Bad clients would be muscled aside by third-party apps. Locked bootloaders would be hacked and replaced. Code that confirmed you were using OEM parts, consumables or adapters would be nuked from orbit. Weak APIs would be replaced with muscular, unofficial APIs built out of unstoppable scrapers running on headless machines in some data-center. Every time some tech company erected a 10-foot enshittifying fence, someone would show up with an 11-foot disenshittifying ladder.

2/

Those 11-foot ladders represented the power of *interoperability*, the inescapable bounty of the Turing-complete, universal von Neumann machine, which, by definition, is capable of running every valid program. Specifically, they represented the power of *adversarial* interop - when someone modifies a technology against its manufacturer's wishes. Adversarial interoperability is the origin story of today's tech giants, from Microsoft to Apple to Google:

eff.org/deeplinks/2019/10/adve…

3/

Adversarial Interoperability

“Interoperability” is the act of making a new product or service work with an existing product or service: modern civilization depends on the standards and practices that allow you to put any dish into a dishwasher or any USB charger into any car’s c…

^{Electronic Frontier Foundation}

But adversarial interop has been in steady decline for the past quarter-century. These big companies moved fast and broke things, but no one is returning the favor. If you ask the companies what changed, they'll just smirk and say that they're better at security than the incumbents they disrupted. The reason no one's hacked up a third-party iOS App Store is that Apple's security team is just so fucking 1337 that no one can break their shit.

4/

I think it's nonsense. I think what's *really* going on is that we've made it possible for companies to design their technologies in such a way that any attempt at adversarial interop is *illegal*.

"Anticircumvention" laws like Section 1201 of the 1998 Digital Millennium Copyright Act make bypassing any kind of digital lock (AKA "Digital Rights Management" or "DRM") *very* illegal. Under DMCA, just *talking about* how to remove a digital lock can land you in prison for 5 years.

5/

I tell the story of this law's passage in "Understood: Who Broke the Internet," my new podcast series for the CBC:

pluralistic.net/2025/05/08/who…

For a quarter century, tech companies have aggressively lobbied and litigated to expand the scope of anticircumvention laws. At the same time, companies have come up with a million ways to wrap their products in digital locks that are a crime to break.

6/

Digital locks let Chamberlain, a garage-door opener monopolist block all third-party garage-door apps. Then, Chamberlain stuck ads in its app, so you have to watch an ad to open your garage-door:

pluralistic.net/2023/11/09/lea…

Digital locks let John Deere block third-party repair of its tractors:

pluralistic.net/2022/05/08/abo…

And they let Apple block third-party repair of iPhones:

pluralistic.net/2022/05/22/app…

7/

These companies built 11-foot ladders to get over their competitors' 10-foot walls, and then they kicked the ladder away. Once they were secure atop their walls, they committed enshittifying sins their fallen adversaries could only dream of.

I've been campaigning to abolish anticircumvention laws for the past quarter-century, and I've noticed a curious pattern.

8/

Whenever these companies stand to lose their legal protections, they freak out and spend vast fortunes to keep those protections intact. That's weird, because it strongly implies that their locks *don't work*. A lock that works *works*, whether or not it's illegal to break that lock. The reason Signal encryption works is that it's *working encryption*. The legal status of breaking Signal's encryption has nothing to do with whether it works.

9/

If Signal's encryption was full of technical flaws *but* it was illegal to point those flaws out, you'd be crazy to trust Signal.

Signal *does* get involved in legal fights, of course, but the fights it gets into are ones that require Signal to *introduce* defects in its encryption - not fights over whether it is legal to disclose flaws in Signal or exploit them:

pluralistic.net/2023/03/05/the…

10/

But tech companies that rely on digital locks *manifestly* act like their locks don't work and they know it. When the tech and content giants bullied the W3C into building DRM into 2 billion users' browsers, they *categorically* rejected any proposal to limit their ability to destroy the lives of people who broke that DRM, even if it was only to add accessibility or privacy to video:

eff.org/deeplinks/2017/09/open…

11/

An open letter to the W3C Director, CEO, team and membership

Dear Jeff, Tim, and colleagues, In 2013, EFF was disappointed to learn that the W3C had taken on the project of standardizing “Encrypted Media Extensions,” an API whose sole function was to provide a first-class role for DRM within the Web browser ec…

^{Electronic Frontier Foundation}

The thing is, if the lock works, you don't need the legal right to destroy the lives of people who find its flaws, because it *works*.

Do digital locks work? *Can* they work? I think the answer to both questions is a resounding *no*. The design theory of a digital lock is that I can provide you with an encrypted file that your computer has the keys to. Your computer will access those keys to decrypt or sign a file, but only under the circumstances that I have specified.

12/

Like, you can install an app when it comes from my app store, but not when it comes from a third party. Or you can play back a video in one kind of browser window, but not in another one. For this to work, your computer has to hide a cryptographic key from you, *inside a device you own and control*. As I pointed out more than a decade ago, this is a fool's errand:

memex.craphound.com/2012/01/10…

13/

After all, your or I might lack the knowledge and resources to uncover the keys' hiding place, but *someone* does. Maybe that someone is a person looking to go into business selling your customers the disenshittifying plugin that unfucks the thing you deliberately broke. Maybe it's a hacker-tinkerer, pursuing an intellectual challenge. Maybe it's a bored grad student with a free weekend, an electron-tunneling microscope, and a seminar full of undergrads looking for a project.

14/

The point is that hiding secrets in devices that belong to your adversaries is *very bad security practice*. No matter how good a bank safe is, the bank keeps it in its vault - not in the bank-robber's basement workshop.

For a hiding-secrets-in-your-adversaries'-device plan to work, the manufacturer has to make *zero* mistakes. The adversary - a competitor, a tinkerer, a grad student - only has to find one mistake and exploit it.

15/

This is a bedrock of security theory: attackers have an inescapable advantage.

So I think that DRM doesn't work. I think DRM is a *legal* construct, not a *technical* one. I think DRM is a kind of magic Saran Wrap that manufacturers can wrap around their products, and, in so doing, make it a literal jailable offense to use those products in otherwise legal ways that their shareholders don't like.

16/

As Jay Freeman put it, using DRM creates a new law called "Felony Contempt of Business Model." It's a law that has never been passed by any legislature, but is nevertheless enforceable.

In the 25 years I've been fighting anticircumvention laws, I've spoken to many government officials from all over the world about the opportunity that repealing their anticircumvention laws represents. After all, Apple makes $100b/year by gouging app makers for 30 cents on ever dollar.

17/

Allow your domestic tech sector to sell the tools to jailbreak iPhones and install third party app stores, and you can convert Apple's $100b/year to a $100m/year business for one of your own companies, and the other $999,900,000,000 will be returned to the world's iPhone owners as a consumer surplus.

18/

But every time I pitched this, I got the same answer: "The US Trade Representative *forced* us to pass this law, and threatened us with tariffs if we didn't pass it." Happy Liberation Day, people - every country in the world is now liberated from the only reason to keep this stupid-ass law on their books:

pluralistic.net/2025/01/15/bea…

In light of the Trump tariffs, I've been making the global rounds again, making the case for an anticircumvention repeal:

ft.com/content/b882f3a7-f8c9-4…

19/

The digital countermove to Trump tariffs

America’s mid-air dismantling of the global system of trade represents a one-time chance to compete

^{Cory Doctorow (Financial Times)}

One of the questions I've been getting repeatedly from policy wonks, activists and officials is, "Is it even possible to jailbreak modern devices?" They want to know if companies like Apple, Tesla, Google, Microsoft, and John Deere have created unbreakable digital locks. Obviously, this is an important question, because if these locks are impregnable, then getting rid of the law won't deliver the promised benefits.

20/

It's true that there aren't as many jailbreaks as we used to see. When a big project like Nextcloud - which is staffed up with extremely accomplished and skilled engineers - gets screwed over by Google's app store, they issue a press-release, not a patch:

arstechnica.com/gadgets/2025/0…

Perhaps that's because the tech staff at Nextcloud are no match for Google, not even with the attacker's advantage on their side.

21/

“Google wanted that”: Nextcloud decries Android permissions as “gatekeeping”

Without full file access, it’s kind of hard to use your own cloud.

^{Kevin Purdy (Ars Technica)}

But I don't think so. Here's why: we *do* still get jailbreaks and mods, but these almost exclusively come from anonymous tinkerers and hobbyists:

consumerrights.wiki/Mazda_DMCA…

Or from pissed off teenagers:

theverge.com/2022/9/29/2337854…

These hacks are incredibly ambitious! How ambitious? How about a class break for *every version of iOS* as well as *an unpatchable hardware attack on 8 years' worth of Apple bootloaders*?

pluralistic.net/2020/05/25/maf…

22/

The OG App, an ad- and Reels-free Instagram clone, is pulled from the App Store

The OG App promised an Instagram experience without Reels, recommendations, and ads. Just a day after debuting on the App Store, the OG App was pulled. Meta says it’s taking “all appropriate enforcement actions.”

^{Mia Sato (The Verge)}

Now, *maybe* it's the case at all the world's best hackers are posting free code under pseudonyms. Maybe all the code wizards working for venture backed tech companies that stand to make millions through clever reverse engineering are just not as mad skilled as teenagers who want an ad-free Insta and that's why they've never replicated the feat.

23/

Or maybe it's because teenagers and anonymous hackers are just about the only people willing to risk a $500,000 fine and 5-year prison sentence. In other words, maybe the thing that protects DRM is law, not code. After all, when Polish security researchers revealed the existence of secret digital locks that the train manufacturer Newag used to rip off train operators for millions of euros, Newag dragged them into court:

fsfe.org/news/2025/news-202504…

24/

Restrictions on our Freedom to Study Software: A Legal Case Study from Poland - FSFE

Software is a major component of modern life, affecting large parts of our lives. When software is embedded in vehicles, the ability to control our digital...

^{FSFE - Free Software Foundation Europe}

Tech companies are the most self-mythologizing industry on the planet, beating out even the pharma sector in boasting about their prowess and good corporate citizenship. They *swear* that they've made a functional digital lock...but they sure *act* like the only thing those locks do is let them sue people who reveal their workings.

25/

I'm on a 20+ city book tour for my new novel *Picks and Shovels*.

Catch me in #PITTSBURGH TOMORROW (May 15) at White Whale Books:

whitewhalebookstore.com/events…

and then in #PDX with BUNNIE HUANG at Barnes and Noble on Jun 20:

stores.barnesandnoble.com/even…

More tour dates (#London, #Manchester) here:

martinhench.com

eof/