Fullstack Ethics: Privacy Can't Be Just a Luxury Good
In the final season of Silicon Valley, Hooli ex–CEO Gavin Belson announces “tethics”, a portmanteau of “tech ethics” and a pledge companies can sign to show they uphold the principles thereof. The idea catches on, and it becomes deeply unpopular for a company to not be “tethical”. Pied Piper founder Richard Hendricks is the lone holdout, objecting that the pledge is meaningless.
The joke is that Silicon Valley has spent the entire series portraying Gavin Belson as the most flagrant example of an unethical tech CEO. Like so much of the show, it’s a sharp critique of the real tech industry.
Growing distrust of the tech industry reached a boiling point in the late 2010s. Venture–backed companies proved over and over to be jealous
stewards of our data. In response, we've heard increasing calls to abandon these platforms for ones we
control. It’s becoming trendy for companies to describe themselves or their products as “ethical”.
As developers, I have no doubt that we‘re capable of creating ethical technology. Like Richard Hendricks, many of us have strong convictions about exploitation, privacy and openness. We can fight back against surveillance and walled gardens.
But we need to get real for a second. The money and data that we use to build “ethical” software often goes to companies that violate the very principles we try to embody.
Microsoft used to be reviled for its hostility to open source software. Ex–CEO Steve Ballmer once said “Linux is a cancer”
, referring to its viral free software license. Microsoft’s “Embrace, Extend and Extinguish”
strategy targeted both competitors’ software and open standards, and was a central pillar of the US Department of Justice’s monopoly case against them.
Under Satya Nadella, Microsoft has turned over a new leaf. They’ve released open source projects of their own. Microsoft Azure even provides servers running Linux as well as Windows.
But Microsoft’s embrace of open source belies the harm it’s doing elsewhere. The US military contracted them to provide technology
that would give soldiers “increased lethality, mobility and situational awareness”. GitHub, its subsidiary, is working with ICE
to round up and terrorize undocumented people and their families.
Amazon also hates paying taxes. They killed a Seattle tax meant to help the homeless
. The EU ordered them to repay €250,000,000
after negotiating “illegal tax advantages” with the Luxembourg government. In 2017, they paid no federal taxes on $5,600,000,000 in profits
; in 2018, they paid no federal taxes on $11,200,000,000 in profits
Google vowed to be a different kind of company, famously adopting the motto “don’t be evil”. It turns out that a lot can change in 20 years!
After becoming the dominant web search engine, Google realized they were sitting on enormous amounts of behavioral and search data. The dot–com crash led them to capitalize on this treasure trove, and in the process they invented something that would transform the tech industry into a digital dystopia.
It turns out that shady people have lots of uses for detailed information about you, specifically. Sometimes they want to sell you things, sometimes they want to convince you of ideas… but whatever the reason, they’re willing to pay a lot for that information. This incentivizes Google to harvest as much data about you as possible — even if your consent is dubious or withheld.
This might all seem tangential to upholding these principles ourselves. The point of creating ethical technology is to do better than this, right? These companies give us a template for what not to do.
The problem is that we’re using these companies when we build things. We pay GitHub the same money it uses to help deport undocumented people. We send Google the same data it sells to advertisers. Companies are only able to behave like this because we still give them our business.
Our first line of defense against harmful and exploitative practices should be to refuse to perpetuate them. But it’s not enough to just do right ourselves. If we want to build ethical software, we need to consider the full stack.
A Way Out
An ethical tech stack is one in which there are no moral quandaries with any of the technologies or companies involved. That means the money you spend isn’t being used to deport people, or pay for sexual predators’ exit packages.
There are two ways developers can make a difference. The first is to pick an ethical tech stack for any personal work and side projects. The second — more difficult but more effective — is to convince your employer to care about the ethics of their tech stack. That means making the case that whatever technology you want to use won’t hurt the business.
The good news is that using ethical technology doesn’t have to mean making compromises. Developer tooling is a highly commoditized market: there are tens of thousands of companies and open–source products competing to solve every problem we encounter building software.
Take Google Analytics: found on 61% of the most–visited websites
, it's Google’s beachhead for surveillance capitalism. It's so pervasive that even otherwise staunch advocates for privacy often use it themselves. You get free data about how people are using your website, but Google uses that information combined with every
site using Google Analytics — to target each visitor.
Instead, consider alternatives like Fathom
and Simple Analytics
. They reject surveillance capitalism in favor of a tried–and–true business model: charging their customers money. Both are easy to install, and either match GA’s tentpole features or are working on them. Fathom shows you pageviews, uniques, bounce rate and referrers. They also have a public roadmap
where you can see the features they’re working on, such as UTM parameters and custom event tracking.
You're also not beholden to another company to provide you web analytics. There are plenty of open–source services available to host on your own infrastructure
As ubiquitous as Google Analytics is to web analytics, GitHub might be even more so to software development. In addition to creating a tooling monoculture
, they also feed the police– and military–industrial complexes.
, which started around the same time as GitHub and is now owned by Atlassian. GitLab
is an alternative that offers tight integration with many supporting services, such as continuous integration. Sourcehut
is a newcomer that eschews investor money.
And as with analytics, self–hosting is an option here. Git itself is decentralized and open source; there’s no reason to rely on one company to provide it to everyone. Check out Gitea
, a self–hosted service with many GitHub–like features. GitLab and Sourcehut also provide open source, self hostable versions.
At a recent meetup, someone asked about “the AWS problem”: they considered Amazon unethical but thought AWS was an indispensable part of their stack.
Virtual private server companies are starting to offer managed services to compete with cloud providers. DigitalOcean
offers not only servers but S3 compatible object storage, managed databases, load balancers and (if you want something a bit more microservicey) managed Kubernetes. If you don't like them, try Linode
or one of the many other companies
from which you can rent a server for under $10 a month. You can do anything with these services
that you can do with Amazon Web Services, Microsoft Azure or Google Cloud Platform.
It takes a bit of ethical calculus to figure out what you’re okay with and what you want to stop using. For example, TypeScript is a popular programming language from Microsoft. But it’s free and open source; the only thing you’d be helping them do is launder their reputation. On the other hand, even though Google Analytics is also free, you’d be supporting surveillance capitalism by selling out anyone who uses your app.
This all might sound a bit overwhelming. It's likely that you or your company use at least a few of the services named here (a list that's by no means exhaustive).
But you don't have to make the jump all at once. Start small! Swap out Google Analytics on your personal website. Create the repo for your next project somewhere other than GitHub. Set up your own server instead of using AWS.
The unfortunate flip side is that this can be a form of gatekeeping. Paying $14 per month for a privacy–respecting analytics service is hard if you're not relatively wealthy. Running your own servers is daunting if you haven't dug around the internals of your operating system.
These are our problems to solve as developers. We need to find ways to make ethical tech just as accessible to everyone as unethical tech is today. Privacy cannot be a luxury good
It's become clear that despite their utopian ideals, tech companies are the same as any other company. They bust unions
. They suppress wages
. They exploit tax loopholes
. And ultimately, they depend on our money
and our labor
. Boycotts and walkouts are important and powerful tools. But even without a big coordinated protest, we can still show these companies that they can't take our business for granted.
I love building things, and I love technology. But I refuse to build on the backs of people who are more vulnerable than I am. We as developers can solve this by refusing to sell out our customers’ data and closing our wallets to companies that harm others.
If you're moved to action but aren't sure where to start, here are a few links to get you going:
Subscribe to get your daily round-up of top tech stories!