta was clearly excited by the prospect of enclosing and conquering this open upstart, but also nervous at the prospect that its users would find, in federation, an easy path to escape from Meta’s clutches.

After all, if you can leave Threads and join a non-Meta Mastodon server without losing contact with the people you followed and were followed by on Threads, then why wouldn’t you leave? Mark Zuckerberg’s users don’t like him – they just hate him less than they love the people they are in community with on Zuckerberg’s platforms.

So Threads never really joined the Fediverse. You can’t quite follow and be followed by Mastodon users, and you can’t quite migrate your account off Meta’s servers and onto a better one. Zuck and his lieutenants are keenly attuned to any design that drives high “switching costs” for leaving their services, and they exploit these switching costs to figure out just how much pain they can inflict on users without risking their departure:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

So now they’ve started to turn the screws on Threads users. They just announced a global program of Threads enshittification, with a promise to cram ads into the eyeballs of every Threads account:

https://www.contentgrip.com/meta-threads-ads-go-global/

This represents a hell of an opportunity for the EU and Eurostack. Meta’s ads are wildly illegal in the EU, violating Europe’s landmark privacy law, the GDPR. The only reason Meta gets away with its flagrant lawbreaking is that it has captured the Irish state, and uses legal tricks to force all GDPR enforcement into Irish jurisdiction:

https://pluralistic.net/2025/12/01/erin-go-blagged/#big-tech-omerta

People hate ads. More than half of all web users have installed an adblocker (which also protects their privacy). It’s the largest consumer boycott in human history:

https://doc.searls.com/2023/11/11/how-is-the-worlds-biggest-boycott-doing/

But no one has ever installed an adblocker for an app, because reverse-engineering apps and the mobile platforms they run on is illegal under laws like Article 6 of the Copyright Directive. As a result, tech companies – especially US giants, who can violate EU law with impunity – love to enshittify their apps, because they know that no one can do unto them as they did unto their own rivals (like Myspace).

Meta’s new ad strategy for Threads is the perfect cue for a European repeal of Article 6 of the Copyright Directive. Procedurally, this is a great moment for it, as the EU is finalizing the Digital Fairness Act, which could include an exemption to EUCD 6 for privacy-enhancing technologies:

https://www.europarl.europa.eu/legislative-train/theme-protecting-our-democracy-upholding-our-values/file-digital-fairness-act

Giving Europeans an effective way to push back against Meta’s wholesale violation of their rights is a way that the Eurostack can score popular support right now – not in five years when the new data centers come online. It’s a way of improving the lives of Europeans in immediate, concrete ways, rather than asking them to be grateful that some ministry has changed cloud providers – an important change, sure, but one that has no real impact on their daily lives.

What’s more, legalizing jailbreaking for the purpose of making Threads alt-clients wouldn’t just give Europeans a better social media experience – it could bootstrap European social media services. Remember, Threads was able to achieve instant scale by moving Instagram users onto Threads wholesale, maintaining their Insta follows and followers when they created their Threads accounts.

Europe – like everywhere else – is full of entrepreneurs who are trying to get national, independent social media platforms off the ground, hoping to woo users by promising them a more privacy-respecting alternative. They’ve got the same problem Zuck had when he tried to compete with Myspace: users love their friends more than they hate being spied on, so merely offering a better service is insufficient.

To get users off the old platforms, you have to lower their switching costs – you have to let them bring their friends to the new network, even if those friends are still stuck on the old network. Legalize jailbreaking in the EU and you’ll make it possible to do “on-device bridging” – where a new social media app is able to break open the data storage of the Threads app on the same device and move that data into its own feeds. And because the EU has the GDPR, they have the privacy framework needed to police the privacy violations that breaking into other apps’ data storage can lead to.

Meta will squawk. They’ll say Europe is legalizing the violation of its corporate rights. But Meta violates Europeans’ rights at scale, and the “rights” that I’m talking about taking away from Meta are rights the EU gave it in the first place, in exchange for a broken promise of tariff-free access to the USA.

Adblocking isn’t stealing. Adblocking is bargaining. Without adblocking, the companies don’t sell us services in exchange for our privacy – they plunder all the private data they can get, and dribble out services at whatever level they think we deserve. If ad-supported media was a restaurant, it’d be one where you got thrown up against a wall, relieved of your wallet, fed a handful of gruel, and then got kicked in the ass and sent on your way:

https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah

Every time Donald Trump threatens the EU, he makes the case for the Eurostack, but still, he can’t help himself. Likewise, every time Zuckerberg enshittifies his services, he makes the case for repealing Article 6 of the Copyright Directive, and he can’t help himself either.

Threads’ inexorable enshittification is an opportunity: an opportunity to make the case for the Eurostack, an opportunity to improve the lives of millions of Europeans, and an opportunity to break through the walled gardens that keep the people we love stuck on legacy social media platforms.

When they did it to us, that wasn’t progress. When we do it to them, it’s not piracy.

Hey look at this (permalink)

• EFF to Close Friday in Solidarity with National Shutdown https://www.eff.org/deeplinks/2026/01/eff-close-friday-solidarity-national-shutdown

• Let’s Make Hope Normal Again https://www.youtube.com/watch?v=qxt4HCjd7VA

• Detecting Dementia Using Lexical Analysis: Terry Pratchett’s Discworld Tells a More Personal Story https://www.mdpi.com/2076-3425/16/1/94

• How is Inventing the Renaissance an SFF-Related Work? https://www.exurbe.com/how-is-inventing-the-renaissance-an-sff-related-work/

• The Good, the Pretty, and Fear Itself https://catvalente.substack.com/p/the-good-the-pretty-and-fear-itself

Object permanence (permalink)

#25yrsago Frank Chu explainer http://www.12galaxies.20m.com

#20yrsago Kerouac curator invents copyright laws to keep photographers away https://thomashawk.com/2006/01/open-letter-to-myra-borshoff-cook-tour.html

#20yrsago EFF suing AT&T for helping NSA illegally spy on Americans https://www.eff.org/cases/nsa-multi-district-litigation

#20yrsago CD DRM software players are amateurish and easy to trick https://blog.citp.princeton.edu/2006/01/31/cd-drm-attacks-player/

#20yrsago MPAA puts TSA goon in charge of enforcement https://web.archive.org/web/20060209035921/http://www.mpaa.org/press_releases/2006_01_31.pdf

#20yrsago US-VISIT immigration system spent $15 million per crook caught https://www.schneier.com/blog/archives/2006/01/the_failure_of_1.html

#20yrsago Law firm fires clerk for personal opposition to DRM https://web.archive.org/web/20060203030500/http://www.freeculturenyu.org/2006/01/31/drm-fired/

#15yrsago Free excerpt from Jo Walton’s brilliant Among Others https://web.archive.org/web/20110204214337/http://www.tor.com/stories/2011/01/excerpt-among-others

#15yrsago Debunking yet another bought-and-paid-for report on the need for non-neutral net https://arstechnica.com/tech-policy/2011/01/huge-isps-want-per-gb-payments-from-netflix-youtube/

#15yrsago Batman: billionaire plutocrat vigilante https://reactormag.com/batman-plutocrat/

#15yrsago Another copyright troll throws in the towel https://www.eff.org/press/archives/2011/01/31

#10yrsago Ten hard truths about the Flint water atrocity https://www.ecowatch.com/michael-moore-10-things-they-wont-tell-you-about-the-flint-water-trage-1882162388.html

#10yrsago Watch: AMAZING slam poem about policing women’s speech habits https://www.youtube.com/watch?v=me4_QwmaNoQ

#10yrsago Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from) https://www.reuters.com/article/us-juniper-networks-congress-idUSKCN0V708P/

#5yrsago Know Nothings, conspiratorialism and Pastel Q https://pluralistic.net/2021/01/31/rhymes-with-pastel-q/#paranoid-style

#5yrsago Mashing the Bernie meme https://pluralistic.net/2021/01/31/rhymes-with-pastel-q/#bernie-3d

Upcoming appearances (permalink)

• Salt Lake City: Enshittification at the Utah Museum of Fine Arts (Tanner Humanities Center), Feb 18
  https://tanner.utah.edu/center-events/cory-doctorow/

• Victoria: 28th Annual Victoria International Privacy & Security Summit, Mar 3-5
  https://www.rebootcommunications.com/event/vipss2026/

• Berkeley: Bioneers keynote, Mar 27
  https://conference.bioneers.org/

• Berlin: Re:publica, May 18-20
  https://re-publica.com/de/news/rp26-sprecher-cory-doctorow

• Berlin: Enshittification at Otherland Books, May 19
  https://www.otherland-berlin.de/de/event-details/cory-doctorow.html

• Hay-on-Wye: HowTheLightGetsIn, May 22-25
  https://howthelightgetsin.org/festivals/hay/big-ideas-2

Recent appearances (permalink)

• How the Internet Got Worse (Masters in Business)
  https://www.youtube.com/watch?v=auXlkuVhxMo

• Enshittification (Jon Favreau/Offline):
  https://crooked.com/podcast/the-enshittification-of-the-internet-with-cory-doctorow/

• Why Big Tech is a Trap for Independent Creators (Stripper News)
  https://www.youtube.com/watch?v=nmYDyz8AMZ0

• Enshittification (Creative Nonfiction podcast)
  https://brendanomeara.com/episode-507-enshittification-author-cory-doctorow-believes-in-a-new-good-internet/

• Enshittification with Plutopia
  https://plutopia.io/cory-doctorow-enshittification/

Latest books (permalink)

• “Canny Valley”: A limited edition collection of the collages I create for Pluralistic, self-published, September 2025

• “Enshittification: Why Everything Suddenly Got Worse and What to Do About It,” Farrar, Straus, Giroux, October 7 2025
  https://us.macmillan.com/books/9780374619329/enshittification/

• “Picks and Shovels”: a sequel to “Red Team Blues,” about the heroic era of the PC, Tor Books (US), Head of Zeus (UK), February 2025 (https://us.macmillan.com/books/9781250865908/picksandshovels).

• “The Bezzle”: a sequel to “Red Team Blues,” about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (thebezzle.org).

• “The Lost Cause:” a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org).

• “The Internet Con”: A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).

• “Red Team Blues”: “A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before.” Tor Books http://redteamblues.com.

• “Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin”, on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com

Upcoming books (permalink)

• “Unauthorized Bread”: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

• “Enshittification, Why Everything Suddenly Got Worse and What to Do About It” (the graphic novel), Firstsecond, 2026

• “The Memex Method,” Farrar, Straus, Giroux, 2026

• “The Reverse-Centaur’s Guide to AI,” a short book about being a better AI critic, Farrar, Straus and Giroux, June 2026

Colophon (permalink)

Today’s top sources:

Currently writing: “The Post-American Internet,” a sequel to “Enshittification,” about the better world the rest of us get to have now that Trump has torched America (1048 words today, 18579 total)

• “The Reverse Centaur’s Guide to AI,” a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.

• “The Post-American Internet,” a short book about internet policy in the age of Trumpism. PLANNING.

• A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

“When life gives you SARS, you make sarsaparilla” -Joey “Accordion Guy” DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies (“BOGUS AGREEMENTS”) that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

openmediavault is the next generation network attached storage (NAS) solution based on Debian Linux. It contains services like SSH, (S)FTP, SMB/CIFS, rsync and many more.