Full Stack Ethics

In the final season of Silicon Valley, Hooli ex–CEO Gavin Belson announces “tethics”, a portmanteau of “tech ethics” and a pledge companies can sign to show they uphold the principles thereof. The idea catches on, and it becomes deeply unpopular for a company to not be “tethical”. Pied Piper founder Richard Hendricks is the lone holdout, objecting that signing the pledge doesn’t actually mean anything.

The joke is that Silicon Valley has spent the entire series portraying Gavin Belson as the most flagrant example of an unethical tech CEO. Like so much of the show, it’s a sharp critique of the real tech industry.

Growing distrust of the tech industry reached a boiling point in the late 2010s. Venture–backed companies proved over and over to be jealous, sneaky and overbearing stewards of our data. In response, we’ve heard increasing calls to abandon these platforms for ones we control. It’s becoming trendy for companies to describe themselves or their products as “ethical”.

As developers, I have no doubt that we‘re capable of creating ethical technology. Like Richard Hendricks, many of us have strong convictions about exploitation, privacy and openness. We can fight back against surveillance and walled gardens.

But we need to get real for a second. The money and data that we use to build “ethical” software often goes to companies that violate the very principles we try to embody.

A Problem

Microsoft used to be reviled for its hostility to open source software. Ex–CEO Steve Ballmer once said “Linux is a cancer”, referring to its viral free software license. Microsoft’s “Embrace, Extend and Extinguish” strategy targeted both competitors’ software and open standards, and was a central pillar of the US Department of Justice’s monopoly case against them.

Under Satya Nadella, Microsoft has turned over a new leaf. They’ve released open source projects of their own. Microsoft Azure even provides servers running Linux as well as Windows.

But Microsoft’s embrace of open source belies the harm it’s doing elsewhere. The US military contracted them to provide technology that would give soldiers “increased lethality, mobility and situational awareness”. GitHub, its subsidiary, is working with ICE to round up and terrorize undocumented people and their families.

Not content to let Microsoft get all that sweet deportation money, Amazon also provides tools to help ICE surveil people. They were competing against Microsoft for that military contract as well, allegedly only losing because of Donald Trump’s personal vendetta against Jeff Bezos.

People point to Amazon as a paragon of efficiency. That efficiency comes at a human cost. Amazon warehouse workers have been pushing to unionize after dealing with exploitative and dangerous conditions. They toil in subzero warehouse temperatures, avoiding bathroom breaks for fear of missing their targets. They are pressured to continue working on the verge of heat stroke. The company places those who experience personal trauma on performance–improvement plans, reminding them to focus on their jobs.

Amazon also hates paying taxes. They killed a Seattle tax meant to help the homeless. The EU ordered them to repay €250,000,000 after negotiating “illegal tax advantages” with the Luxembourg government. In 2017, they paid no federal taxes on $5,600,000,000 in profits; in 2018, they paid no federal taxes on $11,200,000,000 in profits.

Google vowed to be a different kind of company, famously adopting the motto “don’t be evil”. It turns out that a lot can change in 20 years!

After becoming the dominant web search engine, Google realized they were sitting on enormous amounts of behavioral and search data. The dot–com crash led them to capitalize on this treasure trove, and in the process they invented something that would transform the tech industry into a digital dystopia.

Enter surveillance capitalism: a business model that commoditizes our most private information.

It turns out that shady people have lots of uses for detailed information about you, specifically. Sometimes they want to sell you things, sometimes they want to convince you of ideas… but whatever the reason, they’re willing to pay a lot for that information. This incentivizes Google to harvest as much data about you as possible — even if your consent is dubious or withheld.

How far is Google willing to go? They indiscriminately collect personal information from public Wi–Fi networks. They place hidden microphones on home security devices. They track your location on Android and iOS and ignore your attempts to disable it.

Google’s justification has been that if you have something to hide, you shouldn’t be doing it in the first place. But in practice, there’s plenty of information you might want to keep private. Research shows that digital surveillance has a chilling effect on searches for health–related information and self–expression. After Edward Snowden revealed that the NSA was spying on US citizens, terrorism–related Wikipedia searches declined by over 30%.

Mass surveillance can also have negative health effects. In another study, some subjects under surveillance exhibited symptoms similar to post–traumatic stress disorder.

Google has transgressed in more traditional ways, as well. Andy Rubin, the founder of Android, was given a $90,000,000 exit package after credible allegations of sexual misconduct were levied against him. On top of that, Google invested millions in his next company despite having no obligation to do so. When employees protested this, Google demoted the protest organizers.

That wasn’t the only time Google took aim at their own employees. They’ve also retaliated against workers for reporting harassment, and fired employees for trying to form a union and speaking out about diversity.

This might all seem tangential to upholding these principles ourselves. The point of creating ethical technology is to do better than this, right? These companies give us a template for what not to do.

The problem is that we’re using these companies when we build things. We pay GitHub the same money it uses to help deport undocumented people. We send Google the same data it sells to advertisers. Companies are only able to behave like this because we still give them our business.

Our first line of defense against harmful and exploitative practices should be to refuse to perpetuate them. But it’s not enough to just do right ourselves. If we want to build ethical software, we need to consider the full stack.

A Way Out

An ethical tech stack is one in which there are no moral quandaries with any of the technologies or companies involved. That means the money you spend isn’t being used to deport people, or pay for sexual predators’ exit packages.

There are two ways developers can make a difference. The first is to pick an ethical tech stack for any personal work and side projects. The second — more difficult but more effective — is to convince your employer to care about the ethics of their tech stack. That means making the case that whatever technology you want to use won’t hurt the business.

The good news is that using ethical technology doesn’t have to mean making compromises. Developer tooling is a highly commoditized market: there are tens of thousands of companies and open–source products competing to solve every problem we encounter building software.

Take Google Analytics: found on 61% of the most–visited websites, it’s Google’s beachhead for surveillance capitalism. It’s so pervasive that even otherwise staunch advocates for privacy often use it themselves. You get free data about how people are using your website, but Google uses that information — combined with every site using Google Analytics — to target each visitor.

Instead, consider alternatives like Fathom and Simple Analytics. They reject surveillance capitalism in favor of a tried–and–true business model: charging their customers money. Both are easy to install, and either match GA’s tentpole features or are working on them. Fathom shows you pageviews, uniques, bounce rate and referrers. They also have a public roadmap where you can see the features they’re working on, such as UTM parameters and custom event tracking.

You’re also not beholden to another company to provide you web analytics. There are plenty of open–source services available to host on your own infrastructure.

As ubiquitous as Google Analytics is to web analytics, GitHub might be even more so to software development. In addition to creating a tooling monoculture, they also feed the police– and military–industrial complexes.

In late 2019, over 700 developers (myself included) signed a petition asking them to stop providing services to ICE. What if all those developers stopped providing their code to GitHub?

There’s Bitbucket, which started around the same time as GitHub and is now owned by Atlassian. GitLab is an alternative that offers tight integration with many supporting services, such as continuous integration. Sourcehut is a newcomer that eschews investor money.

And as with analytics, self–hosting is an option here. Git itself is decentralized and open source; there’s no reason to rely on one company to provide it to everyone. Check out Gitea, a self–hosted service with many GitHub–like features. GitLab and Sourcehut also provide open source, self–hostable versions.

At a recent meetup, someone asked about “the AWS problem”: they considered Amazon unethical but thought AWS was an indispensable part of their stack.

Virtual private server companies are starting to offer managed services to compete with cloud providers. DigitalOcean offers not only servers but S3–compatible object storage, managed databases, load balancers and (if you want something a bit more microservicey) managed Kubernetes. If you don’t like them, try Linode, Vultr or one of the many other companies from which you can rent a server for under $10 a month. You can do anything with these services that you can do with Amazon Web Services, Microsoft Azure or Google Cloud Platform.

It takes a bit of ethical calculus to figure out what you’re okay with and what you want to stop using. For example, TypeScript is a popular programming language from Microsoft. But it’s free and open source; the only thing you’d be helping them do is launder their reputation. On the other hand, even though Google Analytics is also free, you’d be supporting surveillance capitalism by selling out anyone who uses your app.

This all might sound a bit overwhelming. It’s likely that you or your company use at least a few of the services named here (a list that’s by no means exhaustive).

But you don’t have to make the jump all at once. Start small! Swap out Google Analytics on your personal website. Create the repo for your next project somewhere other than GitHub. Set up your own server instead of using AWS.

The unfortunate flip side is that this can be a form of gatekeeping. Paying $14 per month for a privacy–respecting analytics service is hard if you’re not relatively wealthy. Running your own servers is daunting if you haven’t dug around the internals of your operating system.

These are our problems to solve as developers. We need to find ways to make ethical tech just as accessible to everyone as unethical tech is today. Privacy cannot be a luxury good.

It’s become clear that despite their utopian ideals, tech companies are the same as any other company. They bust unions. They suppress wages. They exploit tax loopholes. And ultimately, they depend on our money and our labor. Boycotts and walkouts are important and powerful tools. But even without a big coordinated protest, we can still show these companies that they can’t take our business for granted.

I love building things, and I love technology. But I refuse to build on the backs of people who are more vulnerable than I am. We as developers can solve this by refusing to sell out our customers’ data and closing our wallets to companies that harm others.

What Now?

If you’re moved to action but aren’t sure where to start, here are a few links to get you going: