{"@attributes":{"version":"2.0"},"channel":{"title":"Ethan Plant","link":"https:\/\/ethanplant.ca","description":{},"generator":"Zola","language":"en_ca","lastBuildDate":"Tue, 30 Jun 2026 00:00:00 +0000","item":[{"title":"The Black Market of Minecraft Servers","pubDate":"Tue, 30 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/minecraft-piracy\/","guid":"https:\/\/ethanplant.ca\/notes\/minecraft-piracy\/","description":"<p>The Entertainment Software Association has found the real threat to the video game industry.<\/p>\n<p>Not loot boxes. Not live service games that disappear after people pay for them. Not launchers, platform lock-in, mandatory online checks, anti-cheat rootkits, or the slow conversion of purchases into temporary revocable permissions.<\/p>\n<p>No.<\/p>\n<p>The threat is apparently Minecraft servers.<\/p>\n<p>During a California hearing on AB 1921, the Protect Our Games Act, ESA vice president Jennifer Gibbons responded to Assemblymember Chris Ward\u2019s point that games like Minecraft already have community servers by saying, \"They're illegal.\" When asked whether that made them the \"black market\" of video games, she said yes, and added, \"we consider it piracy,\".<\/p>\n<p>This is one of those moments where the most annoying possible response is also the correct one: no, that is not what those words mean.<\/p>\n<p>There are illegal private servers. Obviously. A server that copies proprietary code, bypasses authentication, avoids subscriptions, distributes copyrighted assets, or exists to let people play a paid online game without paying for it can raise real legal issues. Nobody serious has to pretend otherwise.<\/p>\n<p>But \"private server\" is not a synonym for \"pirate server.\"<\/p>\n<p>That distinction matters because Minecraft is perhaps the worst possible example the ESA could have chosen.<\/p>\n<p>The official Minecraft website has a page titled \"Download the Minecraft: Java Edition server\u2060\" that asks, \"Want to set up a multiplayer server?\" and then explains how to do exactly that. The same site links to Java Edition servers and Bedrock dedicated servers from its downloads menu. It also points users toward an official third-party server listing site.<\/p>\n<p>So the position cannot be \"private Minecraft servers are illegal.\"<\/p>\n<p>The official Microsoft-owned Minecraft site tells people how to run them.<\/p>\n<p>The more defensible industry argument would be narrower. Publishers could say that some games are not architected for private hosting. They could say releasing server software can be hard, expensive, or risky. They could say some live games involve moderation, anti-cheat, licensed content, payments, account data, or security-sensitive infrastructure. They could say private server support should depend on the game.<\/p>\n<p>That would still be debatable, but it would at least be an argument.<\/p>\n<p>Instead, the industry keeps sliding from \"some private servers are unlawful\" to \"private servers are piracy\" to \"letting people continue using a game after official support ends is unreasonable.\"<\/p>\n<p>That is the part worth paying attention to.<\/p>\n<p>Because AB 1921\u2060 is not simply a command that every publisher must host every online game forever. The bill applies to server-connected games published for sale on or after January 1, 2027. It defines an end-of-life plan as a plan that gives customers a reasonable expectation that they can continue running or repairing a server-connected game after support ends without further intervention from the publisher. It also requires end-of-life notifications and requires companies to provide information about what customers can do if they want to keep using the game in a secure and effective manner.<\/p>\n<p>You can oppose that.<\/p>\n<p>You can say the drafting is too broad. You can say the obligations are unclear. You can argue about multiplayer-only games. You can argue about licensed content, moderation, player safety, cheating, refunds, infrastructure, and whether \"ordinary use\" is precise enough.<\/p>\n<p>But that is not the same as saying the bill is asking the industry to do the impossible.<\/p>\n<p>The actual legislative fight is more basic than that framing admits.<\/p>\n<p>When a company sells a game whose core functionality depends on company-controlled servers, what obligations does it have when it turns those servers off?<\/p>\n<p>The industry answer is usually some version of: none, beyond notice.<\/p>\n<p>The consumer answer is usually some version of: then stop selling it like a product.<\/p>\n<p>That is why the Minecraft example is so revealing.<\/p>\n<p>Minecraft is not some obscure edge case. It is one of the biggest games in the world. It has official server software, third-party servers, community infrastructure, moderation tradeoffs, and a living example of what player-hosted continuity can look like.<\/p>\n<p>It does not prove every game can work that way.<\/p>\n<p>It does prove the category is not inherently absurd.<\/p>\n<p>And that is why the ESA had to make the category sound absurd.<\/p>\n<p>If \"private server\" means \"piracy,\" then the discussion ends before it begins. There is no need to talk about end-of-life plans. No need to talk about offline patches. No need to talk about documentation. No need to talk about limited server binaries, LAN mode, self-hosting, preservation builds, authentication removal, or any of the boring technical compromises that might actually keep games playable.<\/p>\n<p>Just call it piracy.<\/p>\n<p>Call it the black market.<\/p>\n<p>Treat the continued use of a purchased game as suspicious by default.<\/p>\n<p>That is the annoying thing here. Not that an industry lobbyist said something silly in a hearing, though that is very funny. The annoying thing is that the silly thing exposes the underlying worldview.<\/p>\n<p>The industry is not merely arguing that preservation is difficult.<\/p>\n<p>It is arguing that control is the product.<\/p>\n<p>The server is not just infrastructure.<\/p>\n<p>The dependency is the business model.<\/p>\n<p>The shutdown is part of the design.<\/p>\n<p>Once you understand that, the panic over private servers makes sense. A private server is not dangerous because it is always piracy. It is dangerous because it proves the obvious: sometimes the thing can keep working after the company leaves.<\/p>\n<p>And for an industry increasingly built around the idea that nothing you buy should survive the company\u2019s permission, that is the real black market.<\/p>\n"},{"title":"Adding a Town Square to My Website Because Apparently the Blog Needed a Front Porch","pubDate":"Tue, 30 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/townsquare\/","guid":"https:\/\/ethanplant.ca\/notes\/townsquare\/","description":"<p>A website should not need a town square.<\/p>\n<p>This is, objectively, a ridiculous thing to say. My website is a static site. It has pages. It has notes. It has essays. It has an RSS feed, because I am correct about the web and everyone else simply needs to catch up.<\/p>\n<p>And yet, somehow, the blog now needs a front porch.<\/p>\n<p>The thing I am adding is called <a rel=\"external\" href=\"https:\/\/townsquare.cauenapier.com\/\">TownSquare<\/a>. The basic idea is very simple: you drop a small widget onto your site and visitors can see each other, move around a little, wave, say hello, and share the same tiny space for a moment.<\/p>\n<p>That is it.<\/p>\n<p>No accounts. No follower graph. No algorithm. No engagement-maximizing machine learning system trying to determine whether someone standing beside a pixel tree is more likely to click an ad for a mattress. Just people briefly existing on the same website at the same time.<\/p>\n<p>Naturally, I find this extremely charming.<\/p>\n<p>Part of what I like about the small web is that it does not have to behave like a product category. A personal site does not need to become a platform. It does not need onboarding flows, retention loops, growth teams, reaction buttons, streaks, push notifications, or a mascot that calls you \u201cbestie\u201d while quietly building an advertising profile.<\/p>\n<p>A personal site can just be a place.<\/p>\n<p>That sounds obvious, but the modern web has spent the last fifteen years trying to make places disappear. Everything became a feed. Everything became a profile. Everything became a dashboard. Even \"community\" became something you outsourced to Discord, Reddit, Substack comments, Slack, Telegram, or whatever platform happened to be squatting on that particular social pattern at the time.<\/p>\n<p>The result is that websites often feel strangely uninhabited. Not dead, exactly. More like showrooms. You can read the thing. You can click around. You can subscribe. But you do not really get the sense that anyone else is there.<\/p>\n<p>TownSquare pushes against that in the smallest possible way.<\/p>\n<p>It doesn't try to rebuild Twitter in the footer. It doesn't turn the comment section into a second job. It doesn't ask every visitor to create yet another account. It just says: what if, for a moment, the page felt occupied?<\/p>\n<p>That is a very small idea.<\/p>\n<p>It is also, annoyingly, a very good one.<\/p>\n<p>It fits almost too neatly with how I already think about this site. The site is the home. Platforms are edges. RSS is the mailbox. POSSE is the road system. The fediverse is the weird neighbourhood pub where half the regulars are running custom infrastructure and the other half are yelling about content warnings.<\/p>\n<p>It also fits neatly into an idea I've been circling around recently: a small suite of tools for making a personal website feel less like a static archive and more like an actual home on the web. TownSquare is not exactly one of those tools, at least not mine, but it belongs spiritually in the same world. It is the porch. It is the little public edge of the house. The part where a private website admits, briefly and deliberately, that other people are allowed to be there too.<\/p>\n<p>A place where someone can wander up, see that someone else is there, maybe wave, maybe say hello, maybe immediately leave because they were only trying to read a note about Canadian digital sovereignty and did not expect to encounter a small person standing near a bench.<\/p>\n<p>That's fine. The porch does not need to be the point of the house.<\/p>\n<p>It just changes the feeling of arrival.<\/p>\n<p>There is also something funny about adding this to a site that is otherwise extremely static. This website is mostly Markdown, Zola, Cloudflare Pages, and stubbornness. There is no database. There is no app server. There is no required JavaScript for reading. It is intentionally boring infrastructure.<\/p>\n<p>And now, at the bottom of it, there may be tiny people.<\/p>\n<p>This is exactly the right amount of stupid.<\/p>\n<p>Of course, because I am me, I cannot look at this without immediately thinking about the broader architecture of the web. TownSquare is interesting because it gestures at something bigger than itself. Not bigger in the startup pitch deck sense. Bigger in the \u201coh, right, websites used to be weird little places connected to other weird little places\u201d sense.<\/p>\n<p>A map of small public squares is not a social network in the usual sense. It is closer to a neighbourhood. You do not need one global platform if the interesting thing is the connective tissue between independent sites. You do not need to own the town if you can build roads between houses.<\/p>\n<p>That is the part that gets me.<\/p>\n<p>The web already has the primitives for this. Links. Feeds. Webmentions. Blogrolls. Search. Human curation. Personal domains. Tiny protocols. Weird experiments. Things that are allowed to be small.<\/p>\n<p>TownSquare belongs to that tradition. It is not important because it is technically massive. It is important because it remembers that the web can still be playful.<\/p>\n<p>That matters more than it sounds like it should.<\/p>\n<p>There is a certain kind of internet person who will see something like this and immediately ask what the business model is, or how it scales, or why anyone would add chat-adjacent behaviour to a static site in the year of our Lord 2026. These are all reasonable questions if your goal is to build a company.<\/p>\n<p>They are much less interesting questions if your goal is to make a website feel human.<\/p>\n<p>Not everything has to scale into a venture-backed prison.<\/p>\n<p>Sometimes the correct answer is: because it is nice.<\/p>\n<p>Because someone visiting a personal blog and seeing another person wave at them is a little bit delightful. Because the web has become too optimized, too centralized, too flattened, and too professionally unpleasant. Because a lot of what made the older web interesting was not that it was better engineered, but that it had texture.<\/p>\n<p>A town square is texture.<\/p>\n<p>I don't know yet how long I will keep it. Any public interaction surface eventually becomes a moderation surface, and I am not na\u00efve about that. If it becomes annoying, I will remove it. If it becomes spammy, I will shut it off. If it breaks the vibe, the vibe wins.<\/p>\n<p>But I want to try it, at least for a little bit.<\/p>\n<p>Because the web should have more little experiments like this. More things that make personal sites feel personal. More tools that treat websites as places rather than content delivery endpoints. More projects that make you smile for reasons that do not fit cleanly into a product roadmap.<\/p>\n<p>So yes, apparently the blog needed a front porch.<\/p>\n<p>Come stand around in the yard, I guess.<\/p>\n"},{"title":"Bill C-34 Answers Child Safety With Identity Infrastructure","pubDate":"Mon, 29 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/bill-c-34\/","guid":"https:\/\/ethanplant.ca\/writing\/bill-c-34\/","description":"<blockquote>\n<p>This is a long piece, so the short version is: Bill C-34 gets part of the problem right. Platforms should be held accountable for harmful design, weak safety systems, and failures to protect children. But sections 27 to 29 risk turning child safety into age-verification infrastructure for ordinary internet access. That architecture deserves explicit parliamentary debate, not future regulations and Commission guidance.<\/p>\n<\/blockquote>\n<p>Children should be protected online.<\/p>\n<p>That is such an obvious statement it feels stupid to write. Of course children should not be left to fend for themselves against harassment, sextortion, bullying, eating disorder pipelines, self-harm content, addictive design, synthetic sexual abuse material, non-consensual intimate imagery, and reccomendation systems that can take a normal moment of teenage vulnerability and turn it into a machine-fed spiral.<\/p>\n<p>Of course platforms should not be allowed to build engagement engines for children, profit from them, and then act as though the consequences are an unfortunate mystery.<\/p>\n<p>Of course, the answer is not \"do nothing\".<\/p>\n<p>But obvious statements are where bad digital policy loves to hide. Because <a rel=\"external\" href=\"https:\/\/www.parl.ca\/DocumentViewer\/en\/45-1\/bill\/C-34\/first-reading\">Bill C-34<\/a>, Canada's approach to this problem, does not merely ask whether children should be protected online. It asks a different question: should access to major online spaces depend on age verification or age estimation? That is not really the same question, one is about child safety, the other is about infrastructure.<\/p>\n<p>Bill C-34, the <em>Safe Social Media Act<\/em>, identifies a real problem. It contains several ideas that point in the right direction. Then it introduces a minimum-age regime that risks turning child safety into generalized age assurance for online public life.<\/p>\n<p>This is, once again, <a href=\"\/writing\/canada-digital-sovereignty\/\">the same move Ottawa keeps making on digital policy<\/a>. Start with a real harm. Describe it in language no one reasonable wants to oppose. Reach for a broad technical or legal framework. Push the hard implementation details into regulations, guidance, and future discretion. Then act surprised when people who understand how systems behave ask: \"what exactly is being built?\"<\/p>\n<p>The details, apparently, are where democracy goes to die.<\/p>\n<h2 id=\"the-second-question-is-the-one-that-matters\">The second question is the one that matters<\/h2>\n<p>The public debate around C-34 will be framed around the surface-level question: Should children be protected online?<\/p>\n<p>Yes. Obviously. That's easy. Next question.<\/p>\n<p>The harder question is the second one, hiding in the details. Should Canadians have to pass through age-verification or age-estimation systems before participating in online spaces? That's the question C-34 quietly creates.<\/p>\n<p>The <a rel=\"external\" href=\"https:\/\/www.canada.ca\/en\/canadian-heritage\/services\/safe-social-media-act.html\">government's own backgrounder<\/a> says online services shape how people in Canada communicate, access information, and participate in civic and cultural life. That is correct. Social media is not just entertainment. It's not just TikTok dances, Instagram filters, Reddit arguments, influencer slop, and whatever fresh hell is happening on X this week. It's also where politicians make announcements, journalists find sources, emergency information spreads, public agencies communicate, unions mobilize, artists publish, local communities organize, marginalized people find each other, and ordinary Canadians participate in public life.<\/p>\n<p>The modern public square is ugly. It's privately owned, algorithmically distorted, surveillance-funded, outrage-driven, and often terrible. It is still, perhaps unfortunately, a public square.<\/p>\n<p>That is why the minimum-age provisions in C-34 are so serious. The government cannot describe online services as part of civic and cultural life, and then casually create a legal path to age-gate access to them. If access to social media is access to public discourse, then access controls on social media are access controls on public discourse.<\/p>\n<p>That does not automatically make every restriction illegitimate. It does not mean children have an unlimited right to use every platform in every context. It does not mean platforms should be free to ignore harm. But it does mean that Parliament should treat this as a major change to how Canadians participate online.<\/p>\n<p>Instead, C-34 treats it as a minor implementation detail.<\/p>\n<h2 id=\"the-bill-tries-to-do-too-much-at-once\">The bill tries to do too much at once<\/h2>\n<p>The thing about Bill C-34, is it's not really one bill. It is a platform accountability bill, a child safety bill, an age-verification bill, a pornography access bill, an AI chatbot bill, and a Digital Safety Commission bill all stapled together under one title.<\/p>\n<p>Some of those pieces deserve serious debate on their own. Some are defensible. Some are dangerous. Some are underdeveloped. Some may be salvageable with amendments. But combining all of them into one sprawling framework makes the entire bill harder to understand, harder to scrutinize, and harder to support. This matters because the platform accountability parts of the bill aren't inherently absurd. There is a real case for duties on large social media services. There is a real case for digital safety plans, better reporting tools, blocking tools, age-appropriate design, synthetic content labelling, and obligations around child sexual exploitation material and non-consensual intimate imagery. A narrower bill focused on those duties could probably attract broad support, I'd probably throw my whole support to it and my entire schtick is complaining about Canadian digital policy.<\/p>\n<p>Instead, the government has bundled those ideas with a 16-year-old minimum age regime, age-verification and age-estimation powers, adult-content access restrictions, AI chatbot rules, and a powerful new regulator that will fill in much of the actual operating model later. That is how you take a broadly shared concern and turn it into a trust exercise.<\/p>\n<p>The government is asking Canadians to accept the general framework now and wait for the details later. Which services will be covered? Which age-verification methods will be acceptable? How will age estimation work? How will decentralized services comply? What counts as an AI chatbot? What safeguards are enough for an exemption? How will the Commission balance privacy, expression, safety, and access?<\/p>\n<p>All of that comes later. The regulations will come later. The guidance later. Commission decisions later. Technical standards later. Enforcement practice later.<\/p>\n<p>That is not good enough, and is honestly a really lazy approach to legislating.<\/p>\n<p>The implementation details are not administrative trivia. They are the policy. A social media age gate implemented through government ID is one kind of internet. A facial age-estimation system is another. A third-party age-assurance token is another. Device-level or app-store-level enforcement is another. Each creates different risks. Each shifts power to different institutions. Each changes the practical meaning of access. Parliament should not be asked to approve the general vibe and discover the architecture afterward.<\/p>\n<p>Making this stranger, Parliament already has standalone age-verification legislation before it. <a rel=\"external\" href=\"https:\/\/www.parl.ca\/DocumentViewer\/en\/45-1\/bill\/S-209\/third-reading\">Bill S-209<\/a>, the <em>Protecting Young Persons from Exposure to Pornography Act<\/em>, is explicitly aimed at restricting young persons\u2019 online access to pornographic material. If Parliament wants to debate age verification for adult content, it already has a bill through which to do that. Bill C-34 does something different. It imports age-verification logic into a much broader online safety framework covering social media, AI chatbots, platform duties, adult-content access, and a powerful new Commission. This is what happens when scope creep infects a legislative body.<\/p>\n<p>There is also a political cost to this kitchen-sink approach. The good parts of the bill now have to carry the bad parts. Platform accountability gets tied to age verification. Child protection gets tied to identity infrastructure. AI chatbot regulation gets tied to social media access rules. A debate that should be specific becomes everything all at once. That helps no one except the people who benefit from confusion.<\/p>\n<p>If the government wants to regulate harmful platform design, it should regulate harmful platform design. If it wants to create an age-verification regime for social media, it should say so clearly and defend that choice directly. If it wants to regulate AI chatbots, it should explain the scope of those rules on their own terms. If it wants to create a powerful Digital Safety Commission, it should be explicit about which decisions Parliament is making and which decisions it is handing to the regulator.<\/p>\n<h2 id=\"the-good-parts-make-the-bad-worse\">The good parts make the bad worse<\/h2>\n<p>The frustrating thing is that parts of Bill C-34 are aimed at the right target. The government correctly identifies that online harms are not only the result of individual behaviour. They are also shaped by how services are designed and operated. Features like algorithmic recommendation systems, engagement-based feeds, autoplay, and endless scrolling can amplify harmful content and increase exposure, especially for young users.<\/p>\n<p>That's the correct analysis. So regulate that. Regulate recommender systems. Regulate addictive design. Regulate dark patterns. Regulate weak reporting tools. Regulate synthetic sexual abuse material. Regulate non-consensual intimate imagery. Regulate platforms that make it easy to harass people and hard to get help. Require real transparency. Require meaningful safety plans. Require platforms to assess risk, publish what they are doing, and face consequences when they fail.<\/p>\n<p>Bill C-34, to its credit, does some of this. It creates duties for regulated services. It requires safety-focused and age-appropriate design features. It requires blocking and flagging tools. It requires digital safety plans. It creates duties around harmful content. It has provisions aimed at content that sexually victimizes children or revictimizes survivors. It addresses intimate content communicated without consent, including deepfake sexual images. It creates chatbot-specific duties around harmful content, crisis situations, and manipulative behaviour.<\/p>\n<p>Good. Do more of that. Please, do more of that. That's holding platforms accountable. That's the correct lane.<\/p>\n<p>The problem is that the bill does not stop there. It also includes a minimum-age regime for social media accounts. Section 27 requires operators of specified regulated social media services to implement adequate age-verification or age-estimation measures designed to prevent a person under 16 from having an account or otherwise being registered with the service. That's the landmine in the bill. Not because children should be left exposed to harm. Not because platforms are fine. Not because parents should be abandoned. Not because online harms are fake.<\/p>\n<p>Because age verification is not just a child safety feature. It is infrastructure.<\/p>\n<h2 id=\"you-cannot-verify-only-children\">You cannot verify only children<\/h2>\n<p>This is the logical conclusion and somehow the part that keeps getting skipped over.<\/p>\n<p>A platform cannot enforce a ban on under-16 users by checking only under-16 users. It doesn't know who they are. To find out who is under 16, it has to assess everyone. It has to distinguish the 15-year-old from the 16-year-old, the 16-year-old from the 18-year-old, and the adult from the teenager. That means everyone gets pulled into the age-assurance flow.<\/p>\n<p>The government may call this age verification. It may call it age estimation. It may call it privacy-preserving. It may call it proportionate. It may call it a safeguard. It may say only specified regulated services will be covered. It may say the Commission will decide what is adequate. It may say personal information must be destroyed after the age check is complete.<\/p>\n<p>But the experience from the user's perspective is simple. Before you can participate, prove you're old enough. Maybe it uses government ID. Maybe it uses a third-party token. Maybe it uses facial age estimation. Maybe it uses account history. Maybe it uses behavioural signals. Maybe it uses app-store-level controls. Maybe it uses some vendor that claims to verify age without revealing identity. Maybe the platform doesn't learn your exact age but receives a pass\/fail result.<\/p>\n<p>Those details matter. Some versions are worse than others. But none of them answer the burning question.<\/p>\n<p>Should Canadians have to pass through an age-assurance system to participate in major online public forums?<\/p>\n<p>Bill C-34 appears to answer: yes, if the service is specified by regulation and the Commission considers the measures adequate.<\/p>\n<h2 id=\"age-estimation-is-not-a-magic-privacy-wand\">\u201cAge estimation\u201d is not a magic privacy wand<\/h2>\n<p>The bill doesn't only talk about age verification. It also talks about \"age estimation\".<\/p>\n<p>This is meant to sound softer. It may not require government ID. It may not require uploading documents. It may not require the platform to know exactly who you are. It may involve estimating age from signals rather than verifying identity directly.<\/p>\n<p>Unfortunately, age estimation is still not harmless. If a service estimates your age from your face, that raises biometric and discrimination concerns. If it estimates your age from your behaviour, that raises surveillance concerns. If it estimates your age from account history, device signals, social graph, usage patterns, or data broker information, that raises profiling concerns. If it relies on a third-party vendor, that creates a new compliance layer between Canadians and public online participation.<\/p>\n<p>And if the estimate is wrong, then what? Does a 17-year-old with a young-looking face get locked out? Does a 15-year-old who looks older get waved through? Does a privacy-conscious adult who refuses to complete an age check lose access? Does a person without conventional documentation get pushed into a harder flow? Does a trans person, a racialized person, a person with a disability, or someone who simply does not fit the training data get misclassified?<\/p>\n<p>The bill says measures must not unreasonably or disproportionately limit users\u2019 expression. That's nice language, but it doesn't actually solve the problem. It just gives the regulator a balancing exercise after the architecture has already been accepted. Once the system is built around age checks, expression becomes something the system promises not to limit too much.<\/p>\n<h2 id=\"the-privacy-safeguards-don-t-solve-the-architectural-problem\">The privacy safeguards don't solve the architectural problem<\/h2>\n<p>Bill C-34 does, to its credit, contain privacy safeguards around age verification and age estimation. The Commission must be satisfied that the measures are effective, that personal information is not collected or used except for age-verification or age-estimation purposes, that the personal information is destroyed once the verification or estimation is complete, and that it is protected until destruction.<\/p>\n<p>Those safeguards are better than not having safeguards. I will give them at least that much.<\/p>\n<p>They are, however, not enough. The problem is not only what happens to the data after it is collected. The problem is that access to public online spaces becomes conditional on submitting to the process in the first place.<\/p>\n<p>\u201cDo not worry, the checkpoint deletes your papers after inspecting them\u201d is not the same as \u201cthere is no checkpoint.\u201d<\/p>\n<p>\u201cDo not worry, the vendor only uses your face to estimate your age\u201d is not the same as \u201cyou do not need to scan your face to participate.\u201d<\/p>\n<p>\u201cDo not worry, the platform only receives a token\u201d is not the same as \u201cthe platform does not get to demand proof that you are allowed to be there.\u201d<\/p>\n<p>Privacy is more than just data retention. Privacy is also freedom from unnecessary verification. Freedom from being forced into identity-adjacent systems. Freedom from being made legible as a condition of participation. <a href=\"\/writing\/bridger\/\">Privacy is what a system forces you to reveal, what it can infer, and what other systems can connect later.<\/a>.<\/p>\n<p>Bill C-34 tries to manage the consequences of age verification. It does not justify why age verification should become a condition of access to social media in the first place.<\/p>\n<h2 id=\"section-28-we-ll-figure-it-out-later\">Section 28: \"We'll figure it out later\"<\/h2>\n<p>Section 27 of the bill is the obvious problem people will focus on because it says age-verification or age-estimation measures.<\/p>\n<p>Section 28 may be even more important. In plain language, it says an operator of a specified regulated social media service must implement any measures provided for by regulations that prevent people under 16 from having an account or being otherwise registered with the service.<\/p>\n<p>Any measures.<\/p>\n<p>Provided for by regulations.<\/p>\n<p>That is where the real implementation fight is going to happen.<\/p>\n<p>This is another Canadian digital policy classic. Parliament is asked to approve the broad structure, while the operational details are pushed into regulations, guidelines, Commission decisions, and future processes. The scary part is not always fully visible at first reading. It arrives later as compliance guidance.<\/p>\n<p>In this case though, the enforcement mechanism is the policy. The law doesn't need to say \u201cupload your ID to use Instagram\u201d to create ID-for-the-internet pressure. It only needs to make platforms responsible for keeping under-16 users out while giving regulators the power to decide what counts as adequate.<\/p>\n<p>Platforms will do what regulated entities always do. They will minimize their regulatory risk. If the penalty for letting underage users in is severe, and the penalty for making everyone verify is mostly reputational, the incentive is obvious. Regulatory compliance teams, for completely understandable reasons, pretty much always take the path of least-resistance.<\/p>\n<h2 id=\"the-commission-is-where-the-real-architecture-will-be-written\">The Commission is where the real architecture will be written<\/h2>\n<p>Amongst other things, Bill C-34 creates a powerful \"Digital Safety Commission\".<\/p>\n<p>Some form of expert regulator may make sense for online safety. Parliament cannot write every technical detail into a statute. Platforms change quickly. Harms evolve. Design patterns shift. Regulators can build expertise, monitor compliance, and respond to evidence in ways that Parliament often cannot. That's the charitable version of this.<\/p>\n<p>The less charitable version is that Bill C-34 asks Parliament to create the machine first and find out how it works later. The Commission will not just be a passive administrator. It will shape regulations, issue guidance, assess compliance, manage complaints, conduct audits, issue orders, levy penalties, and decide whether services qualify for exemptions from the minimum-age regime.<\/p>\n<p>In practice, that means many of the most important questions will be answered after the bill passes.Which services will be covered? What age-verification or age-estimation measures will count as adequate? What safeguards will be required for an exemption? How will the Commission treat federated services? What happens when a service uses a privacy-preserving token? What happens when a user refuses to complete an age check? What error rate is acceptable? What appeal process is required? What happens when the verification vendor is wrong?<\/p>\n<p>A law that says \u201cthe Commission will figure it out\u201d is still a law creating the power to figure it out. Once Parliament creates the framework, the political argument shifts. The question stops being whether Canada should build age-verification infrastructure for social media and becomes how the regulator should implement the age-verification infrastructure Parliament has already authorized.<\/p>\n<p>That is exactly the wrong sequence. The hardest questions should be answered before the power is created, not after.<\/p>\n<h2 id=\"the-exemption-model-proves-the-default-is-exclusion\">The exemption model proves the default is exclusion<\/h2>\n<p>Section 29 allows the Commission to exempt a regulated social media service from the minimum-age provisions if the Commission is satisfied that the service provides adequate safeguards for the protection of children. On paper, that sounds completely reasonable. Supporters will argue Section 29 shows this isn't a complete ban, that services can get an exemption, they just need to prove that they're safe enough.<\/p>\n<p>But the structure here matters. The default is still exclusion. That means platforms are pushed into one of two models. Either exclude under-16s through age verification or age estimation, or convince the Commission that their safeguards are good enough to be exempted.<\/p>\n<p>If the government believes the real problem is harmful platform design, the baseline duty should be safer design. Full stop. Not \u201cexclude young people unless you can satisfy the regulator.\u201d Not \u201cage-gate first, ask for an exemption later.\u201d<\/p>\n<p>The exemption model also gives the Commission enormous influence over the shape of online childhood. What counts as adequate safeguards? Who decides? Based on what evidence? How transparent will the process be? How will children\u2019s own perspectives be included? How will the Commission weigh privacy, expression, mental health, safety, autonomy, and access to community?<\/p>\n<p>A 15-year-old is not a toddler. A 15-year-old can work. A 15-year-old can organize. A 15-year-old can write, code, publish, volunteer, protest, explore identity, seek help, and participate in civic life. Treating every person under 16 as someone to be removed from major public online spaces is not a small design choice. It's a statement about young people's agency.<\/p>\n<h2 id=\"this-will-not-hit-all-children-equally\">This will not hit all children equally<\/h2>\n<p>One of the common defences of this type of legislation is that parents aren't doing enough to parent their children online. There is some truth buried in that complaint. Many parents are overwhelmed. Many do not understand the platforms their children use. Many are fighting products designed by some of the richest companies in the world to capture attention, encourage compulsion, and make opting out socially difficult. \u201cJust parent better\u201d is not a serious answer to that.<\/p>\n<p>But a government ban does not solve the parenting problem. It often just reproduces it. Blunt bans rarely, if ever, protect the vulnerable as cleanly as their supporters imagine. Some young people will comply. The ones most likely to comply are often the ones with stable homes, attentive parents, reliable devices, supportive schools, and relatively lower risk. They are the teenagers whose parents are already involved, whose online activity is already somewhat supervised, and whose offline life gives them other places to go.<\/p>\n<p>The young people in the most vulnerable positions, the ones this legislation is supposed to protect, are also the ones most likely to route around the system. A teenager in an abusive household may need online access their parents don't approve of. A queer or trans teenager in an unsafe home may need pseudonymous communities. A young person being bullied may need somewhere outside their school and family environment to talk. A teenager experiencing exploitation may need access to information, support, or people who can help. A young person with unstable housing, poor family support, or mental health struggles may not experience the internet as a frivolous distraction. They may experience it as one of the few places where they can find privacy, language, community, or escape.<\/p>\n<p>Those are exactly the young people who are least helped by a policy that assumes parents are available, safe, and capable of acting as the main enforcement layer. They are also exactly the young people least likely to respond to a ban by calmly logging off. They will find older accounts, shared accounts, fake birthdays, VPNs, foreign services, alternate app stores, browser versions, private servers, smaller platforms, gaming chats, encrypted groups, or whatever workaround appears five minutes after implementation. Teenagers are very good at bypassing rules written by adults who believe \u201ccreate account\u201d is a meaningful control boundary.<\/p>\n<p>The result is predictable. Lower-risk teenagers are more likely to be blocked from mainstream services. Higher-risk teenagers are more likely to remain online, but in less visible and less accountable spaces. If young people are pushed away from large regulated platforms with safety teams, reporting tools, transparency obligations, parental controls, and public scrutiny, where do they go? Smaller services. Foreign services. Less moderated spaces. Private communities. Encrypted groups. Platforms with no Canadian presence, no meaningful reporting tools, no compliance staff, and no easy way for regulators to intervene.<\/p>\n<p>A policy can succeed on paper while making harm harder to see. It can reduce the number of under-16 accounts on mainstream platforms while increasing the number of vulnerable young people using less visible workarounds. It can make adults feel that a boundary has been drawn while pushing the hardest cases into places where the boundary is least enforceable. It can make the problem quieter without making young people safer.<\/p>\n<p>That is the recurring failure of blunt access bans. They are easiest to enforce against the people least likely to be in danger, and easiest to evade by the people whose danger is already hardest to detect. <a rel=\"external\" href=\"https:\/\/au.pcmag.com\/social-media\/118507\/australias-social-media-ban-isnt-working-says-research\">One just needs to look at the failure of Australia's attempt to confirm this<\/a>. If the government\u2019s goal is to protect vulnerable young people, it should be very careful about policies that reward invisibility.<\/p>\n<h2 id=\"the-bill-has-an-outdated-view-of-social-media\">The bill has an outdated view of social media<\/h2>\n<p>Bill C-34 also seems to assume that social media still means one company, one platform, one database, one login system, and one operator with practical control over the whole service. That is how Facebook works. That is how Instagram works. That is how TikTok works. That is mostly how Reddit works.<\/p>\n<p>It is however, not how the modern social web is evolving. Mastodon is not one service. It is thousands of independently operated servers speaking a shared protocol. Lemmy is not one service. It is a federated network of communities and instances. Bluesky is more centralized in practice today, but its underlying protocol is explicitly designed around federated components: personal data servers, relays, app views, feed generators, and labelers.<\/p>\n<p>Bill C-34 keeps talking about \u201cthe operator\u201d as though there is always one obvious entity with the ability to enforce the law across the service. In federated systems, that assumption falls apart entirely. Who is the operator of Mastodon? The non-profit developing the software? The administrator of mastodon.social? The person running a tiny instance for twenty friends? The Canadian instance that displays a post? The foreign instance where the post originated? The user who self-hosts? The relay? The app? The moderation service? There's no single front door, no single entity in control. That's the whole point.<\/p>\n<p>A centralized platform can comply with an age-verification mandate by putting a checkpoint in front of account creation. That is obviously bad for privacy, but at least the implementation model is obvious. A federated platform cannot do that without either pushing the mandate down to every participating server, breaking interoperability with servers that do not comply, or recreating centralized control layers on top of a system designed not to have them. Every option is bad.<\/p>\n<p>If every Mastodon or Lemmy instance has to implement age verification, the law becomes impossible for small community-run servers to comply with. If large instances block non-compliant instances, the fediverse fractures along regulatory lines. If app stores, clients, relays, or hosting providers become responsible, enforcement shifts away from the actual social interaction layer and toward infrastructure choke points. If only large services are covered, then the law creates a strange two-tier internet where centralized platforms are age-gated and federated systems sit in a legal grey zone until regulators decide what to do with them.<\/p>\n<p>The government says online services shape civic and cultural life. The federated social web is part of that life. It is one of the few serious attempts to build social media that is not entirely controlled by a handful of giant companies. It is exactly the kind of architecture a digital sovereignty agenda should want more of: portable identity, interoperable protocols, smaller communities, local moderation, user choice, and less dependence on monopolistic platforms.<\/p>\n<p>Bill C-34 seems to have no idea what to do with that, and that should worry anyone who cares about decentralization. A law that only works cleanly when applied to centralized platforms will tend to favour centralized platforms. They have compliance teams. They have lawyers. They have trust and safety departments. They have identity vendors. They have policy staff. They can absorb regulatory complexity and turn it into a moat. Small federated services simply cannot.<\/p>\n<p>The result is perverse. A bill supposedly aimed at making social media safer may end up entrenching the very platform model that made social media so powerful, so addictive, and so difficult to govern in the first place. At this point it's not just a privacy problem. It's a competition problem. It's an interoperability problem. It's a digital sovereignty problem. It is a sign that the government is trying to regulate the social internet as though the only possible model is the centralized corporate platform.<\/p>\n<p>That is probably the worst possible lesson to take from the past two decades. If Canada wants safer social media, it should not write laws that make decentralized alternatives harder to operate. It should be encouraging smaller communities, open protocols, user-controlled moderation, portability, and pluralism. Instead, Bill C-34 risks telling the independent social web: become more like the platforms, or become legally impossible.<\/p>\n<h2 id=\"the-access-control-logic-will-spread\">The access-control logic will spread<\/h2>\n<p>The problem with age gates is that they rarely remain isolated. Once a service has to know whether a user is over 16 for social media access, why stop there? If the same service hosts adult content, it may also need to know whether a user is over 18. If the service has AI chatbots, it may need age-specific safeguards there too. If future legislation adds new categories of content, new thresholds can be layered onto the same access-control architecture.<\/p>\n<p>That's how these systems expand. The first threshold is justified by the most sympathetic case. The second threshold is easier because the infrastructure already exists. The third threshold becomes a minor administrative detail. This isn't a slippery slope argument in the lazy sense. It's a systems argument, this is just the nature of how systems evolve. When a system exists, people find uses for it. When vendors build products, they sell them. When platforms integrate compliance flows, they reuse them. When regulators learn that access can be conditioned on age, identity, or eligibility, future policy debates start from that assumption.<\/p>\n<p>The real risk is not only that Bill C-34 creates an age gate for social media. It is that it normalizes age gates as a tool for governing public online life. The government will say the safeguards are narrow. Maybe they are, for now. But infrastructure has this pesky way of outliving the political assurances that created it.<\/p>\n<h2 id=\"the-vpn-problem-is-not-a-footnote\">The VPN problem is not a footnote<\/h2>\n<p>Any serious under-16 social media ban immediately runs into the problem of VPNs. If a child can route traffic through another country, use foreign app stores, or access web versions of services through non-Canadian endpoints, enforcement becomes harder. That does not mean enforcement is impossible, but it does mean that the pressure quickly moves outward.<\/p>\n<p>First, platforms must verify age. Then, they must detect evasion. Then, app stores need to cooperate. Then, payment systems, device makers, browsers, operating systems, and network providers are asked to help. Then VPNs become suspicious because they allow users to bypass geography-based restrictions. Then privacy tools start looking like compliance problems.<\/p>\n<p>This is not an abstract concern. It is the same pattern we see again and again in internet regulation. The first law targets a sympathetic harm. The enforcement problem then becomes an argument for expanding the law\u2019s reach. Each additional layer is justified as necessary because the previous layer was incomplete. And because children are involved, anyone objecting can be accused of defending harm, it's why \"think of the children\" is an argument governments the world over instantly reach for.<\/p>\n<h2 id=\"privacy-is-not-suspicious\">Privacy is not suspicious<\/h2>\n<p>The worst argument for this kind of policy is the \u201cnothing to hide\u201d argument. Maybe people who care about privacy should not be online, the argument goes. Maybe if they refuse to verify themselves, that is fine. Maybe it is even good. Maybe the people with the most to hide will leave.<\/p>\n<p>This is, in the nicest way possible, deranged.<\/p>\n<p>Privacy is not evidence of guilt. Anonymity is not inherently illegitimate. Pseudonymity is not a loophole. The ability to speak, read, explore, and participate without tying every action to a verified identity is not a concession to criminals. It is one of the conditions that makes a free and democratic society possible.<\/p>\n<p>People have things to hide because people have lives. They have medical questions, political beliefs, religious doubts, sexual identities, family problems, workplace complaints, private fears, unpopular opinions, and thoughts they have not finished thinking yet.<\/p>\n<p>The people who most need privacy are often the people most harmed when systems demand verification. Vulnerable youth. Abuse victims. Whistleblowers. Journalists. Political dissidents. Queer and trans people. People in small communities. People without stable documentation. People seeking sensitive information. People who are not doing anything wrong and still don't want to be turned into a compliance record.<\/p>\n<p>A democracy should not treat privacy as suspicious. A democracy cannot treat privacy as suspicious. The burden should be on the state to justify intrusion, not on the public to justify privacy.<\/p>\n<h2 id=\"once-again-this-is-bad-digital-sovereignty\">Once again, this is bad digital sovereignty<\/h2>\n<p>Bill C-34 also fits into a larger Canadian problem, one I've already written about <a href=\"\/writing\/canada-digital-sovereignty\/\">at length<\/a>. Canada says it wants digital sovereignty. It says it wants trustworthy infrastructure, public accountability, resilience, and the ability to make its own choices in a world dominated by foreign technology platforms. Then it keeps proposing policies that make Canadian digital life more permissioned, more compliance-heavy, more centralized, more dependent on opaque intermediaries, and less trustworthy. This is somehow mistaking digital sovereignty for digital bureaucracy.<\/p>\n<p>A sovereign internet is not one where Canadians need permission slips to participate. It is not one where access to major public forums depends on verification vendors, platform compliance teams, regulator guidance, and future regulations that ordinary people will never read. It is not one where privacy tools become suspect because they complicate enforcement.<\/p>\n<p>Real digital sovereignty should mean Canadians have more control over the systems they depend on. More privacy. More resilience. More domestic capacity. More public trust. More open standards. More competition. More ability to leave platforms without leaving public life. Bill C-34 points in the opposite direction when it treats access as the control point. It says: we cannot make the platforms safe enough, so we will decide who is allowed through the door.<\/p>\n<h2 id=\"the-bill-should-be-amended\">The bill should be amended<\/h2>\n<p>The government can still fix this. It should keep the platform accountability parts. It should strengthen them. It should focus on the systems that create and amplify harm. Require meaningful risk assessments. Require public digital safety plans that are actually useful. Require accessible reporting and appeal mechanisms. Require strong action on child sexual exploitation material and non-consensual intimate imagery. Require safer defaults for minors. Require transparency around recommender systems. Require limits on addictive design. Require labels for synthetic content where appropriate. Require platforms to make blocking and reporting tools easy to find and easy to use. Require independent audits. Require evidence. Genuinely, I'd love to write a positive article for once.<\/p>\n<p>But remove or radically narrow the minimum-age regime. At minimum, Parliament should not pass sections 27 to 29 in their current form. If the government insists on age-related protections, they should be built around age-appropriate design, not generalized age verification. The law should prohibit mandatory government ID checks, biometric age estimation, face scanning, and third-party identity verification as conditions of ordinary social media access. It should require privacy impact assessments. It should require public technical standards before implementation. It should give the Privacy Commissioner more than consultation. It should include explicit protections for anonymous and pseudonymous participation. It should ensure that refusals to complete age checks do not automatically become grounds for exclusion from public online spaces.<\/p>\n<p>Most importantly, it should not outsource the real debate to future regulations. Parliament should decide whether Canada is creating age-verification infrastructure for social media. Not the Commission later. Not Cabinet later. Not compliance vendors later. Not platforms quietly implementing whatever minimizes liability.<\/p>\n<p>Parliament.<\/p>\n<p>Now.<\/p>\n<p>In public.<\/p>\n<h2 id=\"the-problem-is-the-architecture\">The problem is the architecture<\/h2>\n<p>The government will say this is about safety. It is, any attempt to deny that is making the lazy version of the argument. But safety is not the only value in a democracy. Privacy matters. Expression matters. Access matters. Youth autonomy matters. Public participation matters. Technical architecture matters.<\/p>\n<p>If the architecture requires everyone to prove they are old enough before entering major public online spaces, then the law has changed what the internet is. It has made participation conditional. It has made access something to be granted after verification. It has made privacy something to be balanced after the checkpoint has already been built.<\/p>\n<p>Children deserve protection online. They deserve platforms that are not engineered to exploit them. Parents deserve better tools. Users deserve reporting systems that work. Survivors deserve fast action. The public deserves transparency. Regulators deserve real powers. Platforms deserve much less deference than they currently receive. But Canadians also deserve an internet where privacy is not suspicious, pseudonymity is not treated as a problem to be solved, decentralized communities are not regulated out of existence, and participation in public life does not require passing through an age-assurance system.<\/p>\n<p>Bill C-34, admittedly, gets some things right. That's probably why I'm frustrated. The government correctly identified that online services shape civic life. It correctly identified that platform design can amplify harm. It correctly identified that voluntary action has not kept pace. It correctly identified that children need protection. It correctly identified that platforms need duties.<\/p>\n<p>Then it reached for age verification. Once again, Ottawa found a real digital policy problem and answered it with infrastructure that should make Canadians nervous.<\/p>\n<p>The issue at hand is not whether children should be protected. Obviously they should. The issue is whether protecting children requires building a system where everyone may have to prove they are allowed to participate. That's not some minor implementation detail to figure out later.<\/p>\n<p>That is the whole fight.<\/p>\n"},{"title":"Canada Day is Coming. May God help us all.","pubDate":"Mon, 22 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/canada-day-is-coming\/","guid":"https:\/\/ethanplant.ca\/notes\/canada-day-is-coming\/","description":"<p>There are certain sentences that sound harmless until you happen to live in Vancouver in June 2026. \"The World Cup is in town.\" \"Canada Day is next week\". \"There is a big event downtown.\" \"The trains may be busy.\"<\/p>\n<p>Each one, on its own, is manageable. Vancouver has handled big crowds before. We are a city of fireworks, concerts, cruise ships, Stanley Cup trauma, beach weather, Canucks hope, Olympic legacy, and the annual civic ritual of pretending the Canada Line was built for the number of people who actually use it.<\/p>\n<p>But this year feels different.<\/p>\n<p>This year, Canada Day is not arriving in isolation. It is arriving in the middle of the World Cup. It is arriving after Vancouver has already remembered that international football fans are loud, joyful, relentless, and apparently capable of turning a regular weeknight into a moving street festival. It is arriving in a city where people are already watching matches in pubs, gathering at fan events, packing trains, waving flags, and discovering that, yes, we do in fact have national emotions when the circumstances demand it.<\/p>\n<p>May God help us all.<\/p>\n<p>The problem is not that any one thing is too much. The problem is that everything is happening at once. Canada Day in Vancouver is already a strange beast. Downtown fills up. The waterfront becomes a human conveyor belt. Every patio is full. Every transit station develops a thousand-yard stare. Someone, somewhere, decides that the correct response to national pride is standing motionless at the top of an escalator.<\/p>\n<p>Now add the World Cup into the mix.<\/p>\n<p>Add visitors who do not know that Waterfront Station is less of a station and more of a psychological experiment. Add locals who absolutely should know better but will still attempt to \u201cjust grab the train\u201d at the worst possible moment. Add people in jerseys, people in flags, people in face paint, people trying to get to Canada Place, people trying to get to the PNE, people trying to get home, people trying to get anywhere, and one guy in a Canucks jersey who has somehow decided this is also about him.<\/p>\n<p>And then, because fate has a sense of humour, I did the math. This was a mistake. Because now Wednesday is looking at the city like a loaded shotgun.<\/p>\n<p>Canada plays Switzerland on Wednesday. If Canada wins or draws, Canada finishes top of Group B. That alone would be absurd enough, because we are not emotionally prepared to be the kind of country casually doing World Cup group-stage arithmetic with consequences.<\/p>\n<p>But the consequences are the important part. Top of Group B means Canada plays its Round of 32 match in Vancouver on July 2.<\/p>\n<p>Which means Canada Day would not simply be Canada Day.<\/p>\n<p>It would be Canada Day, in Vancouver, during the World Cup, immediately before Canada plays a home knockout match at BC Place.<\/p>\n<p>And not just any knockout match.<\/p>\n<p>Canada\u2019s first ever men\u2019s World Cup knockout match.<\/p>\n<p>On home soil.<\/p>\n<p>After Canada's first ever men's World Cup win. After a 6\u20130 demolition of Qatar in Vancouver that made the city sound like it had briefly remembered it was allowed to feel things.<\/p>\n<p>That is the part that makes this feel less like scheduling and more like prophecy. This would not merely be another match. This would be one of those weird civic moments where sports, geography, timing, national identity, and transit capacity all collide in public. A country gets its first World Cup win. The win is not a squeaker. It is not a lucky bounce. It is 6\u20130. It is domination. It happens at home. The crowd loses its mind. The city hears it from blocks away.<\/p>\n<p>Then, if Canada can get past Switzerland with even a draw, the reward is a knockout match back in Vancouver the day after Canada Day. This is how you accidentally create a Heritage Moment.<\/p>\n<p>There is going to be some poor transit planner looking at the numbers like they are reading a cursed text. There is going to be someone at TransLink staring into the middle distance. There is going to be a police officer on Granville who has accepted that the next forty-eight hours belong to a force larger than municipal authority. There is going to be a tourist asking if it is always like this, and some exhausted local saying, \u201cNo. Somehow worse.\u201d<\/p>\n<p>This is the thing about Vancouver: for all our reputation as no fun city, the city does occasionally remember how to lose its mind. It just needs permission. A playoff run will do it. A gold medal will do it. A perfect summer evening will do it. Apparently, so will the World Cup. And Canada Day gives everyone permission at once.<\/p>\n<p>That is the dangerous part. Not dangerous in the grim sense. Dangerous in the \u201cthis is going to become a story people tell later\u201d sense. Dangerous in the \u201cI tried to take the SkyTrain and became part of Canadian history\u201d sense. Dangerous in the \u201cthe city has exceeded its recommended daily intake of vibes\u201d sense.<\/p>\n<p>Because there is something genuinely lovely about it too. Canada Day can sometimes feel a little awkward, a little staged, a little too laminated. But World Cup energy is not laminated. It is not orderly. It is not contained by a polite programming schedule. It spills. It echoes. It turns strangers into a crowd. It makes people cheer from patios and balconies and open windows. It gives the city a pulse loud enough to hear from blocks away.<\/p>\n<p>That is what I noticed during Canada\u2019s match against Qatar. I didn't need to be watching to know something had happened. I could hear it. Every goal came rolling through the neighbourhood as a wave of sound. The sound of a country having a moment.<\/p>\n<p>As a proud Canadian, I am happy to cheer right alongside it. But I am also realistic.<\/p>\n<p>Canada Day is coming. The World Cup is here. Canada may be one result away from turning July 1 into the unofficial pre-party for the most important men\u2019s soccer match this country has ever played on home soil. Vancouver is about to combine national celebration, global sport, summer crowds, downtown bottlenecks, historical catharsis, and a transit network that already looks personally offended by the concept of demand.<\/p>\n<p>May God help us all.<\/p>\n<p>May God help the poor person who thinks they can casually transfer at Waterfront.<\/p>\n<p>May God especially help the Canada Line.<\/p>\n<p>She was not built for this.<\/p>\n<p>But she will be asked to serve.<\/p>\n<p>And honestly, at a certain point, there is no use resisting the pageantry of it. If Canada insists on getting its first men\u2019s World Cup win at home, threatening to win its group, and possibly playing its first ever knockout match in Vancouver the day after Canada Day, then fine. The bit has earned its trumpets.<\/p>\n<p>God save our King and Heaven bless.<\/p>\n<p>The maple leaf forever.<\/p>\n"},{"title":"Bridger Is Building an OSINT Dossier in a Cute Font","pubDate":"Wed, 10 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/bridger\/","guid":"https:\/\/ethanplant.ca\/writing\/bridger\/","description":"<p>I was scrolling through Instagram, because unfortunately I am not immune to doomscrolling, when I came across a reel advertising <a rel=\"external\" href=\"https:\/\/bridger.social\/\">bridger.social<\/a>. Bridger claims, in its own words, to be \"A close-friends social media built to help you actually connect.\" The antithesis of modern-day social media.<\/p>\n<p>That pitch, at first glance, is exactly the sort of thing that should get me very excited. A close-friends social app. No endless scroll. No influencers. No AI slop. No follower-count brain poison. No ad-choked feeds where the people you actually care about are buried under a mountain of algorithmic sludge.<\/p>\n<p>Just a social app, for actual friends to stay in touch. A product that says, in effect, \"you were not supposed to spend your life scrolling\". A social media platform that says, \"this belongs to you, the user\".<\/p>\n<p>I'm exactly the target audience for that type of claim. I care about digital sovereignty. I care about user control, exit rights, local-first software, open systems, and the difference between using software and being used by it. This whole website essentially exists because I think people should have homes on the internet that aren't just rented rooms inside other people's platforms. I am, admittedly, very easy to bait with the phrase \"user-owned\".<\/p>\n<p>Naturally, I had some skepticism going in. I wondered what \u201cuser-owned\u201d actually meant. I wondered whether the code would be open source. I wondered whether users would have real exit rights. I wondered about data portability, federation, self-hosting, APIs, contributor rights, governance, ads, and the business model. All of the boring questions that make the infrastructure engineer in me happy.<\/p>\n<p>Then, I opened the beta. And I slowly realized I was looking at the most horrifying thing I've seen on the internet in a while.<\/p>\n<p>My initial response to Bridger may have been a healthy dose of architectural skepticism. My second reaction was incident response. Because, as I explored the beta, the problem wasn't merely that Bridger hadn't fully explained its governance model.<\/p>\n<p>The problem was the product was asking users to build an extensive identity dossier. Not metaphorically. Not in some abstract \"all data collection is bad\" sense. I mean it was asking for exactly the kinds of details that privacy, security, and OSINT people spend their time warning about.<\/p>\n<h2 id=\"the-trust-problem-started-immediately\">The trust problem started immediately<\/h2>\n<p>Bridger's sign-up flow managed to be both casual and invasive in the worst possible combination. To start, I never received any kind of validation email. No confirmation link. No verification code. No proof that I controlled the email address I had entered. As far as I can tell, the beta let me proceed without completing even the most basic account-integrity step.<\/p>\n<p>It did, however, ask for my date of birth for \"age verification\". The box explicitly says: \"Used for age verification only. Never shown to others.\"<\/p>\n<p><img src=\"\/images\/bridger-birthday.png\" alt=\"Bridger Sign-Up Birthday Box\" \/><\/p>\n<p>There's a really strange set of priorities here. The product made no attempt to verify my email, arguably the most basic fraud prevention step, but demanded my date of birth immediately.<\/p>\n<p>And date of birth isn't a throwaway field. It's identity-adjacent. It's frequently used in account recovery, identity matching, eligibility checks, advertising systems, and data-broker enrichment. It can become sensitive very quickly when combined with a name, email address, friend graph, location context, profile preferences, daily posts, and social activity.<\/p>\n<p>It is also not, by itself, \"age verification\". A user typing a birth date does not prove their age. It proves they can type a birth date. Maybe that is acceptable for a low-risk beta. Maybe it's a placeholder while regulatory compliance is figured out. Maybe the team plans something more serious later. But then call it what it is. Do not collect date of birth under the reassuring label of \"age verification\" while leaving the rest of the trust model underdeveloped.<\/p>\n<p>The sign-up flow also immediately asked for my first and last name. I gave it only my first name, because what, exactly, had this product done to earn my full government name? A close-friends app may need a display name. It may need a handle. It may eventually need billing information if someone becomes a paying member. It may allow users to share their real names with people they already trust. But \u201cfirst and last name\u201d immediately at signup is a very different choice. It treats real identity as the default.<\/p>\n<p>I admit this is nitpicking a beta website's sign-up flow, and it's not out of the ordinary for a social media platform. But if a platform's public messaging is \"we care deeply about privacy\", I feel I reserve the right to be deeply critical.<\/p>\n<p>The privacy-preserving version of this flow would ask: \"What should your friends call you?\" It would separate display identity from legal identity. It would make full names optional. It would explain clearly who can see them. It would not require more trust than the product has earned.<\/p>\n<h2 id=\"then-came-the-profile-flow\">Then came the profile flow<\/h2>\n<p>The profile setup flow is when things went from \"concerning but it's a beta\", to horrific.<\/p>\n<p>Immediately I clicked on \"Setup your profile\" and I'm greeted by a 29-step workflow and a screen asking me to select my hobbies. A bit long, but no red flags so far.<\/p>\n<p><img src=\"\/images\/bridger-profile.png\" alt=\"Bridger profile flow, hobby selection\" \/><\/p>\n<p>I clicked through a bit more and got asked for my birthday... again. During signup, Bridger asked for my date of birth for \u201cage verification\u201d and reassured me that it would never be shown. Then, later in the profile flow, it asks: \u201cWhen is your birthday?\u201d with month, day, and year fields, followed by visibility options: Close Friends, Wider Friend Group, and All Acquaintances.<\/p>\n<p><img src=\"\/images\/bridger-profile-birthday.png\" alt=\"Bridger profile flow, birthday\" \/><\/p>\n<p>Maybe these are technically separate fields. Maybe the signup date of birth is intended for age gating, while the profile birthday is intended as an optional social field. That can be a legitimate distinction. But the product doesn't make that distinction, if any, clear to the user.<\/p>\n<p>From the user's perspective: the app says give us your birth date, we will never show it. Then later it says: when is your birthday, and who can see it? That's a really confusing privacy flow for an end user.<\/p>\n<p>There's also a data-minimization problem. If the purpose of collecting date of birth is age verification, the product may not need to store or expose a full date of birth as a profile attribute. It might need only an age-gate result, or an age range, or a minimum-age confirmation, depending on the legal and safety model. If the purpose is social celebration, it likely does not need the year. Age verification data should be treated as safety or compliance data. Birthday data should be treated as optional profile data. Those should not feel like the same onboarding chore wearing two different fonts.<\/p>\n<p>A later section in the flow made the data-use problem even clearer. It asks the user for their sun, moon, and rising signs, and then helpfully says: \"Don't know yours? Add your birthday earlier to auto-fill the sun sign.\" That means the birthday isn't just being collected as an isolated social field, it's being used to directly derive more metadata about a user.<\/p>\n<p>Maybe zodiac signs are silly. Maybe nobody cares. But the pattern matters. The product says one thing at signup, asks again later, then uses birthday data to auto-fill another profile field. This is exactly why purpose limitation matters. Users need to understand what data is being collected, why it is being collected, where it appears, what it derives, and how else it will be used. \"We'll never show this\" is easy to write. The hard part is ensuring the product does not later reuse the same category of data in ways that surprise users.<\/p>\n<p>Then, the flow kept going.<\/p>\n<p>It asked for nicknames.<\/p>\n<p>It asked for middle name.<\/p>\n<p>It asked where I am from.<\/p>\n<p>It asked what town I live in now.<\/p>\n<p>It asked where I went to high school.<\/p>\n<p>It asked where I went to college.<\/p>\n<p>It asked what I studied.<\/p>\n<p>It asked for current job title.<\/p>\n<p>It asked for dream job.<\/p>\n<p>It asked what pets I have.<\/p>\n<p>It asked for my pets' names.<\/p>\n<p>It asked who is in my family: parents, siblings, kids, anyone close.<\/p>\n<p>It asked where I fall in line among siblings.<\/p>\n<p>It asked for food allergies.<\/p>\n<p>It asked for dietary restrictions.<\/p>\n<p>It asked for ethnicity or heritage.<\/p>\n<p>It asked for relationship status.<\/p>\n<p>It asked for sexuality.<\/p>\n<p>It asked for pronouns.<\/p>\n<p>It asked for religion or beliefs.<\/p>\n<p>It asked for zodiac signs.<\/p>\n<p>It asked for important dates in my life.<\/p>\n<p>And near the end, it asked: \"Anything else friends should remember?\"<\/p>\n<p>I think I got about halfway through before muttering, \"holy shit\" under my breath.<\/p>\n<p>This isn't <em>really<\/em> a quirky whimsical profile setup. This is asking users to hand over a comprehensive identity dossier in a <a rel=\"external\" href=\"https:\/\/en.wikipedia.org\/wiki\/Lisa_Frank\">Lisa Frank<\/a> skin.<\/p>\n<p>I don't say that lightly. I've followed the OSINT space for around a decade by this point. I know exactly how dangerous this data can be in the wrong hands. The problem isn't that any one of these fields is always catastrophic by itself. The problem is that the flow assembles them together into a single profile.<\/p>\n<p>A malicious person with access to that data would not merely know \u201cfun trivia\u201d about you. They would have the raw material for impersonation, stalking, phishing, account recovery attacks, social engineering, harassment, doxxing, discrimination, and intimate coercion.<\/p>\n<p>Middle names, hometowns, schools, pet names, family structure, sibling order, and important dates are classic identity-verification and account-recovery material. They are the cursed security questions of the 2000s rebuilt as a social profile wizard. We all know the ones:<\/p>\n<p>\u201cWhat was the name of your first pet?\u201d<\/p>\n<p>\u201cWhat high school did you attend?\u201d<\/p>\n<p>\u201cWhat city were you born in?\u201d<\/p>\n<p>\u201cWhat is your oldest sibling\u2019s name?\u201d<\/p>\n<p>The industry spent years learning that these are terrible secrets because they are often guessable, searchable, memorable, and socially exposed. The industry has spent the better part of a decade trying to teach people that these types of questions are actually terrible security practice. Bridger\u2019s beta appears to ask users to type that same information into a profile flow and then decide who can see each field. That should give anyone with even a brief understanding of cybersecurity chills.<\/p>\n<h2 id=\"sensitive-data-in-a-friendship-costume\">Sensitive data in a friendship costume<\/h2>\n<p>Then, there are the extremely sensitive categories. Ethnicity. Religion. Sexuality. Relationship status. Pronouns. Food allergies. Dietary restrictions.<\/p>\n<p>Some of these may be harmless for some users in some contexts. For other users, they may be sensitive, risky, or genuinely dangerous. Sexuality may not be safely public. Religion may not be safely public. Ethnicity may expose someone to harassment. Pronouns may be a political target in some environments. Dietary restrictions may reveal health, religion, disability, pregnancy, recovery, or eating-disorder context. Relationship status can expose vulnerability, queer relationships, family conflict, breakups, abuse risk, or unwanted attention.<\/p>\n<p>The correct design posture around data like this, especially for a platform claiming to care about privacy, is not cute curiosity. It is unrelenting restraint. Don't ask users for sensitive data without a clear purpose. Don't expose by default. Don't make users evaluate disclosure field by field while trying to complete onboarding. Don't bury visibility decisions inside a long tap-through flow.<\/p>\n<p>Don't treat \"skip this one\" as if it solves the consent problem.<\/p>\n<p>Admittedly, every field is optional. There's no hard requirement to fill in any of these. That doesn't make this okay. Optional is not the same thing as privacy-preserving. A long onboarding flow can pressure users without explicitly forcing them. It can normalize disclosure. It can make skipping feel like incompletion. It can make privacy feel like a chore. It can train users to answer first and think later.<\/p>\n<p>By screen 17 of 29, or 21 of 29, or 28 of 29, most people are not conducting a careful threat model. They're just trying to finish the onboarding wizard. This is privacy fatigue as interface design.<\/p>\n<h2 id=\"all-acquaintances-is-not-a-safety-model\">\"All Acquaintances\" is not a safety model<\/h2>\n<p>The visibility model makes it worse. Almost every screen asks: \u201cwho can see this?\u201d with options like Close Friends, Wider Friend Group, and All Acquaintances.<\/p>\n<p>That may sound like user control, but it's not enough.<\/p>\n<p>First, \"All Acquaintances\" is not reassuring. Acquaintances are precisely the people who may be dangerous enough to know you and not close enough to trust. Coworkers, old classmates, ex-friends, friends-of-friends, mutuals, people from school, people from events, people you met twice, people who know just enough context to misuse information. That category cannot be meaningfully safe. There's a reason the data on your private Instagram and on your LinkedIn page are very different.<\/p>\n<p>Second, visibility controls don't answer the data-governance question. Who can see a field in the UI is only one part of privacy. The deeper questions are: is the data stored? Is it indexed? Is it searchable? Is it logged? Is it used for recommendations? Is it used for matching? Is it used for advertising? Is it available to admins? Is it available to moderators? Is it included in exports? Is it deleted when removed? Is it retained in backups? Is it protected differently if sensitive? Is it encrypted? Is it accessible if the service is breached?<\/p>\n<p>The UI only asks users \"who can see this?\" The real question is who can access it, infer from it, process it, retain it, correlate it, and lose it. Because, that's the catastrophic breach scenario.<\/p>\n<p>Imagine a breach of this dataset. Not just emails and hashed passwords, although that would be bad enough. Imagine a breach containing full names, birth dates, towns, hometowns, schools, colleges, job titles, family members, sibling order, pets, pet names, food allergies, dietary restrictions, ethnicity, religion, sexuality, relationship status, pronouns, important life dates, and open-ended notes written specifically as things friends should remember.<\/p>\n<p>That's a map of people\u2019s private lives. It would be useful to scammers. It would be useful to stalkers. It would be useful to abusive partners. It would be useful to harassers. It would be useful to doxxers. It would be useful to identity thieves. It would be useful to anyone trying to impersonate someone, guess account-recovery answers, craft convincing phishing messages, or apply pressure using personal facts.<\/p>\n<p>This is the reason why privacy people are always super annoying and paranoid-sounding. Because the fun little profile field is never just a fun little profile field once it's in a database somewhere.<\/p>\n<h2 id=\"the-free-text-trap\">The free-text trap<\/h2>\n<p>Then there is \"Important dates in your life.\"<\/p>\n<p>That is a deceptively dangerous prompt. It could collect anniversaries, bereavements, sobriety dates, immigration dates, religious dates, medical dates, trauma dates, breakup dates, family events, court dates, or anything else someone considers important. The prompt is emotionally open-ended. The data could be deeply personal.<\/p>\n<p>And then the final open-ended field: \"Anything else friends should remember?\"<\/p>\n<p>I fully understand this is supposed to be Bridger's version of the \"Bio\" field on most social media platforms. An area of free text to write whatever you want on your profile. But consider the framing here, this is explicitly framed as \"stuff your friends should remember\". People will put everything in there.<\/p>\n<p>Allergies. Trauma. Pronunciation. Neurodivergence. Estranged family. \"Do not mention this around my parents.\" \"I am sober.\" \"I am not out at work.\" \"My dad died in March.\" \"I panic when people yell.\" \"I have a medical condition.\" \"I use a different name around family.\" \"Please do not post photos of me.\" \"I'm a minor.\"<\/p>\n<p>The app doesn't need to intend harm for this to become extremely sensitive extremely quickly. That's the core issue here. A privacy failure is not always a villain twirling a moustache and selling data to the highest bidder. Sometimes it is a team building a cute product that doesn't fully understand the blast radius of the fields it is asking for.<\/p>\n<p>The product claims to be about trust, friendship, privacy, and escaping the worst parts of social media. But the onboarding flow asks users to construct a semi-public memory palace of identity, family, location, education, work, health-adjacent information, beliefs, sexuality, relationships, pets, allergies, dietary restrictions, life dates, and anything else their friends should remember. Bridger doesn't just ask \"who are you?\" It asks \"what would someone need to know to identify, locate, infer, remember, or socially engineer you?\"<\/p>\n<h2 id=\"privacy-will-be-the-top-priority-is-not-an-answer\">\"Privacy will be the top priority\" is not an answer<\/h2>\n<p>Before I dived into the beta, I took some time to read the comments on the reel I saw. I wanted to get a vibe for what people were saying. Most of the comments were generic hype.<\/p>\n<p>One in particular however, caught my eye. Someone asked Bridger a straightforward question: \"will it be under GDPR?\" Bridger's reply was simply, \"Privacy will be the top priority!\"<\/p>\n<p><img src=\"\/images\/bridger-gdpr.jpeg\" alt=\"Instagram comment conversation between user and Bridger on GDPR\" \/>.<\/p>\n<p>They answered a very serious question, with a marketing slogan. The question was not \"do you care about privacy?\" The question was whether Bridger would be subject to a specific data-protection regime. That is an important legal, operational, and architectural question. It asks about scope, jurisdiction, users, processing activities, rights, lawful bases, deletion, export, retention, consent, processors, transfers, and safeguards. \"Privacy will be the top priority!\" doesn't answer any of that.<\/p>\n<p>On its own, this might be forgivable. It was a social-media reply. Maybe the person writing it wasn't prepared to answer a regulatory question in a comment thread. Maybe the correct internal answer is more serious than the public reply. Maybe the team simply had not yet worked through the details. No one should be expecting a beta social media platform to have a compliance lawyer on standby.<\/p>\n<p>But then, Bridger is asking for birth date, full name, birthday, hometown, current town, high school, college, field of study, job title, family structure, sibling order, pet names, food allergies, dietary restrictions, ethnicity or heritage, relationship status, sexuality, pronouns, religion or beliefs, important life dates, and open-ended personal notes.<\/p>\n<p>At that point, \"privacy will be the top priority\" stops being a harmlessly vague answer. It becomes a real problem. A product asking for identity-adjacent, health-adjacent, relationship, location, family, religion, ethnicity, sexuality, and open-ended intimate data needs a serious privacy model.<\/p>\n<p>Not vibes. Not reassurances. Not a marketing slogan with an exclamation mark. A model.<\/p>\n<p>What data is collected? Why is it collected? What's optional? What's public by default? Who can access it? Is it retained after deletion? Is it exported? Can users request full deletion? What happens if the user is a minor? What happens if the data leaks? What happens if someone enters sensitive information into the final free-text box?<\/p>\n<p>These are all the natural questions created by the shape of the product. This is why the GDPR reply matters. The right answer didn't have to be a legal memo. It could have been simple and honest: \"We are still assessing our obligations before launch, especially if we offer Bridger to users in Europe. We know this matters, and we will publish a proper privacy framework before collecting sensitive data.\"<\/p>\n<p>That would have been reassuring. Instead, the public answer amounted to: trust us, privacy matters. But the beta then asks for a long list of deeply personal information. That's playing incredibly fast and loose with privacy. And when a product is collecting this much sensitive information, fast and loose is exactly what people should be afraid of.<\/p>\n<h2 id=\"the-friend-quiz-makes-it-worse\">The friend quiz makes it worse<\/h2>\n<p>And then, there is the \"Friend Quiz\".<\/p>\n<p>The Friends page features a \"Friend Quiz\" box with the text \"Add friends with profile data to unlock the quiz.\" At first glance, this seems like a fairly harmless dark pattern. Just an easy way to drive users to invite their friends to the platform.<\/p>\n<p>That line becomes much darker after going through the profile flow. Because what, exactly, is the quiz about? If the quiz only unlocks once you have friends that have filled in an entire intelligence briefing into their personal lives, the obvious implication is that at least some of this profile data becomes quiz material.<\/p>\n<p>The app asks users to provide deeply identifying and sometimes sensitive information, then appears to use \"profile data\" as the substrate for a friend quiz. It turns deeply personal knowledge into a gamified feature. It makes intimacy measurable. It makes remembering your friends into an app mechanic.<\/p>\n<p>Again, maybe the actual quiz is harmless. Maybe it only asks cute questions. Maybe it avoids sensitive fields. Maybe the product has guardrails that are not visible in the beta flow. It's entirely possible that the quiz explicitly excludes sensitive fields such as sexuality, religion, ethnicity, allergies, or family details.<\/p>\n<p>But the UI makes no attempt to communicate that. What it communicates is: add friends with profile data to unlock the quiz. After the profile flow I had just seen, that sentence doesn't read as charming. It fires like seven alarms in the threat model part of my brain.<\/p>\n<p>This is the danger of collecting everything \"for friendship.\" Once the data exists, the product starts finding uses for it. A birthday becomes a zodiac sign. A preference becomes a prompt. A profile field becomes quiz content. A private detail becomes an interaction surface. This is how platforms eat away at privacy, not all at once immediately. One cute feature at a time.<\/p>\n<h2 id=\"the-app-says-what-the-data-is-for\">The app says what the data is for<\/h2>\n<p>The somewhat hidden \"View My Data\" page makes this even more alarming.<\/p>\n<p><img src=\"\/images\/bridger-data-use.png\" alt=\"Bridger &quot;View My Data&quot; page\" \/><\/p>\n<p>\"Your answers to profile questions helps us connect you to people who have similar interests. Coming soon.\"<\/p>\n<p>This should set off immediate alarm bells. The profile answers aren't just decorative flavour. They're not merely notes for your existing friends. The app says, quite clearly, those answers are intended to help connect users to people with similar interests.<\/p>\n<p>This data becomes matching logic. It becomes discovery logic. It becomes recommendation logic. Whatever word you prefer, it means the profile data is product fuel. It is, at minimum, designed to feed matching or discovery logic.<\/p>\n<p>The same page says hobby tags will \"let you find people who share specific interests.\" It also has a section for \"Closeness Tier Assignments,\" which appear to control whose content users can see.<\/p>\n<p>There's a clear product shape emerging here. Bridger asks users for structured personal information. Some of that information is identity-adjacent. Some is sensitive. Some is useful for social engineering. Some is health-adjacent. Some is relationship, family, location, school, belief, or sexuality-related. Then the product tells users that their answers will help connect them to people with similar interests.<\/p>\n<p>Maybe the current beta does not yet implement the full matching system. The page itself says all of this is coming soon. That doesn't make the concern weaker. It makes the roadmap visible. Bridger isn't just collecting personal data because friends might enjoy reading it. It is planning to use that data to connect, sort, and discover people.<\/p>\n<p>This is exactly why data minimization matters. Once the data exists, the product starts finding uses for it. It has to, the incentives are too great to avoid it. A birthday becomes a zodiac field. A profile answer becomes quiz material. A hobby becomes a discovery tag. A personal detail becomes a matching signal.<\/p>\n<p>And a \"close-friends app\" quietly becomes a system for structuring, searching, and acting on intimate social data.<\/p>\n<h2 id=\"this-should-have-been-stopped\">This should have been stopped<\/h2>\n<p>A team with a mature privacy and safety posture might look at this flow and stop it before it reached a semi-public beta. A privacy review would ask why these fields exist. A security review would ask what happens if they leak. A trust and safety review would ask how they can be abused. A data-protection review would ask whether the collection is necessary, proportionate, purpose-limited, optional in a meaningful way, default-private, and explainable. A product review would ask whether friendship actually requires any of this. A regulatory compliance review would ask what data-privacy regulations apply.<\/p>\n<p>Apparently, that didn't happen. Or, if it did, the flow survived anyway. This is what happens when no one with sufficient authority is saying no.<\/p>\n<p>No, you do not need the user's middle name.<\/p>\n<p>No, you do not need their pets' names.<\/p>\n<p>No, you do not need their sibling order.<\/p>\n<p>No, you do not need their high school.<\/p>\n<p>No, you do not need their current town public.<\/p>\n<p>No, you do not need their ethnicity in a friend app.<\/p>\n<p>No, you do not need their sexuality in onboarding.<\/p>\n<p>No, you do not need their religion or beliefs.<\/p>\n<p>No, you do not need important life dates.<\/p>\n<p>No, you do not need a free-text field where users can deposit trauma in a cute box.<\/p>\n<p>At least, you do not need any of that by default. And if you believe you do need it, the burden is on you to justify it with extraordinary clarity, restraint, and protection.<\/p>\n<p>Bridger does not appear to be doing that in any visible or convincing way. Instead, the beta gives users a familiar platform move: provide personal data now, sort out visibility later.<\/p>\n<h2 id=\"the-broader-lesson\">The broader lesson<\/h2>\n<p>I don't think every cute profile question is evil. I don't think a platform to connect with friends has to be sterile. I don't think every early beta should have the complete privacy authority of a bank.<\/p>\n<p>But I do think a close-friends app needs to understand deeply what kind of data it is asking for. Friendship is intimate. That's the point. A product that mediates friendship is not collecting random preferences in a vacuum. It is collecting context about relationships, identity, memory, location, history, family, habits, beliefs, vulnerability, and trust.<\/p>\n<p>That data has a blast radius. A social app for friends should ask for less, not more. It should default to completely private, not public. It should separate display identity from legal identity. It should never ask for sensitive categories unless there is an extraordinary reason. It shouldn't make users decide visibility for dozens of fields while trying to complete onboarding. It should not collect a birth date under the promise to never share it and then ask for birthday visibility later. It should not use personal data as feature fuel without making the boundaries painfully clear.<\/p>\n<p>It should <em>never<\/em> turn intimacy into a structured dataset and then call that connection.<\/p>\n<p>The most dangerous data is often not the data that looks dangerous. It is the cute stuff. The memorable stuff. The \"your friends already know this anyway\" stuff. The hometown, the school, the sibling order, the birthday, the important date, the dietary restriction, the relationship status, the thing friends should remember.<\/p>\n<p>That's precisely why people will happily volunteer it. That's precisely why it's useful. And that's precisely why a privacy-conscious product should be careful with it.<\/p>\n<p>Bridger says it wants to build a better social app for friends.<\/p>\n<p>Good. Godspeed.<\/p>\n<p>Just please don't ask your users to build an OSINT dossier in a cute font.<\/p>\n<h2 id=\"update-the-beta-now-has-a-separate-security-governance-issue\">Update: the beta now has a separate security-governance issue<\/h2>\n<p>After this piece was written, Bridger\u2019s Discord was placed in read-only mode following an announcement that there had allegedly been conversations about trying to find and exploit the beta code to make the project appear unsafe.<\/p>\n<p>I want to be clear about my own role here.<\/p>\n<p>My concerns are based on normal use of the beta, the user-facing onboarding and profile flow, and the app\u2019s own UI around profile data, quizzes, and future matching or discovery. I did not attempt to exploit the beta, bypass access controls, probe the application, interfere with the project, or make Bridger appear unsafe. I also do not support anyone doing so.<\/p>\n<p>If anything, this reinforces the point.<\/p>\n<p>A product that collects sensitive personal information has to assume adversarial conditions. It has to assume some users will behave badly, some contributors may need limits, some people will poke at systems they should not touch, and some data will attract exactly the wrong kind of attention.<\/p>\n<p>That is why data minimization matters.<\/p>\n<p>The safest sensitive data is the data you never collect.<\/p>\n"},{"title":"Immediate WWDC Thoughts","pubDate":"Mon, 08 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/wwdc-2026\/","guid":"https:\/\/ethanplant.ca\/notes\/wwdc-2026\/","description":"<p>My immediate reaction to Apple WWDC is that Apple may be the only major tech company that has not fully lost its mind around AI.<\/p>\n<p>This is not the same as saying Apple is good, right, or pure, or immune from doing Apple nonsense. It is still Apple. It still names operating systems things like \"Golden Gate\". It still unveils a design language called \"Liquid Glass\", and then, one year later, quietly improves it by making it less annoying. It still frames ecosystem lock-in in nice corporate language like, \"making a more streamlined user experience\". But, compared to the rest of the tech industry, Apple seems almost alarmingly sane.<\/p>\n<p>The first sign was that WWDC went more than two minutes before mentioning AI. In 2026, that feels like an act of monastic resistance. Nearly every tech conference these days open with a CEO walking on stage, staring into the middle distance, and explaining that the company has been spiritually transformed by agents like the Second Coming has happened. Apple, by some miracle, started with operating systems.<\/p>\n<p>There was a line early on that I genuinely liked: \"the best operating systems aren't just built on big breakthroughs, they're built on sweating the details\". That is an absolute banger quote, mostly because it's true.<\/p>\n<p>The best parts of WWDC weren't the grand AI announcements. They were the boring quality of life improvements that make computers feel less stupid. Performance improvements. Better CPU scheduling on older iPhones. Faster photo availability after taking a picture. Improved search indexing. iOS 27 still supporting the now ancient iPhone 11, which is absolutely wild. Android could never. And what I found notable is this was their opening move. It wasn't a footnote after an hour of AI features no one asked for. It was immediate. \"This is how we're making our OS better\".<\/p>\n<p>This is the kind of thing Apple is genuinely good at when it remembers what company it is. Computers aren't just transformed by big conceptual shifts. They're improved by fixing the small frictions. The half-second delay. The missing search result. The thing that should've synced but didn't. The feature that technically exists but feels too annoying to use.<\/p>\n<p>I am also the kind of person who gets unreasonably happy about an improved search index, so this part of the keynote definitely worked on me.<\/p>\n<p>Liquid Glass is still hilarious though. Apple spent a year telling us this was the future of interface design, and now one of the big improvements is that users can nearly disable it entirely. Good. Correct. Necessary. But extremely funny. Apple's eternal curse is to decide that its taste is law, then eventually discover that people sometimes want to read the thing on their screen.<\/p>\n<p>This is where Apple is both better than the industry and still deeply Apple.<\/p>\n<p>For all its faults, Apple seems to be one of the only major technology companies that still understands that computers should belong to the people using them. Admittedly, that sounds absurd, given that Apple is also one of the most locked-down companies in consumer technology. This is the company of App Review, sealed hardware, blessed APIs, ecosystem lock-in, and design decisions handed down like papal encyclicals. Apple's version of ownership has always been conditional. You own the device, but not entirely. You can use the computer, but only along the paths Apple has decided are safe, elegant, profitable, or acceptable.<\/p>\n<p>And yet. Apple still seems to understand something most of the industry has forgotten. Your computer should still <em>feel<\/em> like yours. It should be quiet. It should be coherent. It should protect you. It should not constantly beg for your attention. It should not turn every interaction into a growth funnel, ad impression, chatbot session, or a data extraction event. A computer should feel like a tool in your hand, not a <a href=\"\/writing\/we-rebuilt-the-mainframe\">terminal attached to someone else's business model<\/a>.<\/p>\n<p>This is Apple's great contradiction. Apple understands, on paper at least, that computers belong to their users. It just can't quite bring itself to let that mean what it obviously means. Apple's computers belong to you in the way a very nice hotel \"belongs to you\". It's private, it's beautifully maintained, someone has thought carefully about the lighting. But you can't just decide to knock down a wall.<\/p>\n<p>It's absolutely maddening. It is also, in the current tech landscape, almost... humane?<\/p>\n<p>The AI section was where this became much more obvious. The industry has spent the last few years acting like AI isn't a neat feature, or a tool, or a new interface layer, but this weird <a rel=\"external\" href=\"https:\/\/en.wikipedia.org\/wiki\/Roko&#x27;s_basilisk\">corporate religious movement<\/a>. Every product needs an agent. Every app needs a chatbot. Every company needs to say \"In today's fast evolving landscape, AI is helping us reimagine...\" until everyone in the room falls asleep.<\/p>\n<p>Apple seems to have looked at all of this and politely asked: what in the fuck are you people doing?<\/p>\n<p>That was the main feeling I had watching the keynote. Apple is not rejecting AI. It's clearly going in very hard on AI. But the framing around Apple Intelligence feels very different. It's not \"what if every product became a chatbot?\" It's \"what if the computer was better at helping you use the computer?\" That should have been the starting point for everyone.<\/p>\n<p>On-device speech synthesis, natural language processing, and image processing. The new <a rel=\"external\" href=\"https:\/\/developer.apple.com\/documentation\/coreai\/\">Core AI<\/a> API making it easier for apps to bring in their own local models. Apple repeatedly saying \"Private Cloud Compute\" like it was legally required to mention it every five minutes. A personal device is exactly where this stuff should live. The useful version of AI isn't a slop generating machine stapled carelessly onto every text field. It's context, it's search, it's glue. It's your computer knowing enough about what you're doing to help without making you hand over your life over to some random cloud service that pinky promises it respects your privacy.<\/p>\n<p>The \"second brain\" people are going to be insufferable about this, but they may also be right. On-device intelligence combined with mass local indexing is essentially the Obsidian + Claude Code fantasy on steroids. Your phone knowing your photos, messages, calendar, files, screenshots, and emails well enough to help you find and act on things is genuinely useful. It's also extremely intimate, which is why the privacy architecture matters.<\/p>\n<p>Apple's advantage here isn't that Apple is some morally pure actor. It's that Apple's incentives are very different than most of the companies currently speedrunning AI integration. A company that makes its money selling expensive computers and phones is not the same as a company that makes money turning human behaviour into advertising profiles. That doesn't make Apple virtuous by any means, it makes Apple structurally less insane.<\/p>\n<p>There were still moments that made me nervous. \"Age-based protection\" is one of those phrases that immediately makes me sit up. The declared age range API feels like the kind of thing that could be fine in Apple's hands, but become deeply cursed once governments and platforms start getting ideas. The trust and safety section was, somehow, mostly fine, but I reserve the right to become unreasonably angry about it later.<\/p>\n<p>The expanded on-device scanning for gore and violent content also seems basically good, at least in the version Apple presented. On-client scanning is not automatically bad. In fact, some of it is exactly where safety features should happen. The problem is always scope, coercion, and whether \u201cprotect the user\u201d quietly turns into \u201cinspect the user.\u201d<\/p>\n<p>So, fine. For now. But privacy features are always on thin ice.<\/p>\n<p>Siri remains the most embarrassing part of this. The new Siri looks genuinely useful. It also would have been a banger in 2012. Apple announcing that Siri can finally understand context and do things across apps feels less like a revolutionary breakthrough than a company finally arriving at the future it promised 14 years ago.<\/p>\n<p>Even Apple seemed to know this was a bit awkward. There was very much a \"new and improved Siri for real this time, we swear\" energy. Like the 6th... 7th? redesign of Siri. New voice. New app. Conversation history. Cross-device awareness. Spotlight integration. On-screen context. Camera mode that's basically Google Lens. It's probably all useful, it's also embarrassing that this is all \"new\".<\/p>\n<p>Still, the integration looks right. Right-clicking to invoke Siri with context is exactly the kind of AI integration I want. There where I need it. Out of the way where I don't. Not screaming at me from every corner of the interface. Not turning my computer into a haunted LinkedIn bot. Just available as a tool when I need it.<\/p>\n<p>That's the thing Apple seems to understand better than almost anyone else right now. AI should be ambient, contextual, and mostly invisible until needed. It should make existing workflows easier. It shouldn't demand that every task become a conversation.<\/p>\n<p>Some of the smaller AI features are also just obviously good. Natural language shortcuts might make Shortcuts usable for normal people. Call context sounds genuinely helpful. Automatic proofreading is nice. Automatic updating of compromised passwords is extremely smart. AI photo editing is neat, even if it is also spiritually cursed. The bill splitting demo was admittedly cool.<\/p>\n<p>Then, there is the usual Apple weirdness.<\/p>\n<p>Siri AI is a stupid name. Safari still will not just give me vertical tabs. Website notifications remain funny given Apple\u2019s long war against PWAs. Apple subtly calling out Chrome was deserved and petty. Apple partnering with Gemini feels like a glitch in the timeline. Siri AI not launching in the EU or China is both predictable and very funny.<\/p>\n<p>And then, there was Tim Cook.<\/p>\n<p>I know, intellectually, that CEOs are not supposed to matter this much. Apple is a giant institution. Tim Cook is not Apple. There will be another Apple CEO someday, possibly soon. The company will continue. But still. \u201cGood morning\u201d hits differently when you know it's the last one. Cook\u2019s Apple has never had the mythic energy of Steve Jobs\u2019 Apple. It was never going to. But Cook\u2019s Apple became something else: operationally terrifying, socially cautious, sometimes boring, occasionally brave, usually tasteful, frequently controlling, and somehow still one of the only large tech companies that remembers computers are supposed to be useful.<\/p>\n<p>That was, overall, my main takeaway from WWDC. Apple didn't avoid AI. It didn't ignore the moment. It did not pretend this technology does not matter. It just chose to treat AI cautiously.<\/p>\n<p>It just treated AI like software.<\/p>\n<p>It treated the computer as a thing that should help the person using it.<\/p>\n<p>Apparently that's a radical position now.<\/p>\n"},{"title":"Your Dropdown Has Offended British Columbia","pubDate":"Wed, 03 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/pacific-time\/","guid":"https:\/\/ethanplant.ca\/notes\/pacific-time\/","description":"<p>I was trying to add my website to the <a rel=\"external\" href=\"https:\/\/internetphonebook.net\">Internet Phone Book<\/a>, as one does, when I encountered the following option in the registration form:<\/p>\n<p>(UTC-08:00) Pacific Time (US and Canada)<\/p>\n<p>Absolutely the fuck not.<\/p>\n<p>I live in Vancouver. Vancouver is not on UTC-8 anymore. Vancouver is also not in Mountain Time.<\/p>\n<p>This leaves me in the very stupid position of having two wrong choices. I can choose the right region with the wrong offset, or the right offset with the wrong region. This is the sort of thing that happens when a timezone selector mistakes civil time for a number.<\/p>\n<p>Timezones are not offsets. They are legal, political, historical, and occasionally deranged regional agreements about what the clock should say. They change because governments change them. They contain exceptions. They offend software engineers because they refuse to behave like clean abstractions.<\/p>\n<p>This is why America\/Vancouver exists.<\/p>\n<p>\u201cPacific Time (US and Canada)\u201d used to be an acceptable simplification. It is not anymore. Pacific Time in the United States and Pacific Time in British Columbia have diverged. The label has become a fossil from an older timezone regime.<\/p>\n<p>Naturally, I will be filing an immediate bug report in defence of civil timekeeping and the dignity of Pacific Canada.<\/p>\n<p>The Small Web is beautiful because it is made of human beings. Unfortunately for everyone involved, some of those human beings notice timezone dropdowns.<\/p>\n"},{"title":"Canada Keeps Sabotaging Its Own Digital Sovereignty","pubDate":"Wed, 03 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/canada-digital-sovereignty\/","guid":"https:\/\/ethanplant.ca\/writing\/canada-digital-sovereignty\/","description":"<p>Canada should know better.<\/p>\n<p>That's the part that makes the past few weeks of digital policy discourse so frustrating. This is not a country without technical memory. Canada has been home to serious telecommunications engineering, security software, cryptography, mobile infrastructure, privacy law, artificial intelligence research, and some of the best computer science institutions in the world. The knowledge is here. The people are here. The institutions are here.<\/p>\n<p>What's missing is the willingness to listen to them.<\/p>\n<p>Kitchener-Waterloo alone should make Canada impossible to dismiss as a country that doesn't understand software. The University of Waterloo is one of the strongest computer science schools on the planet. <a rel=\"external\" href=\"https:\/\/www.topuniversities.com\/university-subject-rankings\/computer-science-information-systems\">In the 2026 QS subject rankings<\/a>, the University of Waterloo placed 27th in the world for computer science (a position it shares with the University of British Columbia). Waterloo's coop program is the world's leader, with <a rel=\"external\" href=\"https:\/\/uwaterloo.ca\/future-students\/university-of-waterloo-ranking\">more than 8000 employers in more than 70 countries<\/a>. Waterloo doesn't just produce papers, it's producing people who go directly into the systems, platforms, infrastructure, and companies that shape the digital world.<\/p>\n<p>Research In Motion is personal for me in a way that is hard to separate from Kitchener-Waterloo itself. I grew up in Kitchener. I remember driving through Waterloo and being surrounded by RIM buildings. Many of my classmates in school had parents who worked there. In a very real sense, I grew up in the shadow of Canadian tech.<\/p>\n<p>My own father briefly worked at RIM and once met CEO Jim Balsillie. Years later, in a <a rel=\"external\" href=\"https:\/\/www.theglobeandmail.com\/technology\/tech-news\/as-company-struggles-waterloo-is-rims-city-of-angst\/article543379\/\">Globe and Mail article<\/a> about Waterloo during RIM\u2019s decline, he described the company\u2019s troubles plainly: \u201cIt\u2019s sad. They have contributed a lot to this community.\u201d<\/p>\n<p>That's the part that is easy to miss from outside the region. RIM was not only a phone company. It was part of the local geography. It shaped jobs, buildings, philanthropy, housing, and the ordinary civic atmosphere of Kitchener-Waterloo. BlackBerry\u2019s secure communications legacy matters technically, but RIM\u2019s presence in Waterloo also matters because it showed what Canadian digital capacity looked like when it was rooted in a place.<\/p>\n<p>And while Waterloo may be the top, it is far from alone. The University of Toronto, UBC, McGill, Universit\u00e9 de Montr\u00e9al, Alberta, Ottawa, Carleton, and others form a serious national base of computer science and engineering talent. <a rel=\"external\" href=\"https:\/\/www.timeshighereducation.com\/student\/best-universities\/best-universities-canada-computer-science-degrees\">Times Higher Education\u2019s 2026 Canadian computer science rankings<\/a> place Toronto 22nd globally, Waterloo 41st, Universit\u00e9 de Montr\u00e9al 52nd, UBC 57th, and McGill 74th.<\/p>\n<p>The same holds true geographically. Canada has a handful of places that should, in theory, make the country punch well above its weight in digital policy. Waterloo has the talent pipeline. Toronto and Montr\u00e9al have deep AI, privacy, finance, platform, and research ecosystems. Vancouver has cloud infrastructure, gaming, and cross-border west coast technical talent. Waterloo, UBC, McGill, and the University of Toronto give Canada globally recognized academic depth. This is not a country short on people who can explain how digital systems behave when the law touches them.<\/p>\n<p>And maybe this is just the University of Ottawa grad in me, but Ottawa is arguably one of the more interesting places on this map.<\/p>\n<p>It sits at the intersection of technical memory and public power. The federal government is there. Parliament is there. The regulators are there. The institutions are there. The policy schools, legal community, national-security apparatus, telecommunications history, and procurement machinery are there. And just outside Ottawa sits Kanata North, one of the clearest reminders that Canada once had an enormous telecommunications-industrial base.<\/p>\n<p>Canada's largest technology park didn't just appear out of nowhere. Its lineage runs through Computing Devices Canada, Bell Northern Research, Nortel, Mitel, and Corel. Even when Nortel collapsed, the expertise didn't just vanish. Many of its people remained in the area. They joined other companies, became entrepreneurs, and helped Ottawa earn the title of \"Silicon Valley North\".<\/p>\n<p>Ottawa is not just a national capital that happens to have some tech nearby. It is a capital beside a deep reservoir of telecommunications and infrastructure expertise. It has the people who write policy close to the people who understand networks. It has lawyers, regulators, engineers, security specialists, civil servants, researchers, and industry veterans in the same region. In theory, that should make Canada unusually capable of building world-class digital policy.<\/p>\n<p>The tragedy, as it unfortunately often is, is that Canada has almost all of the ingredients. It has the schools. It has the talent. It has the security history. It has the telecom memory. It has the policy institutions. It has the legal expertise. It has the companies. It has the civil society groups. It has enough people who understand exactly how these systems fail. And yet, file after file, Canada chooses to ignore them.<\/p>\n<h2 id=\"sovereignty-is-not-control\">Sovereignty is not control<\/h2>\n<p>The desire for digital sovereignty isn't the problem. Arguably, it makes more sense now than it did even just a few years ago.<\/p>\n<p>Canada's dependence on American digital infrastructure has always been politically awkward. But the recent tensions between Canada and the United States have made it harder to treat that dependence as harmless convenience. If most of Canada's cloud services, office software, social networks, search engines, mobile operating systems, app stores, advertising systems, content distribution networks, and AI infrastructure are controlled by American companies, then Canadian digital dependence is also geopolitical dependence. An article by <a rel=\"external\" href=\"https:\/\/policyoptions.irpp.org\/2025\/05\/digital-sovereignty\/\">Policy Options<\/a> put it bluntly:<\/p>\n<blockquote>\n<p>Much of Canadian digital communications infrastructure is under the control of U.S. companies and thus potentially the U.S. government. In the Trump 2.0 era, this raises critical economic, political and national security concerns.<\/p>\n<\/blockquote>\n<p>So, the instinct behind a push for digital sovereignty is not wrong. It's entirely reasonable for Canada to want more domestic capacity, more control over its critical infrastructure, more resilience against foreign pressure, and less dependence on companies and legal systems outside Canadian control. A middle power living beside an increasingly aggressive superpower would be foolish not to think about this.<\/p>\n<blockquote>\n<p>\"Middle powers must act together because if you are not at the table, you are on the menu.\"\n- Prime Minister Mark Carney, World Economic Forum Annual Meeting, Davos, January 20, 2026<\/p>\n<\/blockquote>\n<p>The mistake is what Ottawa seems to think sovereignty means. Canada keeps acting as if sovereignty is the ability to assert jurisdiction. If it can compel a provider, it calls that sovereignty. If it can tax a platform, mandate a contribution, order retention, block a site, regulate a service, or require an identity check, it calls that sovereignty.<\/p>\n<p>But control is not the same thing as sovereignty. Control is the ability to issue a demand. Sovereignty is the ability to make that demand survive contact with reality.<\/p>\n<p>That distinction matters because digital systems do not become trustworthy just because a law tells them to behave. Infrastructure has architecture. Cryptography has constraints. Platforms have incentives. Companies have exit options. Trade partners have retaliation tools. Users have trust thresholds. Domestic firms have limited capital. Small providers have compliance limits. Every digital policy touches a system that can respond in ways the law did not intend.<\/p>\n<p>The federal government already knows the right words. <a rel=\"external\" href=\"https:\/\/ised-isde.canada.ca\/site\/innovation-better-canada\/en\/canadas-digital-charter-trust-digital-world\">Canada's Digital Charter<\/a> says that Canadians must be able to trust that their personal information is protected, that their data won't be misused, and that organizations clearly communicate with users. It then states:<\/p>\n<blockquote>\n<p>This trust is the foundation on which our digital and data-driven economy will be built.<\/p>\n<\/blockquote>\n<p>Ottawa wrote this sentence, and then immediately forgot it.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/www.publicsafety.gc.ca\/cnt\/rsrcs\/pblctns\/ntnl-cbr-scrt-strtg-2025\/index-en.aspx\">Canada\u2019s National Cyber Security Strategy<\/a> similarly frames cybersecurity as central to Canada\u2019s digital future, saying the strategy is meant to help secure that future in partnership with provinces, territories, Indigenous communities, industry, and academia.<\/p>\n<blockquote>\n<p>Today, it is abundantly clear that to safely advance Canada's digital and clean economy, to protect our democracy and our day-to-day livelihoods, and to ensure our future economic prosperity, cyber security must be a fundamental building block of our country's national security, economic security, and public safety.<\/p>\n<\/blockquote>\n<p>The government\u2019s <a rel=\"external\" href=\"https:\/\/ised-isde.canada.ca\/site\/ised\/en\/public-consultations\/next-chapter-canadas-ai-leadership\">AI strategy consultation<\/a> also identified sovereignty, sustainability, public benefit, safe AI systems, and public trust as key themes. None of these are bad aspirations. They're exactly the right aspirations for a country in Canada's position. But, if trust is the foundation, then digital sovereignty cannot be built through policies that make trust harder to maintain.<\/p>\n<p>A country cannot build digital sovereignty by making secure systems legally uncertain. It cannot build digital sovereignty by treating data minimization as an obstacle to law enforcement. It cannot build digital sovereignty by forcing sensitive online activity through identity-checking infrastructure. It cannot build digital sovereignty by creating trade liabilities and then backing down once another country notices. It cannot build digital sovereignty by publishing AI ambitions while leaving privacy law, procurement, compute, security, competition, and public-sector adoption in a half-built state.<\/p>\n<p>Real digital sovereignty requires resilient infrastructure. Not just data centres with Canadian addresses, but systems that can withstand outages, attacks, dependency shocks, supply-chain pressure, foreign legal demands, and policy instability. The <a rel=\"external\" href=\"https:\/\/www.canada.ca\/en\/government\/system\/digital-government\/digital-government-innovations\/cloud-services\/digital-sovereignty\/gc-white-paper-data-sovereignty-public-cloud.html\">Government of Canada\u2019s own public-cloud white paper<\/a> acknowledges that cloud adoption raises data sovereignty, residency, and security risks, even as federal IT policy has been shaped around a cloud-first approach.<\/p>\n<p>It requires trusted law. People and companies need to know that the legal environment protects secure design, privacy, due process, and basic constitutional limits. If the law is vague, secretive, or technically careless, it becomes part of the threat model.<\/p>\n<p>It requires technical credibility. Governments don't need to become engineering teams, but they do need to understand enough to know when a proposed legal power conflicts with how secure systems actually work. A statute can authorize a result. It cannot repeal the engineering consequences of achieving that result.<\/p>\n<p>It requires trade awareness. Canada is not the United States. It cannot assume that every platform, vendor, trading partner, or multinational company will simply absorb a Canadian rule because Ottawa has announced it. A middle power has to know where it has leverage and where it's creating exposure.<\/p>\n<p>It requires geopolitical realism. Canada has to assume that foreign governments, especially the United States, may use trade, market access, legal demands, and industrial pressure to protect their own firms and strategic interests. Digital sovereignty cannot be built on the fantasy that Canada can simply announce a policy and the most powerful country on Earth will politely absorb the consequences.<\/p>\n<p>It requires user trust. Digital sovereignty is meaningless if Canadians do not trust Canadian systems. A domestic platform that people believe is less private, less secure, or more exposed to state access is not sovereign in any meaningful sense. It is merely local.<\/p>\n<p>And it requires credible domestic capacity. Sovereignty cannot just mean forcing foreign companies to comply. It has to mean building enough Canadian capability that there are real alternatives: cloud capacity, AI compute, cybersecurity talent, public-sector technical competence, privacy-preserving infrastructure, procurement discipline, and firms that can scale without being crushed by the very compliance burdens the government creates.<\/p>\n<h2 id=\"bill-c-22-mistaking-access-for-capability\">Bill C-22: mistaking access for capability<\/h2>\n<p>I've already <a href=\"\/writing\/bill-c22-is-a-mess\">written a fair bit about Bill C-22<\/a>, because frankly, I'm angry about it. The point here though is narrower: Bill C-22 is one example of a larger Canadian digital-policy failure. It shows Ottawa mistaking legal authority for safe technical capability.<\/p>\n<p>The government\u2019s stated goal is not necessarily absurd. Police and intelligence agencies do need lawful tools to investigate serious crime and threats to national security. Digital systems have changed how evidence is stored, transmitted, deleted, encrypted, and hidden. A country cannot simply pretend that the investigative environment of the 1990s still exists.<\/p>\n<p>The question around C-22 isn't \"should lawful access exist?\" It already does. The question is whether the state can demand access in ways that risk the security of the systems being accessed. That's where Bill C-22 becomes genuinely dangerous.<\/p>\n<p>A warrant can authorize access to information. It cannot make the information exist. A production order can compel disclosure of data a provider has. It cannot safely conjure data the provider deliberately does not collect. A law can say police are entitled to evidence. It cannot repeal the security consequences of forcing systems to preserve access paths.<\/p>\n<p>A government can authorize access, but it cannot legislate away the security consequences of building access paths. That's the line Bill C-22 keeps blurring. The bill states providers aren't required to introduce a \"systemic vulnerability\", but then in the same breath allows technical capability requirements, access-enabling equipment, metadata retention, and secret ministerial orders.<\/p>\n<p>That's why Apple, Meta, Google, Signal, VPN providers, privacy lawyers, and civil liberties groups are alarmed. They aren't simply asking whether lawful access should exist. They are asking what systems will have to become in order to comply.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/www.ourcommons.ca\/Content\/Committee\/451\/SECU\/Brief\/BR14110858\/br-external\/Google-e.pdf\">Google\u2019s brief to SECU<\/a> made the institutional problem especially clear. Existing Canadian law already allows law enforcement to seek court orders requiring reasonable assistance with warrants. Bill C-22 would move far more power into executive hands, including secret orders requiring providers to create or maintain technical capacity for access.<\/p>\n<blockquote>\n<ul>\n<li>Part 2 of Bill C-22 also gives the Minister of Public Safety sweeping powers to issue\nsecret orders mandating providers to create or maintain the technical capacity to\nfacilitate data interception and retrieval (\u201cMinisterial Orders\u201d) (ss. 7-13). Providers are\npermanently prohibited from disclosing the contents of Ministerial Orders, the fact that they are subject to one, or any information related to vulnerabilities created by a\nMinisterial Order.<\/li>\n<\/ul>\n<\/blockquote>\n<blockquote>\n<ul>\n<li>The Ministerial Order framework is unnecessary. In Canada, authorized law\nenforcement may already apply to the courts for an order to provide reasonable\nassistance in giving effect to a warrant, which may in turn be accompanied by\nnon-disclosure provisions, if appropriate. Critically, the existing framework is subject to judicial oversight. As written, C-22 would replace this effective, balanced and\ntransparent regime with broad executive powers, in the absence of a compelling basis\nor rationale for such a fundamental overhaul.<\/li>\n<\/ul>\n<\/blockquote>\n<p>This is not just an abstract concern about foreign tech companies trying to avoid Canadian law. Some of the most important warnings are coming from exactly the kind of companies a digitally sovereign Canada should want to keep.<\/p>\n<p>Tailscale, a Canadian-founded secure networking company, put the problem in almost perfect terms. Its VPN does not inspect customer traffic, does not log browsing activity, and does not have the keys needed to decrypt what its relay servers carry. That isn't a feature it can casually disable by flipping a flag. It's how the product is built. <a rel=\"external\" href=\"https:\/\/tailscale.com\/blog\/bill-c22-canada\">As Tailscale wrote<\/a>, Bill C-22 risks turning \u201cdata minimization from a security virtue into a compliance problem.\u201d<\/p>\n<blockquote>\n<p>There\u2019s a big difference between preserving data for a specific investigation and requiring providers to collect or retain data in bulk because it <em>might<\/em> be useful later. The first can be targeted and accountable. The second changes the design incentives for every service in scope.<\/p>\n<\/blockquote>\n<blockquote>\n<p>Once a law requires a company to retain more metadata, the company now has a new database. That database needs access controls, audit logs, backups, operators, retention systems, legal processes, and incident response plans. It becomes part of the attack surface. It becomes a temptation for theft or misuse.<\/p>\n<\/blockquote>\n<blockquote>\n<p>The safest database is the one you never created.<\/p>\n<\/blockquote>\n<p>Windscribe, another Canadian privacy company, <a rel=\"external\" href=\"https:\/\/x.com\/windscribecom\/status\/2055044048122003569\">made the point even more bluntly<\/a>:<\/p>\n<blockquote>\n<p>We won't be far behind if C-22 passes. In its current state, VPNs would almost certainly require us to log identifying user data. Signal isn't headquartered in Canada so they can just shut off Canadian servers, but our HQ is. We pay an ungodly amount of taxes to this corrupt government, and in return they want to destroy the entire essence of our service to basically spy on its own citizens. Not happening. We'll move HQ and take our taxes elsewhere.<\/p>\n<\/blockquote>\n<p>That is a remarkable failure. A country that wants trusted domestic infrastructure should want companies like Tailscale or Windscribe. It should want companies that collect less data, hold fewer keys, reduce attack surfaces, and build systems where even the provider has limited access. Those are not the companies Canadian law should be pushing into uncertainty. These are the companies Canada should be able to hold up as part of its digital-sovereignty story.<\/p>\n<h2 id=\"canada-s-ai-strategy-mistaking-ambition-for-capacity\">Canada's AI strategy: mistaking ambition for capacity<\/h2>\n<p>Canada\u2019s AI strategy should be one of the strongest parts of its digital sovereignty agenda. The country has a real claim here. Canada wasn't just a spectator in the development of modern AI. It has world-renowned researchers, globally respected universities, strong research clusters, and a long history of public investment in the field. If any middle power should be able to build a credible democratic AI strategy, Canada should be near the top of that list.<\/p>\n<p>AI leadership, though, requires more than an \"AI strategy\". It depends on capacity. It depends on compute. It depends on energy. It depends on adoption trust. It depends on public-sector technical literacy. It depends on companies believing Canada is a stable, serious, technically literate place to build and deploy systems.<\/p>\n<p>That's where Canada's AI ambitions are already in trouble. The government's own consultation record admits the infrastructure gap:<\/p>\n<blockquote>\n<p>Canada faces significant gaps in AI infrastructure<\/p>\n<\/blockquote>\n<p>with respondents calling for a roadmap focused on sovereign, sustainable, public-benefit infrastructure. The government\u2019s <a rel=\"external\" href=\"https:\/\/ised-isde.canada.ca\/site\/ised\/en\/canadian-sovereign-ai-compute-strategy\">Sovereign AI Compute Strategy<\/a> is a partial answer to this, with up to $700 million intended to support domestic compute capacity and help safeguard Canadian data and intellectual property. It's an important investment, a necessary one, but compute alone is not capacity.<\/p>\n<p>A sovereign data centre does not fix weak privacy law. A public supercomputer does not fix poor procurement. A compute fund doesn't fix regulatory instability. A national AI strategy doesn't create public trust if the rest of the government is simultaneously normalizing surveillance, identity checks, rushed lawful-access powers, and trade fights that make digital investment in Canada feel unpredictable.<\/p>\n<p>That was the contradiction Canadian digital policy expert Michael Geist pointed at when he argued <a rel=\"external\" href=\"https:\/\/www.michaelgeist.ca\/2026\/06\/digital-self-sabotage-why-canadas-ai-strategy-is-set-to-fail-before-it-even-launches\/\">Canada's AI strategy is set to fail before it even launches<\/a>. As he put it:<\/p>\n<blockquote>\n<p>Canada cannot become an AI leader while it builds a reputation for poorly conceived policies that threaten security, make internet services uneconomic and raise new barriers to the very adoption the strategy is meant to encourage.<\/p>\n<\/blockquote>\n<p>People already distrust AI systems. People definitely will not trust AI systems if they believe the surrounding legal environment is careless with privacy. Companies will hesitate to build in Canada if lawful-access rules create uncertainty around encryption and data minimization. Public institutions will struggle to deploy AI responsibly if procurement treats technical capacity as something that can be purchased after policy is already decided. Researchers and startups will struggle if sovereign compute exists on paper but access remains scarce, expensive, or captured by large incumbents.<\/p>\n<p>And ordinary Canadians will not be reassured by a government that says \u201cAI for all\u201d while floating age-verification and identity-checking ideas that could turn broad access to online services into another place where people must prove who they are.<\/p>\n<p>A serious Canadian AI strategy would start from the premise that trust is infrastructure. Privacy law is infrastructure. Public-sector competence is infrastructure. Procurement discipline is infrastructure. Clear liability rules are infrastructure. Secure cloud capacity is infrastructure. Interoperability, auditability, data governance, and competition policy are all infrastructure. Instead, Ottawa too often treats AI as an adoption campaign with some guardrails attached.<\/p>\n<p>Canada does not yet need another ambitious strategy document that says the country will lead in responsible AI. It needs the boring machinery that makes leadership plausible. It needs a privacy regime people can trust. It needs public institutions that can buy and evaluate technology intelligently. It needs domestic compute that researchers and companies can actually use. It needs rules that protect secure systems instead of making them legally uncertain. It needs child-safety policy that does not quietly become identity infrastructure. It needs a trade-aware digital policy that does not keep triggering predictable backlash and retreat.<\/p>\n<p>Canada\u2019s AI strategy risks becoming ambition without the capacity to back it up.<\/p>\n<p>And ambition without capacity is not sovereignty. It's a press release waiting to be disappointed.<\/p>\n<h2 id=\"streaming-and-the-digital-services-tax-mistaking-assertion-for-leverage\">Streaming and the Digital Services Tax: mistaking assertion for leverage<\/h2>\n<p>The same mistake appears again in Canada\u2019s fights over streaming and digital taxation.<\/p>\n<p>Both of these files start from legitimate concerns. Canadian culture matters. Francophone Canadian content matters. Indigenous content matters. Local news, documentary work, children\u2019s programming, independent production, and the simple ability of Canadians to see themselves reflected in their own media all matter.<\/p>\n<p>The reality is that Canada lives beside the most powerful cultural machine in human history. The United States doesn't merely export products. It exports stories, accents, politics, celebrities, platforms, formats, assumptions, and a shared default reality that can swallow smaller countries whole without anyone needing to plan it. English Canada in particular exists in the shadow of a cultural juggernaut that speaks largely the same language, dominates the same platforms, and can flood the zone with more money, more content, and more global attention than Canadian creators can reasonably match.<\/p>\n<p>So the instinct behind CanCon is not ridiculous. It is not embarrassing. It's not some quaint nationalist relic from the broadcast era. It is a recognition that markets alone will not reliably preserve Canadian cultural space when the neighbouring market is enormous, wealthy, aggressive, and globally dominant.<\/p>\n<p>The problem isn't that Canada wants to protect its cultural identity. The problem is that cultural sovereignty still has to be implemented competently.<\/p>\n<p>The CRTC\u2019s online streaming decision is the clearest example. In 2024, the CRTC created a 5% base contribution requirement for certain online streaming services. In May 2026, it went much further, setting the Canadian programming expenditure requirement for online streaming services at 15%, including that earlier 5% base contribution. The regulator described the framework as part of a modernized system for Canadian and Indigenous programming. The policy goal was cultural. The instrument was financial. The consequences were predictable.<\/p>\n<p>Experts immediately raised the alarm. In a <a rel=\"external\" href=\"https:\/\/www.michaelgeist.ca\/2026\/05\/from-levy-to-liability-why-canada-risks-facing-hundreds-of-millions-in-retaliatory-tariffs-due-to-the-crtcs-online-streaming-act-ruling\/\">blog post from Geist<\/a>, he argued that the ruling created serious trade exposure for Canada under CUSMA, with Canada potentially relying on the cultural exemption while giving the United States the right to retaliate with measures of equivalent commercial effect, putting Canada at risk of hundreds of millions in retaliatory tariffs.<\/p>\n<p>Within a matter of weeks, the <a rel=\"external\" href=\"https:\/\/apnews.com\/article\/canada-streamers-netflix-canadian-content-5d364ef91fadf55dd29dad87a133f5bf\">federal government was ordering the CRTC to review its decision<\/a> after pressure from the Motion Picture Association and the US ambassador, with trade talks between Canada and the United States in the background. A sovereign cultural policy shouldn't have to be unwound almost immediately because the trade and affordability consequences were too obvious to ignore.<\/p>\n<p>This mirrored the Digital Services Tax. Similarly, Canada had a reasonable underlying complaint. Digital giants earn substantial revenue in Canada, and traditional tax systems have struggled to capture value created through users, data, advertising, platforms, and marketplaces. The Canadian Digital Services Tax applied a 3% tax to certain digital services revenue from Canadian users above the relevant threshold, and it was designed to apply retroactively.<\/p>\n<p>Then, the completely predictable thing happened. The United States suspended trade negotiations with Canada over the tax. <a rel=\"external\" href=\"https:\/\/www.canada.ca\/en\/department-finance\/news\/2025\/06\/canada-rescinds-digital-services-tax-to-advance-broader-trade-negotiations-with-the-united-states.html\">Canada announced it would rescind the Digital Services Tax<\/a>, halt collection, and bring forward legislation to repeal the Act in order to advance broader trade negotiations.<\/p>\n<p>The streaming decision and the Digital Services Tax belong together because they show the same failure from different angles. In both cases, Ottawa identified a real problem. In both cases, the policy goal was defensible. In both cases, the execution underestimated how foreign firms and foreign governments would respond. And in both cases, Canada\u2019s eventual position looked weaker because the government had asserted control without first establishing leverage.<\/p>\n<h2 id=\"age-verification-mistaking-safety-for-identity-infrastructure\">Age verification: mistaking safety for identity infrastructure<\/h2>\n<p>Age verification is another place where Ottawa appears to be mistaking a legitimate goal for a safe mechanism. The legitimate goal is obvious. Children should not be abandoned online. They should not be pushed into adult content by platforms, recommendation systems, advertising incentives, search results, or services designed with no serious regard for age, vulnerability, or consent. A country is allowed to care about that. It arguably should care about that.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/www.parl.ca\/documentviewer\/en\/45-1\/bill\/S-209\/first-reading\">Bill S-209<\/a> is framed as a bill to restrict young people\u2019s access to online pornography. It makes it an offence for organizations to make pornographic material available to young persons on the Internet, and allows an enforcement authority to take steps to prevent that material from being made available in Canada. The bill creates a defence only where the organization implemented a prescribed age-verification or age-estimation method. It also contemplates Federal Court orders requiring Internet service providers to prevent access, and even acknowledges that such orders may have the effect of blocking access to material other than the targeted pornographic material.<\/p>\n<p>All noble goals, but not without serious risk. Once the law requires people to prove they are old enough before accessing online content, the question immediately becomes: prove it to whom, using what system, with what data, retained where, audited by whom, and usable for what else later?<\/p>\n<p>Age verification can mean checking government ID. Age estimation can mean biometric or AI-based inference. Age assurance can involve third-party credential systems, device-level checks, tokens, accounts, facial analysis, or other mechanisms that may be more or less privacy-protective depending on implementation. The point is that there is no single harmless thing called \u201cage verification.\u201d There are systems, and those systems all have failure modes.<\/p>\n<p>If age checks become a standard condition for accessing broad categories of online material, then Canada is not merely keeping minors away from pornography. It is helping build a web where adults increasingly have to identify, verify, estimate, or credential themselves before they can read, search, post, watch, or communicate. And that's a massive architectural change.<\/p>\n<p>It changes the web from a space where access is often anonymous or pseudonymous by default into one where access can depend on passing through an identity layer. Once that layer exists, it will not necessarily remain politically confined to the first use case. The same infrastructure built for pornography can be demanded for gambling, alcohol, cannabis, social media, violent content, health information, dating apps, app stores, AI chatbots, or anything else a future government decides is harmful to minors.<\/p>\n<p>A Canadian law, passed in the name of protecting children, may push Canadians toward third-party identity and age-verification services, potentially outside Canada, so they can access lawful online content. That is an astonishing result for a country claiming to care about digital sovereignty.<\/p>\n<h2 id=\"the-institutional-pattern\">The institutional pattern<\/h2>\n<p>The same institutional failure keeps appearing. Ottawa identifies a real problem:<\/p>\n<p>Police investigations are real. Law enforcement does need lawful access to evidence in serious cases. Child safety is real. Children should not be abandoned to platforms, content systems, and recommendation engines that were not designed with their interests in mind. AI capacity is real. Canada cannot simply watch the next industrial platform form elsewhere and hope research prestige will carry it through. Canadian culture is real. A country should care about whether its stories, languages, news, and artists can survive in a platform-dominated media environment. Tax fairness is real. The largest digital companies should not be able to extract revenue from Canadian markets while escaping meaningful public obligations.<\/p>\n<p>These are all real problems for a government to solve. The issue is not that Ottawa cares about the wrong things. The issue is that it keeps reaching for frameworks that ignore how digital systems behave.<\/p>\n<p>Bill C-22 takes the real problem of lawful access and drifts toward a framework that may make secure architecture legally uncertain. Age verification takes the real problem of child safety and risks building identity infrastructure into ordinary access to the web. The AI strategy takes the real problem of national capacity and risks treating ambition as if it were infrastructure. The streaming fight takes the real problem of Canadian cultural production and turns it into a trade and affordability problem. The Digital Services Tax took the real problem of tax fairness and produced a predictable confrontation that Canada ultimately retreated from.<\/p>\n<p>The problem isn't just that the policies are controversial. The problem is the downstream effects were entirely predictable. If you require providers to retain data, some systems will become less secure. If you create secret technical-access powers, companies that sell privacy and security will warn that they cannot operate under them. If you impose broad age-verification duties, the issue will not remain \u201cchildren and pornography.\u201d It will become identity, privacy, blocking, scope creep, and who controls the credential layer of the web. If you create expensive obligations for streaming services, some of those costs will be passed to consumers, challenged in court, or turned into trade pressure. If you tax American digital companies unilaterally, the United States may retaliate. If you release an AI strategy while the rest of your digital policy stack is unstable, privacy-invasive, trade-exposed, and legally uncertain, builders will notice.<\/p>\n<p>None of this requires prophecy. It simply requires you to listen. That's the part Ottawa seems worst at. The institutional habit is to treat technical, legal, trade, and civil-liberties warnings as stakeholder noise. A company objects, so it must be protecting its business model. A civil liberties group objects, so it must be absolutist. A privacy lawyer objects, so it must be legal caution. A security engineer objects, so it must be implementation detail. A trade expert objects, so it must be pessimism. A platform threatens to leave, so it must be bluffing.<\/p>\n<p>Sometimes those motives are definitely real. Companies are self-interested. Advocacy groups have priors. Lawyers are cautious. Engineers can be narrow and strongly-opinionated. Trade experts can be conservative. Platforms can posture.<\/p>\n<p>But a warning doesn't become false just because the person giving it has interests. Apple can be self-interested and right about encryption. Signal can be uncompromising and right about secure messaging. Privacy lawyers can be severe and right about constitutional risk. Civil society groups can be ideological and right about overbreadth.<\/p>\n<p>The government\u2019s job is not to sort every critic into a dismissible category. Its job is to ask whether the warning is true. Too often, the warning is treated as something to manage after the bill has already become politically committed. That's frankly, a really backwards way to approach policy. In digital policy specifically, the implementation details are not minor details. They <em>are<\/em> the policy.<\/p>\n<p>A metadata-retention power isn't a drafting footnote. It changes what providers must keep. A secret technical order is not merely an investigative tool. It changes how infrastructure may be governed. An age-verification requirement is not just a content rule. It changes how people access the web. A streaming contribution formula is not just cultural policy. It changes pricing, investment, trade exposure, and market behaviour. An AI strategy is not just a strategy. It depends on compute, privacy, procurement, energy, security, data governance, and trust.<\/p>\n<p>Ottawa seems to keep legislating as if digital systems are passive. They are not. Companies route around risk. Users lose trust. Small firms avoid markets. Large incumbents absorb compliance costs and become stronger. Foreign governments retaliate. Courts intervene. Security architectures change. Data gets retained because the law made deletion risky. Identity systems appear because a safety rule required proof. Public institutions buy tools they don't fully understand because adoption targets came before capacity.<\/p>\n<p>That's how bad digital policy compounds. One file creates a trust problem. Another creates a trade problem. Another creates an identity platform. Another creates a compliance problem. Each one is defended in isolation as narrow, necessary, and manageable. Together, they form the operating environment in which Canadian digital systems have to exist.<\/p>\n<p>That's why \"digital sovereignty\" can't just be a campaign slogan attached to individual announcements. It requires institutional discipline. It requires the government to see the whole stack: law, infrastructure, markets, security, trade, privacy, competition, public-sector capacity, and user trust. It requires asking not only \u201cwhat power do we want?\u201d but \u201cwhat system will this create?\u201d It requires understanding that control can reduce sovereignty when it drives away capacity, weakens trust, or increases dependence on larger foreign firms that can survive the compliance burden.<\/p>\n<p>The real scandal isn't that Ottawa gets every file wrong. It doesn't. The scandal is that the same mistakes keep recurring across files that should have taught each other something.<\/p>\n<p>The <em>Online News Act<\/em> should have taught Ottawa that platforms have exit options.<\/p>\n<p>The Digital Services Tax should have taught Ottawa that digital policy is trade policy.<\/p>\n<p>The CRTC's streaming ruling should have taught Ottawa that cultural policy still has to survive affordability, market, and trade reality.<\/p>\n<p>Bill C-22 should teach Ottawa that lawful authority is not the same as safe architecture.<\/p>\n<p>Age verification should teach Ottawa that child-safety policy can become identity infrastructure.<\/p>\n<p>The AI strategy should teach Ottawa that ambition is meaningless without capacity and trust.<\/p>\n<p>The lessons are all here. The question is whether the institution can learn them before the next bill, mandate, levy, framework, or strategy repeats the same mistake under a different name.<\/p>\n<h2 id=\"what-digital-sovereignty-would-actually-require\">What digital sovereignty would actually require<\/h2>\n<p>Canada does not need to abandon its digital sovereignty ambitions. It needs to become serious about them.<\/p>\n<p>That means treating digital sovereignty as more than the ability to assert jurisdiction over foreign companies. It's not enough to compel, tax, mandate, block, regulate, or require. Those are tools. They are not a strategy. Used badly, they can make Canada less sovereign by weakening trust, increasing dependence on large foreign incumbents, driving away domestic firms, creating trade exposure, or building privacy-invasive infrastructure that Canadians have no reason to trust.<\/p>\n<p>Real digital sovereignty starts from a different premise. One that treats secure systems as national assets. Strong encryption should not be seen as a law enforcement obstacle to be worked around. Data minimization should not be treated as suspicious. No-logs architecture should not become a compliance defect. Systems where provider access does not exist by design should be recognized as part of Canada\u2019s security posture, not as an inconvenience for future access demands.<\/p>\n<p>A country that wants trustworthy digital infrastructure should want companies that collect less data, hold fewer keys, and reduce attack surfaces. It should want Canadian companies like Tailscale and Windscribe to stay here, build here, pay taxes here, hire here, and contribute to a domestic security ecosystem. It should not put them in the position of wondering whether Canadian law will make their core security promises impossible to keep.<\/p>\n<p>Real digital sovereignty would also require better law. Not just more law. Better law.<\/p>\n<p>Law that is narrow where it touches digital rights. Law that is technically literate when it touches architecture. Law that uses courts and independent oversight where state power is intrusive. Law that understands the difference between targeted access to existing evidence and broad obligations to preserve future access. Law that does not hide major infrastructure-shaping powers behind secrecy and then ask the public to trust that nothing important will happen. If trust is the foundation of the digital economy, then the law itself has to be trustworthy.<\/p>\n<p>Real digital sovereignty would require public-sector competence. Canada cannot govern digital systems well if the public sector lacks the internal capacity to understand what it is buying, regulating, mandating, or deploying. A government that cannot evaluate technical claims becomes dependent on vendors. A government that cannot retain technical talent becomes dependent on consultants. A government that treats implementation as someone else\u2019s problem will keep discovering that the implementation was the policy all along. The people who understand systems need to be in the room before policy hardens, not called as witnesses after the government has already decided what it wants the bill to mean.<\/p>\n<p>Real digital sovereignty would require trade competence. Canada is a middle power. It lives beside the United States. As much as we'd like to, we cannot pretend otherwise. That doesn't mean surrendering every policy choice to American pressure. It means understanding leverage before picking the fight.<\/p>\n<p>A digital services tax, a streaming levy, an app-store rule, a cloud policy, a data-localization requirement, or a platform obligation doesn't exist in a domestic vacuum. These are also trade policies, industrial policies, and geopolitical signals. If Canada wants to regulate powerful foreign companies, it needs rules that can survive retaliation, litigation, market response, and consumer impact.<\/p>\n<p>Real digital sovereignty would require humility.<\/p>\n<p>This may be the hardest part. Ottawa needs to stop treating expert criticism as something to be categorized and managed. A warning from Apple is not automatically false because Apple has interests. A warning from Signal is not automatically extreme because Signal is uncompromising. A warning from privacy lawyers is not automatically procedural caution. A warning from engineers is not merely implementation detail. A warning from civil society is not automatically activism. A warning from trade experts is not defeatism. Every critic has interests. The question is whether the criticism is true.<\/p>\n<p>That's the discipline Canada keeps failing to show. It identifies a real problem, reaches for power, dismisses predictable objections, and then discovers that the system responds. Providers threaten to leave. Platforms block links. Trade partners retaliate. Costs rise. Courts get involved. Trust declines. Compliance burdens strengthen incumbents. Identity infrastructure expands. Secure systems become legally uncertain. Then everyone acts surprised.<\/p>\n<p>Canada can't keep governing digital systems this way. It has too much talent for that. It has too much history for that. Waterloo, Toronto, UBC, McGill, Montr\u00e9al, Ottawa, Vancouver, Kanata North, OpenBSD, BlackBerry, Nortel\u2019s ghost, Canadian privacy law, civil society, security engineers, AI researchers, telecom veterans, cloud infrastructure people, and open-source contributors all point to the same uncomfortable fact.<\/p>\n<p>Canada has enough knowledge to do better. To know better. To be better.<\/p>\n<p>Canada keeps saying it wants digital sovereignty.<\/p>\n<p>Maybe we should start acting like we understand what that really means.<\/p>\n"},{"title":"L\u2019article relate beaucoup le cafouillage","pubDate":"Tue, 02 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/polysecure\/","guid":"https:\/\/ethanplant.ca\/notes\/polysecure\/","description":"<p>Petite note en fran\u00e7ais, avec une mise en garde n\u00e9cessaire : mon fran\u00e7ais est, franchement, assez faible. J\u2019ai appris le fran\u00e7ais \u00e0 l\u2019\u00e9cole comme beaucoup de Canadiens anglais, mais je ne l\u2019utilise pas assez souvent. Donc, si cette note sonne un peu maladroite, c\u2019est probablement parce qu\u2019elle l\u2019est.<\/p>\n<p>Mais je voulais quand m\u00eame \u00e9crire quelque chose.<\/p>\n<p>Mon article sur le projet de loi C-22 a \u00e9t\u00e9 mentionn\u00e9 dans l\u2019\u00e9pisode du 31 mai 2026 de <a rel=\"external\" href=\"https:\/\/polysecure.ca\/posts\/episode-0x770.html#ec9684b5\">PolyS\u00e9cure<\/a>, un balado qu\u00e9b\u00e9cois sur la cybers\u00e9curit\u00e9. C\u2019\u00e9tait assez dr\u00f4le, et aussi assez touchant, de d\u00e9couvrir que mon texte avait travers\u00e9 la fronti\u00e8re linguistique et \u00e9tait arriv\u00e9 dans une discussion francophone s\u00e9rieuse sur la s\u00e9curit\u00e9, la vie priv\u00e9e, et les droits num\u00e9riques.<\/p>\n<p>La meilleure partie, \u00e9videmment, \u00e9tait la description de l\u2019article comme un texte qui \u00ab relate beaucoup le capouillage \u00bb autour du projet de loi.<\/p>\n<p>Je ne peux pas imaginer une meilleure critique.<\/p>\n<p>C\u2019est aussi, honn\u00eatement, une bonne description de ce que j\u2019essayais de dire. Le probl\u00e8me avec C-22 n\u2019est pas seulement le fond du projet de loi. C\u2019est aussi le processus. La consultation semble insuffisante. Les explications du gouvernement sont faibles. Les experts techniques et juridiques soul\u00e8vent des inqui\u00e9tudes s\u00e9rieuses. Et malgr\u00e9 tout cela, Ottawa semble encore tent\u00e9 d\u2019aller trop vite.<\/p>\n<p>Donc oui : beaucoup de cafouillage.<\/p>\n<p>Merci \u00e0 PolyS\u00e9cure d\u2019avoir lu l\u2019article, de l\u2019avoir inclus dans les notes de l\u2019\u00e9pisode, et d\u2019avoir pris le sujet au s\u00e9rieux. C\u2019est exactement le genre de discussion publique dont ce projet de loi a besoin.<\/p>\n"},{"title":"Totality Is Different","pubDate":"Mon, 01 Jun 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/totality\/","guid":"https:\/\/ethanplant.ca\/notes\/totality\/","description":"<p>I was reminded today, after seeing a <a rel=\"external\" href=\"https:\/\/www.reddit.com\/r\/explainlikeimfive\/s\/JIASpkJ83v\">Reddit thread<\/a> about how often total solar eclipses actually happen, of the 2024 eclipse I watched from Mount Royal in Montr\u00e9al.<\/p>\n<p>I had seen a partial eclipse before, in Toronto in 2017.<\/p>\n<p>It was cool. The light changed. Crescent shadows appeared on the ground. A kind soul offered me the chance to view it through his eclipse glasses. That afternoon felt a little strange. A little thin. Like someone had put a filter over the world.<\/p>\n<p>But it was still the world.<\/p>\n<p>It was still daytime.<\/p>\n<p>It did not prepare me for totality.<\/p>\n<p>Nothing can.<\/p>\n<p>I had heard all the warnings. I had heard people say that a partial eclipse and a total eclipse aren\u2019t the same thing. I had heard that totality was overwhelming. I had heard that people cried. I believed them.<\/p>\n<p>But there is a difference between knowing something will happen and feeling your body react when it does.<\/p>\n<p>A partial eclipse is something happening to the Sun.<\/p>\n<p>A total eclipse is something happening to you.<\/p>\n<p>In the minutes before totality, I shot a video looking out over Montr\u00e9al. What gets me now is watching the city give in before I fully understood what was happening.<\/p>\n<p>Streetlights came on.<\/p>\n<p>Building lights appeared.<\/p>\n<p>Headlights started to matter.<\/p>\n<p>It was the middle of the afternoon, but the city started acting like it was evening. Not because anyone decided it was evening. Not because there was a schedule. The light was simply wrong enough that the machines believed the day was ending.<\/p>\n<p>That was the first moment it stopped feeling cool.<\/p>\n<p>It felt\u2026 wrong.<\/p>\n<p>Then nature reacted.<\/p>\n<p>That was the part I wasn\u2019t fully ready for. Nighttime bugs started chirping in the middle of the afternoon. Birds got confused. The temperature dropped. The light kept draining out of the sky in this sickly, unnatural way. It was not like sunset. Sunset has a direction. Sunset has a rhythm. Sunset feels like the day closing.<\/p>\n<p>This felt like the world losing power.<\/p>\n<p>Then the horizon went strange.<\/p>\n<p>Sunset in every direction.<\/p>\n<p>Not sunset in the west. Not the normal, comforting geometry of evening. Every direction. A band of dim orange light around the whole horizon, with Montr\u00e9al underneath it, darkening in the middle like the city had been placed under a bowl.<\/p>\n<p>That is when some old animal part of me started paying attention.<\/p>\n<p>Because your brain can know the science. It can know the Moon is passing in front of the Sun. It can know the path was calculated years in advance. It can know the whole thing is ordinary celestial mechanics.<\/p>\n<p>Your body doesn\u2019t really care.<\/p>\n<p>Your body looks at the light disappearing in the middle of the afternoon, hears the insects starting up, feels the air go cold, sees the horizon turn to sunset everywhere at once, and decides that something is very, very wrong.<\/p>\n<p>And then totality hits.<\/p>\n<p>The Sun disappears.<\/p>\n<p>It doesn\u2019t dim.<\/p>\n<p>It doesn\u2019t fade.<\/p>\n<p>Disappears.<\/p>\n<p>And in its place is this perfect black circle hanging in the sky, surrounded by a bright white halo, with enormous wisps of light stretching out into the dark.<\/p>\n<p>It does not look like the Moon covering the Sun.<\/p>\n<p>It looks like the Sun has been removed. Like it was just plucked from the sky.<\/p>\n<p>Honestly, the only comparison I can think of is that it looked like the Sun had been replaced by a black hole.<\/p>\n<p>A hole in the afternoon.<\/p>\n<p>A hole where daylight is supposed to come from.<\/p>\n<p>A hole with fire around it.<\/p>\n<p>It is immensely beautiful, but beautiful is not the right word. Beautiful feels almost too polite. It is terrifying. It is holy in the oldest and least comfortable sense of that word. It feels like seeing something you were not supposed to see.<\/p>\n<p>The whole sky is wrong.<\/p>\n<p>The whole city is wrong.<\/p>\n<p>The animals are wrong.<\/p>\n<p>You... are wrong.<\/p>\n<p>And above it all is that black circle, perfectly still, like it is presiding over the end of the world.<\/p>\n<p>Then the people reacted.<\/p>\n<p>Some cheered.<\/p>\n<p>Some cried.<\/p>\n<p>Some became visibly overwhelmed, like their bodies had reached for a response before their minds could choose one.<\/p>\n<p>And some of us just went silent.<\/p>\n<p>That was my reaction. No clever comment. No immediate explanation. No attempt to narrate the moment while it was happening. Just silence. Because what do you even say when the Sun has vanished and the whole world is standing underneath it?<\/p>\n<p>I know that sounds dramatic.<\/p>\n<p>I simply don\u2019t know how else to describe it.<\/p>\n<p>For those few minutes, the explanation is not enough. The science is true, obviously. But the experience is older than the explanation. You are standing there in a modern city, surrounded by cameras and traffic lights and apartment buildings and thousands of people who all know exactly what is happening, and still some ancient part of your nervous system is screaming.<\/p>\n<p>The Sun went out.<\/p>\n<p>The Sun went out and the world noticed.<\/p>\n<p>In that moment I fully understood why ancient cultures built rituals around eclipses. Of course they did. What else are you supposed to do with that? The Sun disappears in the middle of the day. The animals panic. The horizon turns strange. The air gets cold. The sky opens. The Sun is replaced with a black circle surrounded by fire.<\/p>\n<p>Obviously someone angered something.<\/p>\n<p>Obviously the world requires an answer.<\/p>\n<p>And the strangest part is how absolute the boundary is. Go a kilometre outside the path of totality and the eclipse is interesting. Maybe eerie. Maybe beautiful. But it is not this.<\/p>\n<p>The Sun is too bright. Even a tiny sliver of it keeps the world intact.<\/p>\n<p>Inside the path, that last sliver vanishes.<\/p>\n<p>And the machinery flips.<\/p>\n<p>Day becomes night.<\/p>\n<p>The city turns itself on.<\/p>\n<p>The insects wake up.<\/p>\n<p>The birds lose the plot.<\/p>\n<p>The horizon burns in every direction.<\/p>\n<p>And for a few minutes, daylight stops feeling like a law of nature.<\/p>\n<p>It feels fragile.<\/p>\n<p>It feels conditional.<\/p>\n<p>It feels like something that can be taken away.<\/p>\n"},{"title":"Finding Myself in the Small Web","pubDate":"Sat, 30 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/small-web\/","guid":"https:\/\/ethanplant.ca\/notes\/small-web\/","description":"<p>One of the stranger pleasures of having a personal website is seeing how it moves around the web without you.<\/p>\n<p>I was looking at this site's analytics and noticed I had a surprising amount of traffic coming from <a rel=\"external\" href=\"https:\/\/kagi.com\">Kagi<\/a>. Nothing massive, but definitely persistent. At first I assumed it was just search traffic.<\/p>\n<p><img src=\"\/images\/kagi.png\" alt=\"Screenshot of analytics showing hits from Kagi\" \/><\/p>\n<p>Then I discovered the reason. This site had been added to <a rel=\"external\" href=\"https:\/\/kagi.com\/smallweb\/\">Kagi's Small Web<\/a> feed. And that feels... oddly perfect.<\/p>\n<p>I built this site to be my own small piece on the web. Static pages. RSS. Writing. Notes. Projects. A colophon. A few unfinished rooms. No popups. No trackers. No attempt to turn every visitor into a conversion event. And somehow it was found by a system explicitly interested in small, personal, human-scale websites.<\/p>\n<p>Something about that is quietly encouraging.<\/p>\n<p>A lot of the modern web teaches you to think discovery must come through platforms. Post to the feed. Optimize the title. Build the audience. Capture the email. Improve the funnel. Measure the retention. But this was something else.<\/p>\n<p>This was the web doing one of the things it's still very good at when you let it: finding a page, following a feed, adding a link, and quietly making one small place visible from another. That feels much closer to the web I actually like. Not viral. Not optimized. Not algorithmically forced into someone\u2019s attention.<\/p>\n<p>Just... discovered.<\/p>\n<p>A personal site can honestly feel lonely at first. You make the pages, fix the CSS, get RSS working, watch bots ask if you are WordPress, and wonder whether any of it exists outside your own little maintenance loop.<\/p>\n<p>Then one day you find your site in someone else\u2019s small-web list. A tiny, yet real proof of life.<\/p>\n<p>The web noticed.<\/p>\n"},{"title":"Bill C-22 Is a Mess of the Government\u2019s Own Making","pubDate":"Wed, 27 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/bill-c22-is-a-mess\/","guid":"https:\/\/ethanplant.ca\/writing\/bill-c22-is-a-mess\/","description":"<p><a rel=\"external\" href=\"https:\/\/x.com\/mgeist\/status\/2059393967255355498\">\"A mess of the government's own making.\"<\/a><\/p>\n<p>Those were the words used by Canadian digital policy expert Michael Geist following Tuesday's committee meeting regarding Bill C-22. And it's honestly the most generous way to describe what's happening.<\/p>\n<p>The government introduced a sweeping lawful access bill. Experts warned that it was overly broad, vague, and technically risky. Major technology companies warned it could undermine encryption and secure systems. Civil liberties groups warned about surveillance powers. Privacy lawyers warned about the rule of law. A House of Commons petition calling for the bill's withdrawal surged into thousands of signatures almost immediately. Committee hearings became chaotic. Opposition MPs argued they didn't have enough information. The Privacy Commissioner's recommendations were apparently not distributed in advance. The government then accused critics of spreading misinformation, while simultaneously making misleading comments that needed to be walked back within hours.<\/p>\n<p>This is not how a serious government should be handling a serious bill.<\/p>\n<p>The government's basic defence has been that people are misunderstanding Bill C-22. We are told it doesn't require backdoors. We're told it does not create new lawful access authorities. We're told it's about modernization, public safety, and ensuring police and intelligence agencies can obtain information under existing legal authorities.<\/p>\n<p>That might be more convincing if the people objecting were confused.<\/p>\n<p>But they are not.<\/p>\n<p>The coalition objecting to this bill includes privacy experts, civil liberties groups, digital rights organizations, major technology companies, VPN providers, legal scholars, software developers, and ordinary Canadians who have taken the time to read what the bill actually says.<\/p>\n<p>At some point, the problem is not that everyone is misunderstanding the bill.<\/p>\n<p>The problem is the bill.<\/p>\n<h2 id=\"the-government-keeps-answering-the-wrong-question\">The government keeps answering the wrong question<\/h2>\n<p><a rel=\"external\" href=\"https:\/\/www.canada.ca\/en\/services\/policing\/police\/crime-and-crime-prevention\/lawful-access.html#a4\">The government's major defence is that Bill C-22 doesn't require backdoors<\/a>.<\/p>\n<blockquote>\n<p>Bill C-22 would not create \"backdoors\" and weakening of cybersecurity<\/p>\n<\/blockquote>\n<blockquote>\n<p>The Canadian Centre for Cyber Security defines a \"back door\" as a hidden mechanism that bypasses security controls. Bill C-22 does not require ESPs to create \"backdoors\" to their systems or the weaken electronic protections, including encryption.<\/p>\n<\/blockquote>\n<blockquote>\n<p>Bill C-22 does not alter the existing responsibility of ESPs to protect their networks from hacking or other unauthorized access. The Government of Canada will be required, by law, to consult impacted ESPs, both in the making of regulations and the issuance of Ministerial Orders, and take into account the potential impact on cost, cybersecurity and privacy protections.<\/p>\n<\/blockquote>\n<p>But that doesn't answer the concern.<\/p>\n<p>The concern is not only whether the bill uses the term \"backdoor\" or explicitly orders a company to bypass encryption. The concern raised by tech providers is whether the bill creates legal pressure for companies to retain data, preserve access capability, avoid deploying stronger encryption, build technical interfaces, comply with ministerial orders, or redesign systems so future access remains possible. That is the heart of this debate.<\/p>\n<p>Modern secure systems are increasingly designed such that even the provider cannot access user content, encryption keys, logs, or other sensitive data. End-to-end encryption, zero-knowledge storage, and no-logs services are not loopholes designed to protect criminals. They're the basic foundation modern secure systems are built on. If a provider does not have access to data, it cannot leak it, misuse it, hand it over by mistake, expose it to insiders, or lose it in a breach.<\/p>\n<p>A government can say they're not asking for a backdoor. But, if the practical effect of the law is to make providers preserve access capability that would not otherwise exist, the architecture still resembles a backdoor.<\/p>\n<h2 id=\"apple-s-stark-warning\">Apple's stark warning<\/h2>\n<p>In front of the Standing Committee on Public Safety and National Security, Apple gave the government a warning it should not be able to ignore.<\/p>\n<blockquote>\n<p>\"As you know, this may be one of the last times we're permitted to discuss the consequences of this legislation publicly.\"<\/p>\n<\/blockquote>\n<p>That line should hang over this entire debate.<\/p>\n<p>Apple continued,<\/p>\n<blockquote>\n<p>\"That's because of the bill's secrecy provisions which forbid companies like Apple from even discussing the orders we receive with our users or the public.\"<\/p>\n<\/blockquote>\n<p>That is an extraordinary, and unsettling thing for a company to have to say to Parliament.<\/p>\n<p>The government wants Canadians to trust that Bill C-22 will not be used to undermine encryption or secure systems. But, if companies can receive technical access orders and then be forbidden from telling users or the public about those orders, the government's reassurance becomes impossible to verify. It is one thing for the government to say, today, in public, that it does not intend to require backdoors or systemic vulnerabilities. It is another thing entirely to pass a law that may later prevent the affected companies from publicly explaining what they've been ordered to do. If the government's answer is \"trust us\" and the bill's secrecy provisions make it nearly impossible to check whether that trust has been earned, the bill has a serious democratic legitimacy problem.<\/p>\n<p>It also matters who delivered that warning.<\/p>\n<p>Apple's representative, Erik Neuenschwander is Apple's Senior Director of User Privacy and Child Safety. He is also a former software engineer. Erik is not just a PR spokesperson sent to repeat corporate talking points. He understands this reality deeply. He is the exact sort of person Parliament should listen to on a bill that touches encryption, privacy architecture, and technical access obligations. Parliament should have a very difficult time dismissing a senior privacy engineer telling them that this may be the last time his company is allowed to speak publicly on the consequences of legislation.<\/p>\n<h2 id=\"the-government-s-bizarre-response\">The government's bizarre response<\/h2>\n<p>In response, the government seemed to decide that one of its best strategies was to press Apple on whether it has ever supported lawful access legislation elsewhere:<\/p>\n<blockquote>\n<p>\"Has Apple ever gone before a Parliamentary committee or submitted a parliamentary brief a submission to a national parliament on a lawful access regime that Apple actually supported?\" - Anthony Housefather<\/p>\n<\/blockquote>\n<p>Michael Geist took to <a rel=\"external\" href=\"https:\/\/x.com\/mgeist\/status\/2059449267056513390\">X and summarized it well<\/a>:<\/p>\n<blockquote>\n<p>When government thinks its best approach is to target Apple - have you ever supported a lawful access bill anywhere? - you know they\u2019ve lost the plot. Opportunity for real questions about privacy risks for millions of Canadians under Bill C-22 lost with strange line of questions.<\/p>\n<\/blockquote>\n<p>Apple's position is really not difficult to understand. They'll happily comply with lawful requests for information they actually have. They will never support legislation that requires them to weaken security, preserve access they do not have, or redesign systems around government access. The government seems to want to collapse every objection into a refusal to support lawful access, but the serious critics aren't saying police should never obtain digital evidence. They're arguing lawful access must not require insecure architecture, suspicionless metadata retention, secret orders, or compelled redesign of systems where provider access doesn't exist.<\/p>\n<p>Pressing Apple on whether it has supported lawful access laws elsewhere misses the point so badly that it becomes almost clarifying.<\/p>\n<h2 id=\"canada-cannot-normalize-bulk-metadata-retention\">Canada cannot normalize bulk metadata retention<\/h2>\n<p>Despite claims by the government to the contrary, metadata retention is not a routine feature of lawful access. The United States does not have a general mandatory data-retention law. The European Union's Data Retention Directive was struck down by the courts in 2014, with later European cases continuing to reject general and indiscriminate retention of communications data.<\/p>\n<p>Canada needs to be especially cautious because Canadian law has already recognized that this information can be private. In <em>R. v. Spencer<\/em>, the Supreme Court of Canada recognized a privacy interest in subscriber information. <em>R. v. Bykovets<\/em> later affirmed this view as the Court held that an IP address can attract a reasonable expectation of privacy under section 8 of the Charter.<\/p>\n<p>The government cannot wave away metadata retention by arguing it's \"not content\". It can't make the argument metadata is <a rel=\"external\" href=\"https:\/\/www.michaelgeist.ca\/2026\/05\/more-misinformation-on-bill-c-22-as-the-government-struggles-to-defend-its-lawful-access-plan\/\">\"just phone book information\"<\/a>. Canadian constitutional law already moved past this idea. Metadata can be the key that links a person to their online activity.<\/p>\n<h2 id=\"clarifying-metadata-doesn-t-fix-the-problem\">Clarifying metadata doesn't fix the problem<\/h2>\n<p>The government now appears to be looking for amendments. According to <a rel=\"external\" href=\"https:\/\/www.cbc.ca\/news\/politics\/bill-c-22-encryption-cybersecurity-9.7213776\">CBC News<\/a>, the public safety minister has said the government will propose changes \"to ensure there's clarity on what encryption is\", and to better define metadata in the legislation.<\/p>\n<p>The problem with Bill C-22 is not merely that the words \"encryption\", \"metadata\", or \"systemic vulnerability\" need to be better defined. The problem is that the bill creates a power to require broad metadata retention in the first place. If the government wants to protect encryption, it should not merely define encryption. It should explicitly prohibit compelled weakening, bypassing, redesign, removal, or non-deployment of encryption and other privacy-preserving protections. If the government wishes to address metadata concerns, it should not merely define metadata more precisely. It should remove the suspicionless metadata retention power. At minimum, any preservation obligation should be targeted to a specific person, account, device, identifier, or investigation; based on individualized suspicion; authorized by a judge; time-limited; no broader than necessary; and subject to deletion once no longer required.<\/p>\n<h2 id=\"the-consultation-problem-is-now-part-of-the-story\">The consultation problem is now part of the story<\/h2>\n<p>The government's position looks even weaker now that the consultation story is beginning to unravel.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/nationalpost.com\/news\/politics\/government-never-consulted-widely-on-contentious-part-of-police-search-powers-bill\">The National Post reported<\/a> that the government did not widely consult on the metadata retention aspect. The article's headline was deliberately blunt:<\/p>\n<blockquote>\n<p>Government never consulted widely on contentious part of police search powers bill<\/p>\n<\/blockquote>\n<p>The article continues with a quote from Murray Rankin, former chair of the National Security and Intelligence Review Agency and a lead consultant for the government on the bill,<\/p>\n<blockquote>\n<p>\"You know this business about the metadata, it never came up in our conversations. In my work, it never came up.\"<\/p>\n<\/blockquote>\n<p>That is an incredibly damning quote. The metadata retention powers are one of the central problems with the bill, and if they were not properly tested with privacy experts, technical experts, civil liberties groups, providers, and the Privacy Commissioner, then something has gone seriously wrong with the process. And when the process is bad on a bill this technically sensitive and consequential, people are right to be alarmed. The government cannot accuse everyone else of misunderstanding a framework it apparently failed to properly explain, consult on, or stress-test before trying to legislate it.<\/p>\n<h2 id=\"the-committee-problem-itself-is-unraveling\">The committee problem itself is unraveling<\/h2>\n<p><a rel=\"external\" href=\"https:\/\/x.com\/mgeist\/status\/2059442646678970469\">Geist summarized Tuesday's meeting of the committee bluntly<\/a>:<\/p>\n<blockquote>\n<p>What an embarrassment at Bill C-22 SECU hearing. Despite Liberal MPs admitting confusion, government trying to rush the bill through. CPC MPs call for more meetings and ability to hear from officials before submitting amendments. Meeting runs out of time before decision is made.<\/p>\n<\/blockquote>\n<p>This is not a healthy committee process. If Liberal MPs are acknowledging confusion about the bill\u2019s application, and Conservative MPs are asking how amendments can be submitted before hearing properly from officials, the answer should not be to rush ahead. The answer should be to slow down, to hear from officials, to ensure members actually understand the bill before they're expected to amend it. That's the only responsible choice, it's basic legislative competence.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/x.com\/mgeist\/status\/2059371851546050957\">The Privacy Commissioner\u2019s recommendations were apparently not distributed in advance<\/a>. Witnesses did not have enough time to be questioned properly. Members are being asked to think about amendments without having heard enough from officials. Even government MPs appear unsure about the bill\u2019s application.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/x.com\/mgeist\/status\/2059393967255355498\">Geist also pointed to another revealing moment<\/a>:<\/p>\n<blockquote>\n<p>When even Liberal MPs acknowledge the Bill C-22 confusion about its application given how vague it is, maybe there is a need to pull Part 2 until everyone figures it out? Extend the committee study to get it right? What a mess of the government's own making.<\/p>\n<\/blockquote>\n<p>The government keeps insisting that the bill is being misunderstood. But the committee itself seems confused about the bill. Not because MPs are lazy, or because the critics are spreading hysterical misinformation, but because the bill is broad, vague, technical, and consequential.<\/p>\n<p>This is not how Parliament should handle a law that touches encryption, metadata retention, ministerial orders, secrecy, provider obligations, and the architecture of secure systems. The government's attempt to press ahead is making their critics' argument for them.<\/p>\n<h2 id=\"the-defenders-of-the-bill-are-not-helping-themselves\">The defenders of the bill are not helping themselves<\/h2>\n<p>The committee hearing also exposed another problem for the government: some of the bill\u2019s defenders appear to be making the critics\u2019 case for them.<\/p>\n<p><a rel=\"external\" href=\"https:\/\/x.com\/privacylawyer\/status\/2059474721708667388\">Privacy lawyer David T.S. Fraser summarized what he saw at the meeting bluntly<\/a>:<\/p>\n<blockquote>\n<p>The main cheerleader of the lawful access (the Canadian Association of Chiefs of Police) wants to bypass encryption, and they appreciate that the Bill will do this.<\/p>\n<\/blockquote>\n<p>The government keeps saying Bill C-22 doesn't require backdoors and doesn't threaten encryption. But if law enforcement witnesses understand the bill as helping them bypass encryption, then either the government\u2019s assurances are wrong, or the bill is vague enough that major stakeholders are reading it in fundamentally different ways. Neither option is particularly reassuring.<\/p>\n<p>Fraser continued:<\/p>\n<blockquote>\n<p>Apple and Google know how this actually plays out in practice, and how dangerous unclear terminology can be.<\/p>\n<\/blockquote>\n<p>This is the divide at the heart of this debate in one sentence. The government is talking about lawful authority. Meanwhile Apple, Meta, Google, privacy lawyers, and security experts are talking about implementation. A statute can say an access path is lawful. That does not make the access path safe. A statute can say a provider must not introduce a systemic vulnerability. That does not answer whether an authorized exceptional access mechanism is itself a security risk. A statute can say an order is secret. That does not make the order democratically accountable.<\/p>\n<p>Fraser was even more blunt about the law enforcement testimony:<\/p>\n<blockquote>\n<p>The police know shockingly little about the supreme law of our land, and don\u2019t like how much paperwork and bureaucracy it takes to get a judge to permit them to intrude into people\u2019s private lives.<\/p>\n<\/blockquote>\n<blockquote>\n<p>The police who are trotted out to defend the Bill don\u2019t actually understand it.<\/p>\n<\/blockquote>\n<p>Harsh? Absolutely. But also the kind of criticism that should make Parliament pause. If the government is relying on law enforcement witnesses to justify a technically complex lawful access framework, those witnesses need to be able to explain what the bill actually does, how it interacts with existing <em>Criminal Code<\/em> powers, and why its new powers are necessary. Instead, Fraser argued:<\/p>\n<blockquote>\n<p>The police haven\u2019t actually noticed the lawful access provisions they\u2019ve successfully lobbied to have added to our Criminal Code in the last 25 years.<\/p>\n<\/blockquote>\n<p>Bill C-22 is being sold as necessary modernization, and perhaps parts of it are. But if existing lawful access tools are being ignored, misunderstood, or underused, Parliament should be very cautious about creating a new and broader framework layered on top of them.<\/p>\n<p>Fraser's last comment sums up the hearing:<\/p>\n<blockquote>\n<p>The government is doing everything they can to stymie critique and amendments to the Bill.<\/p>\n<\/blockquote>\n<p>This is not just a fight over privacy in the abstract sense. It has now become a fight over whether Parliament is being given the time, information, and seriousness needed to study a bill that affects millions of Canadians. If the government\u2019s own MPs are confused, if opposition MPs are asking for more time with officials, if the Privacy Commissioner\u2019s recommendations were not properly available in advance, if Apple is warning that it may soon be barred from discussing the consequences publicly, and if privacy lawyers are leaving the hearing saying the defenders of the bill do not understand it, then there is no responsible argument for rushing ahead.<\/p>\n<h2 id=\"the-broad-uncomfortable-coalition\">The broad, uncomfortable coalition<\/h2>\n<p>On one side, the government and law enforcement witnesses are insisting the bill is necessary, while struggling to explain its technical and legal implications clearly.<\/p>\n<p>On the other side, Meta, Google, Apple, the Electronic Frontier Foundation, OpenMedia, civil liberties organizations, privacy experts, VPN providers, the Barreau du Qu\u00e9bec, and Canadian internet law scholars are all pointing at similar problems.<\/p>\n<p>The contrast here is hard to miss. These groups do not have the same incentives. Meta and the EFF are effectively sworn enemies. Google and civil liberties groups usually don't arrive at the same conclusions. VPN providers and law professors don't share a single political lane. But, on Bill C-22, they're converging.<\/p>\n<p>That should make Ottawa incredibly nervous. When only one group objects, it's easy to categorize the opposition. Privacy activists oppose surveillance. Big tech companies oppose regulation. Opposition MPs oppose the government. But, when all of the voices begin reaching the same conclusion from different starting points, and begin saying the same thing in different languages, the government should stop assuming the criticism is unserious.<\/p>\n<p>The shared concern between all these groups is the same. Bill C-22, as written, is too broad, too vague, and too technically risky. Its safeguards don't do enough. The metadata retention power is a gross violation of privacy. The ministerial order framework should be narrowed or removed. Encryption and privacy-preserving architecture needs to be explicitly protected. Core privacy and cybersecurity terms should not be left open to later redefinition by regulation.<\/p>\n<h2 id=\"the-petition-is-moving-fast\">The petition is moving fast<\/h2>\n<p><a rel=\"external\" href=\"https:\/\/www.ourcommons.ca\/petitions\/en\/Petition\/Details?Petition=e-7416\">There is now a House of Commons petition calling for the withdrawal of Bill C-22<\/a>. In less than a day it reached the necessary 500 signatures for an official response. At the time of writing, only a few days after the petition went live, there are over 7000 signatures, from every province and territory.<\/p>\n<p>Now, a petition itself isn't going to stop a bill alone. Bill C-21 passed despite having one of the largest petitions in Canadian history against it. It is, however, a formal public record. It tells MPs and the government that public concern is not confined to committee witnesses or niche policy circles. It shows, quite clearly, that the government cannot credibly treat this as a tiny local objection or narrow technical complaint. There is a national concern coming from experts, companies, civil liberties groups, and ordinary Canadians. And the government is required by law to give a response.<\/p>\n<h2 id=\"digital-sovereignty-requires-trust\">Digital sovereignty requires trust<\/h2>\n<p>This is also why Bill C-22 remains nearly impossible to reconcile with Canada's stated digital sovereignty ambitions. The Canadian government has said repeatedly it wants trusted, domestic digital infrastructure. If that's the case, then it should not create legal uncertainty around encryption, metadata retention, compelled technical capability, secrecy, and provider access.<\/p>\n<p>Digital sovereignty means more than having a data centre in Vancouver, or a server rack in Ottawa. It's about whether people can trust the systems built and operated under Canadian law. A Canadian cloud provider doesn't become trustworthy merely because its servers are in Canada. A Canadian messaging service doesn't become trustworthy merely because the company has a maple leaf in its logo. A Canadian digital system doesn't become trustworthy because a policy document uses the word \"sovereignty\".<\/p>\n<p>If Canadian law makes secure-by-design systems harder to build, Canada will not become more digitally sovereign. It will become more dependent on the largest incumbents that can absorb compliance costs, negotiate with government, and build special-purpose compliance systems.<\/p>\n<p>We are already seeing the impacts of this. Signal has warned it would rather leave Canada than break its privacy promises to users. NordVPN has said it would consider leaving Canada if the bill requires it to compromise its no-logs architecture or encryption protections. DuckDuckGo has announced it would withdraw its VPN service. Windscribe, a Canadian VPN provider headquartered in Toronto, has warned it may relocate if the bill passes in its current form. Tailscale, another Canadian-founded secure infrastructure company, has warned that Bill C-22 risks turning data minimization from a security virtue into a compliance problem. These are exactly the kinds of companies Canada should want to keep if it is serious about digital sovereignty.<\/p>\n<h2 id=\"ottawa-should-listen-while-it-still-can\">Ottawa should listen while it still can<\/h2>\n<p>The government can still pass Bill C-22 if it wants to. The Liberals have a majority after all. But, having the votes is not the same as having a good bill. Right now, the government appears to have under-consulted on metadata retention, failed to reassure the experts, failed to clearly protect encryption, failed to explain the technical implications, and failed to manage the committee process cleanly. That's a lot of failures for a bill being sold as a necessary modernization.<\/p>\n<p>A government that is still clarifying what its bill means shouldn't be racing to make it law before summer. It should be slowing down, addressing the concerns, and ensuring MPs have the information needed to meaningfully make amendments.<\/p>\n<p>One thing is clear though, Bill C-22 cannot proceed in its current form. In the best case, Part 2, the proposed <em>Supporting Authorized Access to Information Act<\/em> should be split out and studied on its own. Part 2 is a broad legal framework that cannot be meaningfully discussed when it's considered a footnote to procedural amendments to the <em>Criminal Code<\/em>. If the government refuses to do that, it should at least amend the bill to explicitly protect strong encryption, remove suspicionless metadata retention, limit ministerial orders, strengthen independent review, and protect systems where provider access does not exist by design.<\/p>\n<p>Ottawa should not wait for a Charter challenge, a provider exit, a cybersecurity incident, or an international trust problem to discover the critics were not confused. But that the critics were trying to warn them.<\/p>\n<p>The government still has the time to turn this into a serious bill. But first, it needs to admit the problem isn't public misunderstanding or big tech spreading misinformation.<\/p>\n<p>The problem is the bill.<\/p>\n"},{"title":"My Brief to Parliament on Bill C-22","pubDate":"Fri, 22 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/notes\/bill-c-22\/","guid":"https:\/\/ethanplant.ca\/notes\/bill-c-22\/","description":"<p>I submitted a brief to the House of Commons Standing Committee on Public Safety and National Security regarding Bill C-22, <em>An Act respecting lawful access<\/em>.<\/p>\n<p>The brief is submitted in my personal capacity. It does not represent my employer or any other organization.<\/p>\n<p><a href=\"\/files\/Ethan-Plant-Brief-Bill-C-22-SECU.pdf\">Read the full brief as a PDF.<\/a>.<\/p>\n<p>This brief grew out of an earlier essay I wrote about the contradiction between Bill C-22 and Canada's stated digital sovereignty ambitions: <a href=\"\/writing\/canada-digital-sovereignty-bill-c-22\">Canada Wants Digital Sovereignty. Bill C-22 Pulls the Other Way<\/a>.<\/p>\n<p>This started, as many healthy acts of civic participation often do, with being extremely annoyed.<\/p>\n<p>Bill C-22 is framed as lawful access legislation. I understand why that framing is politically appealing. Serious crime is real. Digital evidence matters. Law enforcement and national security agencies do need lawful tools to investigate crime.<\/p>\n<p>My concern is not that police should never be able to obtain digital evidence. My concern is that Bill C-22 creates broad and technically risky obligations for electronic service providers, especially in Part 2, the proposed <em>Supporting Authorized Access to Information Act<\/em>.<\/p>\n<p>Modern secure systems are increasingly designed so that providers cannot access user content, encryption keys, logs, or other sensitive user data. End-to-end encryption, zero-knowledge storage, no-logs services, and similar designs are not loopholes designed to protect criminals. They are basic security features.<\/p>\n<p>The bill contains language saying providers are not required to introduce a \"systemic vulnerability\". That safeguard is important, but it is not enough. A lawful access capability can weaken a system even if it is not described as a backdoor.<\/p>\n<h2 id=\"the-procedural-arc\">The Procedural Arc<\/h2>\n<p>Before preparing the brief, I wrote to both my MP and the Prime Minister's Office about Bill C-22. I received a response from the PMO yesterday acknowledging the correspondance and confirmed my remarks were being shared with the Minister of Public Safety for information and consideration.<\/p>\n<p>That response did not address the substance of my concerns. It was little more than a procedural acknowledgement, the government equivalent of an <code>HTTP 202 Accepted<\/code>. But it was still useful, because that's how public correspondance works. It's logged, routed, and becomes part of the official record around a bill.<\/p>\n<p>I then prepared a formal brief for the committee studying Bill C-22.<\/p>\n<p>In short, the submitted brief makes one preferred recommendation: Part 2 should be separated from Bill C-22 to be debated and studied independently.<\/p>\n<p>In the event Parliament is unwilling to do that, the brief recommends amendments to:<\/p>\n<ul>\n<li>protect strong encryption and privacy-preserving architecture;<\/li>\n<li>delete the bulk metadata retention power;<\/li>\n<li>narrow provider scope and technical capability obligations;<\/li>\n<li>limit ministerial orders and require stronger review;<\/li>\n<li>narrow assistance, secrecy, judicial review, and inspection powers;<\/li>\n<li>prevent core privacy and cybersecurity terms from being redefined by regulation;<\/li>\n<li>strengthen annual reporting;<\/li>\n<li>amend Part 1 to require stronger judicial authorization, higher thresholds, minimization, deletion, delayed notice, and clearer challenge rights.<\/li>\n<\/ul>\n<p>The point is not that lawful access should never exist. It is that lawful access legislation should not force insecure architecture into existence.<\/p>\n<h2 id=\"digital-sovereignty-requires-trust\">Digital sovereignty requires trust<\/h2>\n<p>One reason I included digital sovereignty in the brief is that it exposes a real contradiction.<\/p>\n<p>Canada cannot credibly say it wants trusted domestic digital infrastructure while creating legal uncertainty around encryption, metadata retention, and provider access.<\/p>\n<p>Digital sovereignty is not only about where servers are located. It is about whether people can trust Canadian digital infrastructure.<\/p>\n<p>If Canadian law makes it harder to build systems that are secure by design, Canada will not become more digitally sovereign. It will become more dependent on the largest incumbents that can absorb compliance costs and negotiate with government.<\/p>\n<h2 id=\"what-you-can-do\">What you can do<\/h2>\n<p>If you're concerned about Bill C-22, write to your MP.<\/p>\n<p>You don't need to be a lawyer, cryptographer, lobbyist, or policy expert. A short, clear message in your own words is more useful than a copied template. Say who you are, why the bill concerns you, and what you are asking your MP to do.<\/p>\n<p>Include your postal code so their office can confirm that you are a constituent.<\/p>\n<p>You can also submit a brief to the committee studying the bill. Parliamentary committees accept written briefs from individuals and organizations, even if they are not invited to appear as witnesses. A brief does not need to be dramatic. It should be factual, concise, and specific about what you want changed.<\/p>\n<p>The response may be bureaucratic. It may be slow. It may not address the substance of your concern.<\/p>\n<p>Send it anyway.<\/p>\n<p>Public correspondence creates a record. Committee briefs create a record. MPs hearing from constituents creates a record. None of this guarantees a better bill, but it makes it harder for the issue to be treated as abstract, technical, or unnoticed.<\/p>\n<p>Bill C-22 is about lawful access, but it is also about the kind of digital infrastructure Canada wants to build.<\/p>\n<p>If we want secure, trustworthy, sovereign digital systems, we need laws that protect strong encryption and privacy-preserving architecture rather than making them legally uncertain.<\/p>\n"},{"title":"The Boos Made Sense","pubDate":"Wed, 20 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/the-boos-made-sense\/","guid":"https:\/\/ethanplant.ca\/writing\/the-boos-made-sense\/","description":"<p>The boos made sense.<\/p>\n<p>A graduation ceremony is a strange place to sell uncertainty.<\/p>\n<p>Students are sitting there in gowns after years of lectures, exams, group projects, part-time jobs, internships, debt, applications, and awkward networking events. Their parents are taking photos. Someone\u2019s grandmother is trying to find them from the back row. Everyone is pretending, for one afternoon, that the path still makes sense.<\/p>\n<p>Then a speaker gets on stage and talks about AI.<\/p>\n<p>To the speaker, this may sound optimistic. A new era. A major shift. A tool that will change every field.<\/p>\n<p>\"The next Industrial Revolution\".<\/p>\n<p>To many graduates, it sounds more direct.<\/p>\n<p>The jobs you trained for may not be there.<\/p>\n<p>The ladder you were told to climb may have fewer rungs.<\/p>\n<p>The entry-level work may be automated before you get a chance to do it badly enough to learn from it.<\/p>\n<p>Of course people boo.<\/p>\n<p>For years, students were told to make sensible choices. Go to school. Build skills. Get credentials. Learn to write. Learn to code. Learn design, accounting, law, marketing, research, administration, data analysis. Take the internship. Build the portfolio. Polish the LinkedIn profile. Send the applications.<\/p>\n<p>That was the deal.<\/p>\n<p>It was already getting worse. Rent went up. Groceries went up. Jobs moved to expensive cities. Entry-level postings asked for three years of experience. Applications disappeared into Workday and never came back. People with degrees sent hundreds of resumes for jobs that barely paid enough to live near the office.<\/p>\n<p>Then AI arrived, and the story changed again.<\/p>\n<p>Maybe the writing jobs can be partly automated.<\/p>\n<p>Maybe the junior coding tickets can go to Copilot.<\/p>\n<p>Maybe the first draft of the legal memo can be generated.<\/p>\n<p>Maybe customer support can be a chatbot with a few humans watching escalations.<\/p>\n<p>Maybe the marketing copy, meeting notes, spreadsheet cleanup, research summary, product description, and design mockup can all be done faster with software.<\/p>\n<p>Fine.<\/p>\n<p>Then what?<\/p>\n<p>That is the question underneath the boos.<\/p>\n<p>If a company hires fewer junior developers, how does someone become a senior developer?<\/p>\n<p>If a law firm automates document review, where does a new lawyer learn the boring work?<\/p>\n<p>If an agency uses AI for first drafts, what happens to the people who used to get paid to write bad first drafts until they became good?<\/p>\n<p>If customer support becomes a chatbot, where do the support workers go?<\/p>\n<p>If every team says it can do more with fewer people, what happens to the people who were supposed to be hired?<\/p>\n<p>These are normal questions.<\/p>\n<p>They are the first questions most people would ask if the subject were anything other than technology.<\/p>\n<p>The answers are usually vague.<\/p>\n<p>People say new jobs will appear.<\/p>\n<p>Maybe they will.<\/p>\n<p>People say society will adapt.<\/p>\n<p>That sentence sounds better from a stage than it does from a one-bedroom apartment with a rent increase taped to the fridge.<\/p>\n<p>People say every technological shift creates opportunity.<\/p>\n<p>Some do. Some also break people on the way through.<\/p>\n<p>A long-term projection doesn't pay rent on the first of the month. A chart about productivity does not help someone get a first job. A speech about abundance doesn't explain why your grocery bill keeps getting worse.<\/p>\n<p>This is what a lot of AI speeches miss.<\/p>\n<p>Work isn't an abstraction.<\/p>\n<p>Work is rent. Work is food. Work is dental care. Work is a bus pass. Work is replacing a broken laptop. Work is moving out from your parents' home. Work is staying in the city where the jobs are. Work is being able to plan more than one paycheque ahead.<\/p>\n<p>So when a wealthy speaker talks brightly about labour disruption, many people hear something simpler.<\/p>\n<p>Your life may become less secure.<\/p>\n<p>The tech industry has a habit of describing the benefits at a distance.<\/p>\n<p>Companies become more efficient. Productivity rises. Costs fall. New tools spread. The economy adjusts.<\/p>\n<p>The costs arrive at the front door.<\/p>\n<p>You lose the job.<\/p>\n<p>You retrain.<\/p>\n<p>You move.<\/p>\n<p>You take the lower wage.<\/p>\n<p>You compete against a machine.<\/p>\n<p>You explain to your parents that the degree didn't lead where everyone said it would.<\/p>\n<p>That gap is where the anger lives.<\/p>\n<p>It's also why the old language of disruption sounds worn out.<\/p>\n<p>For a long time, Silicon Valley could sell disruption as a kind of optimism. Things would break, then better things would replace them. The internet would democratize knowledge. Platforms would connect people. Apps would make life easier. Automation would get rid of drudgery.<\/p>\n<p>Some of that happened.<\/p>\n<p>A lot of other things happened too.<\/p>\n<p>People watched social platforms become worse and harder to leave. They watched search fill with spam. They watched useful tools turn into subscription services. They watched the word \u201ccreator\u201d become a job category with no stability. They watched algorithms shape public life while the companies behind them acted like this was weather.<\/p>\n<p>Then the same industry found AI and started talking about work with the same clean confidence.<\/p>\n<p>The trust is gone.<\/p>\n<p>That doesn't make AI useless. It's clearly useful. Anyone who has used these tools seriously can see that. They can write code, summarize documents, draft emails, translate text, generate images, answer questions, and remove small bits of friction from the day.<\/p>\n<p>That is exactly why people are worried.<\/p>\n<p>A useless tool does not threaten anyone\u2019s job.<\/p>\n<p>A useful one does.<\/p>\n<p>In some sense, this has happened before.<\/p>\n<p>The Industrial Revolution is usually remembered as progress, which it was. It gave us factories, railways, mass production, cheaper goods, new cities, and new industries. Eventually, it helped raise living standards around the world.<\/p>\n<p>But \u201ceventually\u201d is doing a lot of work in that story.<\/p>\n<p>For the people living through it, industrialization wasn't a clean chart moving up and to the right. It meant skilled work being reorganized around machines. It meant people leaving rural communities for factory towns. It meant dangerous workplaces, low wages, child labour, crowded housing, and owners who could often replace workers more easily than workers could replace income.<\/p>\n<p>The early labour movement didn't appear because ordinary people were too stupid to understand progress. It appeared because progress was being built on terms they did not control.<\/p>\n<p>That is the part worth remembering now.<\/p>\n<p>The question was never only whether machines could produce more. They obviously could. The question was who would benefit from that increase, who would be made insecure by it, and what rights workers would need in a world where the balance of power had changed.<\/p>\n<p>The labour movement was one way society answered, \u201cokay, then what?\u201d<\/p>\n<p>If machines were going to reorganize work, workers needed new forms of power. Unions, safety rules, limits on child labour, weekends, minimum wages, and workplace protections did not appear because industrial capitalism politely handed them out. They were fought for. Some people died for them. The first version of technological progress was not good enough for the people inside it.<\/p>\n<p>That history should make us more careful with AI.<\/p>\n<p>More honest, at least.<\/p>\n<p>AI may make some work faster. It may lower costs. It may create new industries. It may remove tedious tasks that people hate doing. All of that can be true.<\/p>\n<p>But if the gains go mostly to owners, executives, and shareholders, while workers get layoffs, lower wages, fewer entry-level jobs, and less ability to plan their lives, people will not experience it as progress.<\/p>\n<p>They will experience it as progress arriving as a pay cut.<\/p>\n<p>There is something especially strange about bringing this message to a graduation ceremony.<\/p>\n<p>A commencement speech is supposed to tell young people there is a place for them. It is one of the few public rituals where institutions still look at the next generation and try to sound hopeful without seeming completely ridiculous.<\/p>\n<p>You finished.<\/p>\n<p>You worked hard.<\/p>\n<p>You are ready.<\/p>\n<p>Go build a life.<\/p>\n<p>Go do amazing things.<\/p>\n<p>An AI speech can easily carry a different message, even when the speaker doesn't intend it.<\/p>\n<p>The world you prepared for is already shifting. The jobs may be fewer. The ladder may be missing its first steps. The people most excited about this do not have a clear answer for what happens to you.<\/p>\n<p>Then everyone waits for applause.<\/p>\n<p>The boos are not hard to understand.<\/p>\n<p>They are what happens when the room says celebration and the speech says instability.<\/p>\n<p>A lot of people in technology still read this kind of reaction as ignorance. A marketing problem. If people dislike AI, it's because they don't understand it. If they're anxious, they fear progress. If they object, they want to stop the future.<\/p>\n<p>That is too easy.<\/p>\n<p>Many people understand enough.<\/p>\n<p>They understand the tools are powerful. They understand companies will use them. They understand some new jobs may appear. They also understand that none of this guarantees them a stable life.<\/p>\n<p>That fear is reasonable.<\/p>\n<p>A technology that changes work also changes power. It changes who gets hired. It changes wages. It changes training. It changes leverage.<\/p>\n<p>The training part matters more than people admit.<\/p>\n<p>A lot of professional work depends on apprenticeship, even when nobody uses that word. You start with small tasks. You fix the simple bug. You answer the easy ticket. You write the rough draft. You prepare the memo. You sit in the meeting and mostly listen. You do work that is boring, limited, and sometimes embarrassing.<\/p>\n<p>That is how you learn the shape of the larger work.<\/p>\n<p>If AI removes too much of that first layer, we should ask what replaces it.<\/p>\n<p>So far, the answer is mostly a shrug with better branding.<\/p>\n<p>Learn AI.<\/p>\n<p>Adapt.<\/p>\n<p>Use the tools.<\/p>\n<p>Be more productive.<\/p>\n<p>That may be good advice for one person. It is not a serious answer for a whole graduating class.<\/p>\n<p>A new graduate can use AI and still face fewer openings. They can move faster and still have less bargaining power. They can adapt and still lose.<\/p>\n<p>This is what the speeches are missing.<\/p>\n<p>People are not booing because they hate machines.<\/p>\n<p>They are booing because they do not trust the people celebrating the machines to care what happens next.<\/p>\n<p>The question is still there.<\/p>\n<p>Okay, then what?<\/p>\n"},{"title":"We Rebuilt the Mainframe","pubDate":"Mon, 18 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/we-rebuilt-the-mainframe\/","guid":"https:\/\/ethanplant.ca\/writing\/we-rebuilt-the-mainframe\/","description":"<p>The personal computer had a simple idea around it.<\/p>\n<p>The computer was yours.<\/p>\n<p>It sat on your desk. It ran programs from your disk. It saved files where you put them. You could install a weird utility from a shareware CD your uncle gave you. You could keep a folder of documents for twenty years and open them without logging into anything. If the modem was unplugged, the machine still worked.<\/p>\n<p>That sounds ordinary. Increasingly it sounds radical.<\/p>\n<p>Before personal computers, a lot of computing worked through terminals. A terminal had a keyboard and a screen, so it looked like the computer to the person using it. But the real computer was somewhere else. A university, a bank, a government office, a corporate machine room.<\/p>\n<p>You typed commands into the terminal. The mainframe did the work. Someone else owned the machine. Someone else set the rules. Someone else decided what you were allowed to run.<\/p>\n<p>The personal computer broke that arrangement.<\/p>\n<p>An Apple II, a Commodore 64, an IBM PC, a Macintosh. These machines were limited by modern standards, but they moved authority into the room. You could boot them yourself. You could copy a program. You could open the case and replace parts. You could store your work on a floppy, then a hard drive, then a pile of slightly suspicious burned CDs.<\/p>\n<p>It was messy. Drivers failed. Computers blue screened. Files got corrupted. People lost work because they had one copy on one disk and treated backups as a moral theory.<\/p>\n<p>Still, your work was close to you.<\/p>\n<p>A Word document lived in a folder. A Photoshop file lived on a drive. A folder of MP3s was just a folder of MP3s. Your computer didn't need to check with a billing server in Ohio before it let you write a letter.<\/p>\n<p>I think about this whenever my internet goes out.<\/p>\n<p>A while ago, during a storm, I opened an old ThinkPad to find a document I hadn't touched in years. The machine was slow. The battery was hanging on for dear life. The screen looked terrible by modern standards.<\/p>\n<p>The file opened. Instantly.<\/p>\n<p>No account. No sync error. No expired session. No browser tab trying to recover itself. Just a file on a disk, opened by a program that already knew what to do with it.<\/p>\n<p>Then I went back to a newer machine and watched a Google Doc hang because the network was unstable.<\/p>\n<p>None of this really felt like a loss at the time.<\/p>\n<p>Gmail was easier than running mail locally. Google Docs was easier than emailing <code>essay-final-really-final (2).doc<\/code> back and forth. Dropbox solved a real problem. Spotify was easier than managing a music library. Figma made design collaboration less painful. Slack was easier to sell to a workplace than IRC. Notion made a pile of half-finished notes look like a productivity system.<\/p>\n<p>Most of these tools were better than what they replaced.<\/p>\n<p>That was the problem. The trade was easy to miss.<\/p>\n<p>The computer itself kept getting stronger. A normal laptop can edit video, run containers, compile code, host a database, and keep thirty browser tabs alive while pretending everything is fine.<\/p>\n<p>Yet somehow writing a paragraph, opening a note, loading a design, or finding an old photo can still depend on whether a remote service feels like answering.<\/p>\n<p>Open Google Docs and the document lives in Google\u2019s system. Open Spotify and the music is a catalogue you rent access to. Open iCloud Photos and your phone may only keep a smaller local version of your own pictures. Open Slack and your workplace memory is searchable until the retention policy or pricing plan says otherwise.<\/p>\n<p>The browser became the terminal window.<\/p>\n<p>The account became the computer.<\/p>\n<p>This matters most when something goes wrong.<\/p>\n<p>A local file is crude, but it has a stubborn honesty to it. You can copy it to a USB drive. You can zip it. You can email it. You can put it on an old hard drive and find it years later. You can open a plain text file from 1998 on a computer today without asking anyone.<\/p>\n<p>A SaaS document is a different thing. It looks like a document, but often it's just a record inside a company\u2019s database. The export may be incomplete. The app may change. The free plan may shrink. The company may get bought. The feature you used may disappear because someone decided it confused new users or did not help enterprise sales.<\/p>\n<p>The smaller annoyances are almost worse because they feel normal now.<\/p>\n<p>You open an app to write something down and it asks you to sign in again. You open a document and the page loads, then the editor loads, then the comments load, then some sidebar you didn't ask for appears. Then some AI assistant tries talking to you. You try to export your own work and get a zip file full of HTML, JSON, missing attachments, and folders with names only the app understands.<\/p>\n<p>Nothing has broken exactly.<\/p>\n<p>It just no longer feels like yours.<\/p>\n<p>Rarely all at once. Usually through small decisions you cannot appeal.<\/p>\n<p>The button moves. The plan changes. The API gets restricted. The old interface goes away. The app gets \u201csimplified\u201d and loses the thing that made it useful. The product starts as a tool for individuals, then slowly turns toward teams, managers, permissions, dashboards, and admin controls.<\/p>\n<p>You still click the icon.<\/p>\n<p>You have less say over what happens after that.<\/p>\n<p>As a developer, I feel this most clearly in developer tools.<\/p>\n<p>A local repo is understandable. Maybe not simple, but at least visible. The files are there. The history is there. You can run <code>git log<\/code>. You can <code>grep<\/code> the code. You can break things and fix them without asking a dashboard for permission.<\/p>\n<p>Then the repo becomes one piece of a larger machine. GitHub Actions, cloud credentials, deployment environments, secrets, IAM policies, preview builds, status checks, billing limits, hosted logs, hosted metrics, hosted everything.<\/p>\n<p>The project still looks like code on the surface.<\/p>\n<p>Some days it feels more like paperwork with a compiler attached.<\/p>\n<p>The work has become distant again.<\/p>\n<p>This doesn't mean cloud computing was a mistake. It solved real problems. Most people do not want to run their own mail server. Most small teams shouldn't own physical servers. Backups matter. Sync matters. Collaboration matters. The cloud made all of this easier.<\/p>\n<p>The problem is that convenience kept being traded for ownership, and that trade was rarely described honestly.<\/p>\n<p>We kept buying faster machines. Better screens. More memory. More cores. More storage.<\/p>\n<p>Then more of the actual work moved onto servers we did not own.<\/p>\n<p>This is why local-first software feels interesting again. Same with plain text, RSS, personal websites, self-hosting, small web tools, and boring file formats. These things aren't just nostalgia for beige boxes and old icons. They're signs that people are tired of renting the basic shape of their digital lives.<\/p>\n<p>A good tool should leave you with something.<\/p>\n<p>A file. A folder. An export that actually works. A copy you can keep. A system that doesn't fall apart because a company changed its pricing page.<\/p>\n<p>The mainframe came back with better fonts.<\/p>\n<p>It came back as a web app, a subscription, a login screen, a sync status, a workspace, a cloud drive, an admin console.<\/p>\n<p>The interface says personal computer.<\/p>\n<p>The architecture says dumb terminal.<\/p>\n"},{"title":"Molecule","pubDate":"Sat, 16 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/projects\/molecule\/","guid":"https:\/\/ethanplant.ca\/projects\/molecule\/","description":"<p><a rel=\"external\" href=\"https:\/\/github.com\/EthanPlant\/Molecule\">Molecule<\/a> is a small Unix-like kernel experiment written in Rust.<\/p>\n<p>It is not a production operating system. It's not trying to be one. It's a project I built because I wanted to understand more of what happens below the software I normally work on.<\/p>\n<p>Most software runs on top of a very large stack of assumptions. Files exist. Memory exists. Processes exist. Timers exist. The screen exists. Other CPUs exist. The machine boots and somehow hands control to your code.<\/p>\n<p>A kernel project forces you to meet those assumptions one at a time.<\/p>\n<h2 id=\"what-it-is\">What it is<\/h2>\n<p>Molecule is a lightweight kernel experiment with pieces of a Unix-like system.<\/p>\n<p>It includes work on:<\/p>\n<ul>\n<li>booting through UEFI with Limine<\/li>\n<li>basic console output<\/li>\n<li>memory management<\/li>\n<li>allocation<\/li>\n<li>scheduling<\/li>\n<li>ACPI<\/li>\n<li>SMP<\/li>\n<li>early system structure<\/li>\n<\/ul>\n<p>The interesting part is not that any one of those pieces is especially novel. The interesting part is seeing how quickly \u201csimple\u201d things stop being simple once there is no operating system underneath you.<\/p>\n<p>Printing text becomes a milestone.<\/p>\n<p>Allocating memory becomes a design decision.<\/p>\n<p>Scheduling becomes a negotiation with reality.<\/p>\n<h2 id=\"why-i-built-it\">Why I built it<\/h2>\n<p>I really like systems that become less mysterious when you take them apart.<\/p>\n<p>Operating systems are one of the best examples of that. From the outside, they feel enormous and opaque. From the inside, they are still enormous, but the pieces become more understandable.<\/p>\n<p>A kernel is a good antidote to magical thinking in software.<\/p>\n<p>There is no framework to hide behind. No runtime quietly fixing things. No service you can call when the machine is not configured yet.<\/p>\n<p>At some point, the CPU jumps to your code and your code either knows what to do next or it does not.<\/p>\n<p>That is a useful kind of humility.<\/p>\n<h2 id=\"what-i-learned\">What I learned<\/h2>\n<p>The biggest lesson was how much of modern software depends on layers of work we rarely think about.<\/p>\n<p>A normal program begins with an absurd amount of help already in place. It has an address space, a stack, system calls, file descriptors, threads, memory allocation, timers, drivers, and a terminal or windowing system waiting for it.<\/p>\n<p>Kernel work removes that comfort.<\/p>\n<p>You start with almost nothing, then slowly build enough structure for the machine to feel usable.<\/p>\n<p>That process makes familiar abstractions feel earned again.<\/p>\n<p>It also makes you appreciate boring infrastructure. A scheduler that works. A bootloader that gives you the information you need. A memory allocator that does not quietly betray you. A console that prints what you asked it to print.<\/p>\n<p>None of these things are glamorous. All of them matter.<\/p>\n<h2 id=\"why-rust\">Why Rust<\/h2>\n<p>Rust is a good fit for this kind of project because it lets you work close to the machine while still having a language that pushes back against some of the easiest mistakes.<\/p>\n<p>That doesn't make kernel work safe.<\/p>\n<p>It does make certain kinds of unsafety more explicit.<\/p>\n<p>In a kernel, that distinction matters. There are still raw pointers, architecture details, unsafe blocks, and places where the compiler cannot save you. But Rust encourages you to draw boundaries around those parts instead of letting them leak everywhere.<\/p>\n<p>That is useful.<\/p>\n<p>Not magic. Useful.<\/p>\n<h2 id=\"current-state\">Current state<\/h2>\n<p>Molecule is best understood as a learning project and systems programming artifact.<\/p>\n<p>It is a record of trying to understand booting, memory, scheduling, and early kernel structure by building pieces of them directly.<\/p>\n<p>That is why I still think it is worth keeping around.<\/p>\n<p>Some projects are valuable because they become finished products.<\/p>\n<p>Some are valuable because they permanently change how you see the systems underneath everything else.<\/p>\n<p>Molecule is the second kind.<\/p>\n"},{"title":"RustyBoy","pubDate":"Sat, 16 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/projects\/rustyboy\/","guid":"https:\/\/ethanplant.ca\/projects\/rustyboy\/","description":"<p><a rel=\"external\" href=\"https:\/\/github.com\/EthanPlant\/RustyBoy\">RustyBoy<\/a> is a Game Boy emulator written in Rust.<\/p>\n<p><img src=\"\/images\/rustyboy.png\" alt=\"Screenshot of RustyBoy running Tetris\" \/><\/p>\n<p>It's one of those projects that sounds simple until you start building it. Then you realize a handheld game console isn't one thing. It's a pile of small systems pretending to be one thing.<\/p>\n<p>A CPU. Memory. Timers. Interrupts. Graphics. Input. Audio. Cartridges. Weird hardware behaviours. Decades of games accidentally depending on details nobody would design the same way twice.<\/p>\n<p>That's what makes emulators really interesting to me.<\/p>\n<h2 id=\"what-it-is\">What it is<\/h2>\n<p>RustyBoy emulates the original Game Boy.<\/p>\n<p>The project is split into a core emulator and frontend code, so the actual emulation logic is separated from how the emulator is displayed or controlled.<\/p>\n<p>It includes work on:<\/p>\n<ul>\n<li>CPU emulation<\/li>\n<li>memory mapping<\/li>\n<li>cartridge loading<\/li>\n<li>instruction decoding<\/li>\n<li>timers<\/li>\n<li>interrupts<\/li>\n<li>graphics<\/li>\n<li>input<\/li>\n<li>tests<\/li>\n<li>logging and debugging tools<\/li>\n<\/ul>\n<p>The goal wasn't to make the most accurate emulator in the world.<\/p>\n<p>The goal was to build enough of the machine to understand how the pieces fit together.<\/p>\n<h2 id=\"why-i-built-it\">Why I built it<\/h2>\n<p>I like projects where the abstraction boundary is clear but unforgiving.<\/p>\n<p>An emulator gives you a specification, a pile of test ROMs, and a very simple rule:<\/p>\n<p>Either the game works or it doesn't.<\/p>\n<p>There's not much room for pretending.<\/p>\n<p>If the CPU flags are wrong, something breaks.<br \/>\nIf timing is wrong, something breaks.<br \/>\nIf memory is mapped incorrectly, something breaks.<br \/>\nIf interrupts fire at the wrong time, something breaks in a way that seems unrelated until you lose an evening to it.<\/p>\n<p>That kind of feedback is frustrating, but useful.<\/p>\n<p>It teaches you to respect the little details.<\/p>\n<h2 id=\"what-made-it-interesting\">What made it interesting<\/h2>\n<p>The Game Boy is small enough to fit in your head, but not so small that it becomes trivial.<\/p>\n<p>That is a good size for a learning project.<\/p>\n<p>You can understand the CPU. You can understand the memory map. You can understand the graphics pipeline. But you still have to deal with the fact that all of those parts interact.<\/p>\n<p>The fun part is when a game first starts doing something recognizable.<\/p>\n<p>A logo appears.<br \/>\nInput works.<br \/>\nA sprite moves.<br \/>\nA menu opens.<br \/>\nTetris becomes Tetris.<\/p>\n<p>Those moments feel absurdly rewarding because they are built out of many tiny correct decisions.<\/p>\n<h2 id=\"what-i-learned\">What I learned<\/h2>\n<p>RustyBoy taught me that emulation is mostly about precision.<\/p>\n<p>Not cleverness. Precision.<\/p>\n<p>You spend a lot of time implementing tiny pieces of behaviour that seem too small to matter. Then a game depends on one of them, and suddenly it matters very much.<\/p>\n<p>It also made me appreciate testing in a different way.<\/p>\n<p>A normal test suite checks whether your code behaves the way you expect. Emulator tests often check whether your understanding of the hardware is wrong. That is a lot more humbling.<\/p>\n<p>The machine doesn't care what your abstraction wanted to be.<\/p>\n<h2 id=\"why-rust\">Why Rust<\/h2>\n<p>Rust worked well for this project because emulator code has a lot of state, a lot of byte-level work, and a lot of places where you want structure without giving up control.<\/p>\n<p>The type system helps keep some of that state honest.<\/p>\n<p>It does not make the emulator correct.<\/p>\n<p>It does make certain mistakes harder to hide.<\/p>\n<p>That is useful when you are passing bytes through a fake CPU and hoping a thirty-year-old game agrees with you.<\/p>\n<h2 id=\"current-state\">Current state<\/h2>\n<p>RustyBoy is archived now.<\/p>\n<p>I still think it is worth keeping around because emulator projects leave behind a very specific kind of evidence. You can see the work on the screen.<\/p>\n<p>When Tetris boots, it means a lot of small things are right at the same time. The CPU is close enough. The memory map is close enough. The timers, interrupts, input, and graphics are all cooperating well enough for an old game to believe it is running on the machine it was written for.<\/p>\n<p>That's what I liked most about the project.<\/p>\n<p>Progress wasn't abstract. It appeared as pixels.<\/p>\n<p>A broken instruction might turn into a frozen logo. A timing bug might turn into a flickering sprite. A missing hardware detail might turn into a game that almost worked, which was somehow more annoying than one that did not work at all.<\/p>\n<p>RustyBoy taught me to enjoy that kind of debugging.<\/p>\n<p>Not because it was easy, but because the feedback was brutally honest.<\/p>\n"},{"title":"Canada Wants Digital Sovereignty. Bill C-22 Pulls the Other Way","pubDate":"Sat, 16 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/canada-digital-sovereignty-bill-c-22\/","guid":"https:\/\/ethanplant.ca\/writing\/canada-digital-sovereignty-bill-c-22\/","description":"<p>Canada cannot build digital sovereignty by making Canadian infrastructure less trustworthy.<\/p>\n<p>That should be obvious.<\/p>\n<p>A country that wants more domestic cloud capacity, more domestic software companies, more domestic AI infrastructure, and more control over its digital future needs people to trust the systems built here.<\/p>\n<p>Bill C-22 exposes the tension underneath that ambition.<\/p>\n<p>The government describes the bill in familiar language. Modernization. Public safety. Lawful access. Technical assistance. A better framework for police and intelligence agencies dealing with modern digital systems.<\/p>\n<p>That language sounds procedural.<\/p>\n<p>The technical implications are not.<\/p>\n<p>A huge amount of ordinary digital life depends on strong encryption, even when we do not think about it.<\/p>\n<p>It protects bank accounts, medical records, corporate backups, legal communications, journalists, source code, personal photos, authentication systems, business secrets, and ordinary messages between ordinary people.<\/p>\n<p>A country that weakens confidence in encryption weakens everything built on top of it.<\/p>\n<p>This is especially strange at a time when Canada keeps talking about digital sovereignty. The point of digital sovereignty is supposed to be that Canada can rely on infrastructure aligned with Canadian interests, Canadian law, and Canadian resilience. And these are legitimate goals.<\/p>\n<p>But domestic capacity only matters if people believe the systems are safe to use.<\/p>\n<p>A Canadian cloud provider does not become trustworthy merely because its servers are in Canada.<\/p>\n<p>A Canadian messaging app does not become trustworthy merely because the company is Canadian.<\/p>\n<p>A Canadian identity provider does not become trustworthy because the policy language says \u201csovereignty.\u201d<\/p>\n<p>Trust depends on architecture.<\/p>\n<p>If a provider can be compelled to maintain access capabilities, redesign systems around interception, preserve more data than it otherwise would, or make private systems more legible to the state, then the infrastructure has changed.<\/p>\n<p>It now has a legal attack surface.<\/p>\n<p>And that matters.<\/p>\n<p>Security people already understand technical attack surfaces. Open ports. Vulnerable dependencies. Misconfigured buckets. Exposed admin panels. Weak keys. Bad defaults.<\/p>\n<p>Lawful access can create another kind.<\/p>\n<p>A mandated access path may begin as a tool for authorized investigators. But once it exists, it becomes something other actors can target, pressure, abuse, expand, or leak.<\/p>\n<p>There is no \u201cgood guys only\u201d backdoor.<\/p>\n<p>There is only a capability.<\/p>\n<p>And once built, the capability becomes part of the system.<\/p>\n<p>End-to-end encryption only works because the provider cannot read the message.<\/p>\n<p>That is the whole point.<\/p>\n<p>Signal cannot hand over a message it cannot see. WhatsApp cannot produce message contents it doesn\u2019t possess. Strong device encryption works on the same basic principle. The security guarantee comes from the absence of provider access.<\/p>\n<p>Once a legal framework requires providers to preserve some path for lawful access, the guarantee changes.<\/p>\n<p>Maybe the change is direct. Maybe it is indirect. Maybe it appears through client-side scanning, key escrow, compelled updates, metadata retention, device access, administrative interfaces, or some other carefully lawyered mechanism.<\/p>\n<p>The technical shape can vary.<\/p>\n<p>The trust problem does not.<\/p>\n<p>If users believe a system was designed so that someone else can get in, they will treat the system differently. So will companies. So will foreign customers. So will security researchers. So will adversaries.<\/p>\n<p>This is where the sovereignty argument starts to collapse.<\/p>\n<p>Because Canada wants people to trust Canadian infrastructure.<\/p>\n<p>But trust cannot be ordered into existence through policy.<\/p>\n<p>Imagine trying to sell a Canadian cloud platform to European customers after Canada develops a reputation for compelled interception. Imagine asking a privacy-conscious startup to host sensitive customer data here if Canadian law creates uncertainty around encryption. Imagine asking journalists, lawyers, engineers, or dissidents to trust a Canadian messaging service if the country\u2019s lawful access framework is seen as hostile to strong privacy guarantees.<\/p>\n<p>The problem isn\u2019t solely domestic. Digital infrastructure is global by default. Reputation travels far and fast.<\/p>\n<p>If Canada becomes known as a jurisdiction where secure systems may need to be redesigned for state access, that affects Canadian companies. It affects exports. It affects credibility. It weakens the argument that domestic digital capacity is safer or more sovereign.<\/p>\n<p>A sovereign system people do not trust is not very sovereign.<\/p>\n<p>Supporters of lawful access will say these powers are needed because criminals use encryption too. And that\u2019s true. But criminals also use roads, phones, banks, and cash. That doesn\u2019t mean every system should be redesigned around permanent state access.<\/p>\n<p>Law enforcement has hard problems. I won\u2019t deny that.<\/p>\n<p>The question is whether the proposed solution damages the security properties everyone else depends on.<\/p>\n<p>Encryption doesn\u2019t only protect criminals from police. It protects Canadians from criminals. It protects Canadian companies from foreign espionage. It protects infrastructure from ransomware. It protects children\u2019s photos, business records, private messages, backups, source code, credentials, medical files, and financial systems.<\/p>\n<p>Weakening that foundation in the name of safety is a strange way to protect people.<\/p>\n<p>This is the part government language tends to hide. \u201cTechnical assistance\u201d sounds modest. \u201cLawful access\u201d sounds procedural. \u201cModernization\u201d sounds responsible.<\/p>\n<p>But software doesn\u2019t care about reassuring nouns.<\/p>\n<p>A system either has a path for access or it does not. A provider either can comply or it cannot. Encryption is either designed so the service cannot read the data, or it is not.<\/p>\n<p>The technical reality is far less flexible than the policy language.<\/p>\n<p>Canada should be especially careful here because it is already structurally dependent on foreign digital infrastructure. Canadian businesses rely heavily on American cloud providers, platforms, app stores, identity systems, productivity software, and AI infrastructure.<\/p>\n<p>If Canada wants more domestic alternatives, it needs a reason for people to choose them.<\/p>\n<p>Trust would be one.<\/p>\n<p>Strong privacy would be one.<\/p>\n<p>A reputation for secure infrastructure would be one.<\/p>\n<p>Clear limits on state access would be one.<\/p>\n<p>Bill C-22 risks moving in the opposite direction.<\/p>\n<p>It tells the market that Canadian digital infrastructure may come with obligations to remain accessible to the state. Even if those obligations are narrower than critics fear, the uncertainty itself becomes corrosive.<\/p>\n<p>Security depends on clarity.<\/p>\n<p>Ambiguity is expensive.<\/p>\n<p>Engineers building secure systems need to know whether they are allowed to build systems the provider itself cannot access. Customers need to know whether their data can remain unreadable to the service. Foreign partners need to know whether Canadian infrastructure introduces legal exposure they would not face elsewhere.<\/p>\n<p>If the answer is unclear, people route around the risk. That is how trust fails.<\/p>\n<p>Not always through one dramatic scandal. Often through quiet procurement decisions, cautious lawyers, foreign customers choosing another region, security teams rejecting a vendor, engineers avoiding an architecture because compliance might later break it.<\/p>\n<p>Sovereignty is not just where the servers sit.<\/p>\n<p>It is whether the system can be trusted when pressure arrives.<\/p>\n<p>A country serious about digital sovereignty should be strengthening encryption, not treating it as an obstacle to be worked around. It should be making Canadian infrastructure boringly trustworthy. It should create conditions where Canadian providers can say, clearly and credibly, that they cannot read customer data because the system was designed that way.<\/p>\n<p>That should be a selling point.<\/p>\n<p>Instead, Bill C-22 risks making trust conditional.<\/p>\n<p>Strong encryption is not anti-Canadian.<\/p>\n<p>It is one of the few things that makes Canadian digital infrastructure worth trusting in the first place.<\/p>\n<p>A country cannot build sovereign digital infrastructure by making that infrastructure less trustworthy.<\/p>\n"},{"title":"Access Is Not Ownership","pubDate":"Mon, 11 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/access-is-not-ownership\/","guid":"https:\/\/ethanplant.ca\/writing\/access-is-not-ownership\/","description":"<p>One day a piece of software you rely on will refuse to open.<\/p>\n<p>Your files will still exist. Your computer will still work. The application may still be installed locally.<\/p>\n<p>Still, you won\u2019t be allowed to use it.<\/p>\n<p>I started thinking about this a few years ago when Chrome removed my ad blocker.<\/p>\n<p>Not because ad blockers are the centre of the universe. They aren\u2019t.<\/p>\n<p>What bothered me was simpler. Software running on my machine had decided I was no longer allowed to run something I had installed. The browser still worked. My computer still worked. The extension was still conceptually just code. But in the end, none of that mattered.<\/p>\n<p>The authority lived somewhere else.<\/p>\n<p>A surprising amount of modern software works like this now.<\/p>\n<p>Photos, notes, documents, movies, music, games. Much of it sits behind an account you created years ago and barely think about until it causes a problem.<\/p>\n<p>The account becomes the door. Lose the door and the room may as well not exist.<\/p>\n<p>People say they \u201cown\u201d things in these systems. Usually they mean they can reach them right now.<\/p>\n<p>Ownership means you can keep using the thing without asking the original provider for permission. You can copy it. Back it up. Move it. Preserve it. Use it when the network is down. Use it when the company changes its mind, or disappears.<\/p>\n<p>Most digital ownership fails that test.<\/p>\n<p>Buy a movie from a digital storefront. You can watch it only while the storefront exists, the licence remains valid, your account is in good standing, the app supports your device, and the region rules still allow it.<\/p>\n<p>That is not the same as owning a movie.<\/p>\n<p>Or maybe you subscribe to a service. It works while the subscription is active, while the authentication server responds, while the company still sells that plan, while your operating system remains supported.<\/p>\n<p>This is easy to understand in the physical world. If I buy a drill from Canadian Tire, it does not care whether Canadian Tire\u2019s website is down. If the internet goes out during a winter storm, the wrench in my garage still works. If the manufacturer changes its product line, my hammer doesn\u2019t suddenly stop working. Nobody thinks this is strange.<\/p>\n<p>These examples sound absurd because digital tools get treated differently. The dependency is less visible.<\/p>\n<p>The button still says \u201cOpen.\u201d The app icon still sits on your home screen. The file still appears in a list. Nothing about the interface tells you that authority lives somewhere else.<\/p>\n<p>But eventually something breaks.<\/p>\n<p>Maybe your session expires. Maybe your subscription lapses. Maybe your account gets flagged. Maybe your payment card fails. Or the service shuts down. Or a feature moves to a higher tier. Or maybe the app just refuses to open offline.<\/p>\n<p>Suddenly it becomes obvious who actually controls the system.<\/p>\n<p>You realize that it was never fully yours. You were merely allowed to use it.<\/p>\n<p>Cloud storage made a very simple promise: your files would always be there when you needed them.<\/p>\n<p>Then services like Amazon Drive started disappearing. Amazon deprecated the service, removed upload support, and ended access to files. The files did not become less yours in any moral sense. But the service stopped being a reliable way to reach them.1<\/p>\n<p>The same pattern exists in gaming.<\/p>\n<p>People bought games on Google Stadia. A few years later Google shut the service down. To its credit, Google handled refunds far better than many companies would have. But the shape of the problem remains. When the service ended, the platform ended with it. You could not keep running Stadia in your basement. You could not preserve the system locally. The games existed only as long as Google operated the service.2<\/p>\n<p>To be clear, this is not an argument that every company is acting in bad faith. That would be lazy.<\/p>\n<p>A lot of these systems were built for understandable reasons. Sync is useful. Subscriptions can fund maintenance. Cloud storage protects people from losing a laptop and everything with it. Most users do not want to manage backups, licences, local files, and device migrations by hand. And honestly, these are difficult engineering problems.<\/p>\n<p>I don\u2019t want to pretend the old world was perfect or argue we should go backwards.<\/p>\n<p>It was messy. People lost files constantly. Hard drives died randomly. Backups sounded great in theory but were often neglected. Old software was hostile in its own ways.<\/p>\n<p>The cloud won out because it solved very real pain. It made a lot of things easier. But that convenience comes with a trade-off: we traded possession for access.<\/p>\n<p>And we should be more honest about that trade.<\/p>\n<p>Plenty of people have experienced this without thinking much about it. You open a notes app in an airport with bad Wi-Fi and discover your own notes are somehow unavailable. They haven\u2019t been deleted. They aren\u2019t lost. They\u2019re temporarily withheld by a system that needs to ask somewhere else before showing them to you.<\/p>\n<p>Your notes app should not need permission to show your text. A photo editor shouldn\u2019t become useless because an authentication server in Virginia is down. A single-player game shouldn\u2019t disappear because a licence check failed. A scanner app should not need an account before using the camera already attached to your phone.<\/p>\n<p>We should stop accepting this as normal.<\/p>\n<p>At some point the account stopped being a convenience and became part of whether the software worked at all.<\/p>\n<p>You log in to sync your data across devices, recover purchases, or share files with other people. Fair enough. Those are all useful things.<\/p>\n<p>But over time the account became something larger. It became the thing deciding whether the tool opened in the first place.<\/p>\n<p>Accounts solve real problems. They help prevent theft. They let people recover access. Shared systems would be much harder to manage without them.<\/p>\n<p>But the same mechanism that protects access can also be used to revoke it.<\/p>\n<p>The same login that lets you sync across devices can prevent you from opening local data. The same subscription that funds the product can turn the tool off. The same account that makes onboarding easy can become the reason a small business cannot reach its invoices, documents, or customer records.<\/p>\n<p>Subscription software changed the relationship between user and tool.<\/p>\n<p>You are no longer buying a stable thing. You are paying for continued permission to use a changing thing.<\/p>\n<p>Sometimes that is fine. A service with servers, support staff, ongoing security work, and constant updates needs money to keep operating. I\u2019m not bothered by that.<\/p>\n<p>What bothers me is when the subscription stops being payment for ongoing service and becomes the thing that decides whether a local tool continues to exist.<\/p>\n<p>The problem is when everything becomes a service, including things that never needed to be.<\/p>\n<p>The response to this is usually the same: users prefer convenience.<\/p>\n<p>And that\u2019s true. Many people do. Most people don\u2019t want to become sysadmins.<\/p>\n<p>People adapt to the systems available to them. That does not always mean the systems are healthy.<\/p>\n<p>The industry taught users to treat access as ownership because access is easier to sell repeatedly. Actual ownership is less convenient for the vendor.<\/p>\n<p>A local file doesn\u2019t need to check pricing. A downloaded program does not care whether the company pivoted. Plain text files still open even after the startup that made the app is gone.<\/p>\n<p>That is why local files still feel different.<\/p>\n<p>They are boring in the best way. You can see them. Copy them. Put them on a USB drive. Back them up to another disk. Open them with different tools. Keep them for twenty years.<\/p>\n<p>That doesn\u2019t mean plain files are perfect. Disks fail. People lose their laptops. Backups don\u2019t always get taken.<\/p>\n<p>But the failure mode is legible. You know what you have and what you do not.<\/p>\n<p>Cloud-locked systems make the failure mode abstract. The data may exist. The provider may have it. The app may show a record of it. But you still may not be able to use it.<\/p>\n<p>Your data should exist in a form you can access even without the original service. Your tools should keep working for their core purpose without contacting a remote authority. Your account should improve the experience, not define whether the experience even exists.<\/p>\n<p>Ownership means the thing remains meaningfully yours when the relationship with the provider ends.<\/p>\n<p>If cancelling a subscription destroys the tool, you never really owned it. You rented it.<\/p>\n<p>If losing an account locks you out of your own data, you never controlled it.<\/p>\n<p>Somewhere along the way we stopped expecting our tools to belong to us.<\/p>\n<p>That was a mistake.<\/p>\n"},{"title":"Your Computer Doesn't Belong to You Anymore","pubDate":"Fri, 08 May 2026 00:00:00 +0000","author":"Ethan Plant","link":"https:\/\/ethanplant.ca\/writing\/your-computer-doesnt-belong-to-you-anymore\/","guid":"https:\/\/ethanplant.ca\/writing\/your-computer-doesnt-belong-to-you-anymore\/","description":"<p>Software should not require permission to run.<\/p>\n<p>That sounds obvious. It used to be obvious. Somewhere along the way we stopped expecting it.<\/p>\n<p>Open a modern app on a plane and watch what happens. Spinner. Login screen. \u201cReconnecting\u2026\u201d Your computer is fully capable of running the software sitting on its own disk, but the software refuses. It needs approval from somewhere else first.<\/p>\n<p>That\u2019s the defining idea behind modern computing: your machine is not the authority anymore.<\/p>\n<p>It runs the code, but someone else controls it.<\/p>\n<p>You\u2019ve probably felt this already.<\/p>\n<p>Maybe Chrome removed an extension you relied on because Google decided it was no longer acceptable. Maybe a notes app locked you out because your session expired. Maybe a service shut down and gave you thirty days to export years of your life before the servers disappeared.<\/p>\n<p>People treat these like isolated annoyances, and they aren\u2019t.<\/p>\n<p>They are consequences of the same systemic design flaw.<\/p>\n<p>We built a world where software is no longer a tool you own. It is a service you access.<\/p>\n<p>And that distinction matters.<\/p>\n<p>A tool does what you tell it. A service decides what you are allowed to do.<\/p>\n<p>Most modern software is a service, even when it\u2019s installed locally.<\/p>\n<p>Your browser updates itself whether you want it to or not. Your phone removes apps remotely. Your smart devices lose functionality after firmware updates. Features appear and disappear without your consent. Accounts determine whether your own data is accessible.<\/p>\n<p>The interface says \u201cpersonal computer.\u201d The architecture says dumb terminal.<\/p>\n<p>The free software movement saw part of this coming decades ago. In the mid 1980s the Free Software Foundation argued that users should have the freedom to run, study, modify, and share software. They were right. Arguably more-so today.<\/p>\n<p>But the cloud changed the battlefield.<\/p>\n<p>You can have fully open source software that still leaves users powerless if the real authority lives on someone else\u2019s server. A GPL web app running entirely behind a centralized service still controls the user. The code may be free. The system is not.<\/p>\n<p>The problem now is larger than source code. It is operational control.<\/p>\n<p>We solved this problem once already.<\/p>\n<p>The original personal computer revolution of the 1980s and 90s mattered because it moved authority to the edge. Software ran locally. Your files lived on your machine. Networks extended your computer instead of defining it.<\/p>\n<p>Then the cloud reversed the model.<\/p>\n<p>The pitch was convenience. Synchronization. Simpler deployment. Managed infrastructure. And to be fair, it worked, extremely well. Centralized systems made software easier to build and easier to scale.<\/p>\n<p>But they also concentrated control.<\/p>\n<p>Now nearly everything sits on top of AWS, Google Cloud, or Azure. Identity is tied to accounts. Data is tied to services. Software functionality is tied to policies controlled by companies you do not work for and cannot vote out, and whose interests don\u2019t necessarily align with yours.<\/p>\n<p>We normalized dependence because the UX was smooth enough.<\/p>\n<p>Until it breaks.<\/p>\n<p>And it always breaks eventually.<\/p>\n<p>That\u2019s the moment people realize they don\u2019t actually own the systems they rely on. They have access, but access can be revoked.<\/p>\n<p>Ownership is simpler.<\/p>\n<p>If you own your software:<\/p>\n<pre class=\"giallo\" style=\"color-scheme: light dark; color: light-dark(#4C4F69, #CAD3F5); background-color: light-dark(#EFF1F5, #24273A);\"><code data-lang=\"plain\"><span class=\"giallo-l\"><span>it runs without permission<\/span><\/span>\n<span class=\"giallo-l\"><\/span>\n<span class=\"giallo-l\"><span>your data is accessible locally<\/span><\/span>\n<span class=\"giallo-l\"><\/span>\n<span class=\"giallo-l\"><span>it keeps working if the company disappears<\/span><\/span><\/code><\/pre>\n<p>Anything less is conditional.<\/p>\n<p>The uncomfortable part is that we\u2019ve accepted this trade almost everywhere. We tolerate software that stops functioning without a network connection. We tolerate products that remove features remotely. We tolerate systems where years of personal data become inaccessible because of a billing issue or policy change.<\/p>\n<p>Imagine accepting this from physical tools.<\/p>\n<p>Imagine buying a drill that refused to work because the manufacturer\u2019s servers were offline.<\/p>\n<p>Imagine a tractor that refused to start because your monthly subscription ended.<\/p>\n<p>People would call it insane.<\/p>\n<p>Software gets a pass because the degradation happened slowly.<\/p>\n<p>Now AI is pushing this even further.<\/p>\n<p>Your workflows, writing, code, and decisions are increasingly mediated through systems you cannot inspect or run yourself. The more useful these systems become, the more dangerous the dependency becomes with them.<\/p>\n<p>The concerning reality is if your thinking depends on infrastructure controlled by someone else, your autonomy depends on it too.<\/p>\n<p>And that is the real issue here. Not convenience. Not architecture diagrams. Authority.<\/p>\n<p>Who decides whether your software runs?\nWho decides whether your data is accessible?\nWho decides whether a feature exists tomorrow?<\/p>\n<p>Right now, the answer is usually not you.<\/p>\n<p>That needs to change.<\/p>\n<p>We need a different foundation for software. One where the device is the source of truth again. One where applications work offline by default. One where synchronization is optional infrastructure instead of a hard dependency.<\/p>\n<p>That means building systems differently.<\/p>\n<p>Store data locally in open formats users can inspect and verify. Synchronize by exchanging data between devices instead of forcing everything through a central server. Use cryptographic identity instead of accounts tied to platforms. Design for multiple writers and unreliable networks instead of pretending permanent connectivity exists.<\/p>\n<p>The crazy thing is none of this is hypothetical.<\/p>\n<p>Git already proved the model works more than two decades ago. You can commit, branch, inspect history, and merge changes entirely offline. Then synchronize later. The network helps, but it is not required for the system to function.<\/p>\n<p>That design is resilient because it assumes reality instead of fighting it.<\/p>\n<p>Networks fail. Services disappear. Companies change direction. Users deserve systems that survive those conditions.<\/p>\n<p>Call it local-first. Call it sovereign software. The label matters less than the principle.<\/p>\n<p>If software runs on your machine, you should control it.<\/p>\n<p>Not partially. Not until a policy changes. Completely.<\/p>\n<p>The standard should be simple:<\/p>\n<p>If you have your device, you have your data, and the software continues to work.<\/p>\n<p>We need to stop building systems that require permission to run.<\/p>\n<p>And we need to stop accepting them.<\/p>\n"}]}}