Some thoughts on appropriation of another sort

The complaints about cultural appropriation by the polyamory community that I talked about in my last blog post got me to thinking about a different kind of appropriation. It often takes place in the same places and the same contexts as cultural appropriation, and a lot of the same people do it, but it’s a very different animal.

I’m talking about science appropriation.

Science appropriation is what happens when someone uses a garbled, factually incorrect, and/or completely unintelligble statement about science in an attempt to justify or rationalize something that has nothing to do with science at all.

This isn’t directly relevant to polyamory, except insofar as there are some folks (particularly in the New Age crowd) who are polyamorous and do it. I’ve also seen it in religious groups, in alternative “medicine” communities…hell, even among conspiracy theorists.

Science appropriation typically goes something like this: A person with little or no formal background in science wants to believe something. What he wants to believe isn’t especially important. Maybe he wants to believe that fluoridated water is a secret conspiracy of shadowy government agencies trying to control us with mind control drugs, or that diseases can be cured by the waving of hands and the application of spiritual energy, or that benign beings from another dimension want to make us all better people, or that after we die things become wonderful forever. Whatever it is, the person attempts to support the belief with a bizarre and often nonsensical application of some poory-understood scientific principle, or at least sciencey-sounding words like “quantum” or “frequency” or “DNA.” The result makes a hash of science, and in the few cases where the belief might have some kernel of validity, completely obfuscates its validity under a blizzard of intellectual rubbish.

This plays out in practice in a number of ways, and often involves other forms of appropriation as well.

Take this Web site. Please.

It talks about raising our “spiritual awareness” to a higher plane by using the powers of the twelve chakras, possibly related in some manner I’m not entirely clear on to the pyramids, to activate the hidden powers in our DNA.

In addition to a staggering amount of cultural appropriation (I’m not sure the authors of this stuff are even aware that the idea of chakras comes from an entirely different culture than the one that gave us the pyramids), the level of science appropriation reaches nosebleed proportions. For example (I can not make this up):

Most people know that DNA is the ‘blueprint of life’ and is located in every cell of the body. In addition to each chromosome’s 2 strand double helix of DNA, there are an additional 10 etheric strands of DNA available to each human, which have been de-activated and dormant since the beginning of recorded history. Each additional strand possesses attributes that permit the individual to perform greater human accomplishments. Scientists acknowledge that we currently only use 3% of our current 2 strand DNA. Thus we live in a society where people are sick, unhappy, stressed out, create wars, have difficulty experiencing love, and are totally disconnected with the universe. Most people have to meditate for many years just to have a so-called ‘mystical’ experience, that’s how disconnected we are now. Imagine activating 100% of your 2 strand DNA, PLUS 10 additional strands! You will go from using 10% of your brain to becoming a multi-dimensional being with psychic, telepathic, and manifestation abilities beyond anything you’ve ever dreamed of. Plus, you will stop the aging process and actually start to rejuvenate to look and feel YOUNGER. […] The portions of the DNA chain that science has presently identified as the “Double Helix”, represent only the SURFACE portions of the chemical, elemental, and electrical components of the active DNA strands. Science has yet to identify the MULTIDIMENSIONAL spectra of DNA manifestation, and has yet to realize that within the structures of detectable DNA, there are levels of structure and function that direct the operations of the entire genetic blueprint, which are not currently detectable by the contemporary scientific method.

This quote hits pretty much all the hallmarks of science appropriation.

First, there’s the garbled misunderstanding of science facts. Science says that a small percentage of the human genome is made up of “coding DNA”–the percentage is actually closer to 20% than to 3%, but never mind–which is DNA that directs the cell to make proteins. However, that doesn’t mean the rest is inactive! Non-coding DNA is involved in many functions: activation and deactivation (usually through epigenetic methylation) of protein-coding sequences of DNA; coding for strands of RNA that affect the translation of messenger RNA into proteins; and more. Many areas of non-coding DNA aren’t well understood but are highly conserved, indicating that they play an active and essential role in biology.

Then there’s the faux pop-sci mythology that we only use 10% of our brains, a nonsensical superstition remarkably resilient to the light of disproof. This and other popular science superstitions (like the notion that science says bumblebees can’t fly) are common in science appropriation.

And then there’s the hint of secret knowledge–information beyond what science can see, or facts that transcend the current state of knowledge–that’s part and parcel of science appropriation.

And finally, there’s the bizarre, anti-intellectual hatred of science and the scientific method that almost always accompanies sience appropriation. The folks who appropriate scientific-sounding language and ideas for unscientific or pseudoscientific notions seem to have a love-hate relationship with science; on the one hand, they speak with derision and contempt about the scientific method, but on the other, they seem eager–even desperate–for the validation of science.

In fact, about the only thing missing from this particular example is the word “quantum,” which as near as I can tell is what science appropriators use when they mean “magic.”

A great deal of science appropriation comes from folks who seem to genuinely want to make the world a better place, but don’t want to invest in the tools to do it because making the world a better place is often very hard work. Folks who want to be healers but who don’t want to get a medical degree or invest the serious amunt of time and money it takes to understand biology are big offenders here. There’s a Web site (and, I gather, a set of beliefs) called Healing Heart Power that’s a great example of science appropriation:

The heart’s electrical field is about 60 times greater in amplitude than the electrical activity generated by the brain.

The magnetic field produced by the heart is more than 5000 times greater in strength than the field generated by the brain

The electromagnetic energy of the heart not only envelops every cell of the human body, but also extends out in all directions in the space around us […]

Research conducted at the Institute of HeartMath suggests that the heart’s field is an important carrier of information.

Our mental and emotional state impacts the quality of contact we offer to another person. When we touch one another with safe, respectful, loving intention both physically and emotionally, we call into play the full healing power of the heart. The greater the “coherence”–a sense that life is comprehensible, manageable and meaningful– one develops, the more sensitive one becomes to the subtle electromagnetic signals communicated by those around them. […]

Heartpower and our genetic make-up: Dorothy Mandel writes, “Genetically, cells adapt to what they perceive their environment to be. Because an event experienced in the midst of a heart response will be perceived and interpreted very differently than an event experienced in the midst of a stress response, the heart can also powerfully affect genetic expression”

Becoming more heart aware and working towards authentic emotional expression and inner peace may positively impact our genetic health.

Anyone who has any backgrund in biology at all is probably cringing and eyerolling right now. The notion that human beings benefit from positive interaction with one another is pretty straightforward, but here it’s dressed up with a level of science appropriation that’s almost physically painful to read.

We see unsourced, vaguely-defined claims about the heart’s electrical and electromagnetic field that are remarkably content-free (what units are we talking about? What’s the absolute strength of these fields?) and that we are expected to infer are important. (If it’s significant that the heart’s electromagnetic field is stronger than the brain’s, what are we to infer from the fact that the bicep’s electromagnetic field is also stronger than the brain’s?) The biological basis for these claims is not presented (I would reasonably expect the brain to have a weak electromagnetic field, as the activity in it is electrochemical rather than electromagnetic!), yet the claims are used to try to support other claims, such as the heart’s electromagnetic field being a “carrier of information” (what information? in what form? From where to where?).

This particular Web page does do one thing that a lot of science appropriators don’t do, though, which is to make a falsifiable prediction (“the heart can also powerfully affect genetic expression”). Unfortunately for the creators of healing heart power, this prediction doesn’t have any evidence at all to support it.

That does bring up an important distinction between science and science appropriation, though. People who appropriate science for non-scientific or pseudoscientific ends don’t actually know what science is.

Science isn’t a body of knowledge. Science isn’t a collection of facts or books. The Theory of Relativity isn’t science; nor is Western medicine or the Hubble Space Telescope.

These things are the products of science. Science itself is a process, not a library of theorems. It’s a way of looking at the world. It’s a carefully designed system for figuring out what’s true and what’s false that s founded on a simple idea:

Human beings suck at separating truth from falsehood. When we want to believe something, we will find ways to fool or trick ourselves into believing it, even if we’re not consciously aware that’s what we’re doing. Therefore, actually separating what’s true from what we want to be true means systematically dealing with our own cognitive shortcomings, confirmation biases, and predilection for fooling ourselves.

Science insists on falsifiability because without it we tend to persuade ourselves that anything we want to believe is true. We learn about the Scientific Method in school (at least if we got anything even remotely approximating a decent education), but the version we learn in school is dry and not very illuminating. The scientific method, put more plainly, looks something like this:

  1. You are not as smart as you think you are.
    1. If you want to believe something, you’ll find a way to make yourself believe it.
    2. If you think you are rational, you’re probably good at making yourself believe what you want to believe.
    3. You are gullible.
    4. If you think you’re not gullible, you’re really, really gullible.
  2. If you want to know what’s true, you shouldn’t believe things without reason.
    1. “I really, really want it to be true” isn’t a reason.
    2. An anecdote isn’t a reason.
    3. Your feelings aren’t a reason.
      1. Feelings can lie to you.
      2. Your emotional self isn’t very good at fact-checking.
  3. Reality doesn’t care very much about what you think.
    1. Reality is really, really complicated.
    2. Reality doesn’t give a hairy flying fartknuckle about politics.
    3. Reality isn’t human-centric.
      1. If a person in New York and a person in Tehran both measure the universal gravitational constant, the result better be the same.
      2. If you get different results when the “negative energy” of “unbelievers” spoils the experiment, your results aren’t worth a fetid dingo’s kidney.
  4. if you want to understand how the universe works, you have a lot of work to do.
    1. The universe doesn’t fit human stories.
      1. Storytelling isn’t science.
    2. If it can’t be quantified, it isn’t science.
    3. If you can’t figure out a way to test whether an idea is wrong, it isn’t a scientific idea.
      1. The best way to see if an idea holds any water is to try to prove it wrong, not try to prove it right.
      2. Your own tendency toward confirmation bias will lead you to see evidence that your ideas are true even when it isn’t really there.
  5. Sometimes, the answer to a question is “we don’t know,” and that’s okay.

The things I’ve talked about so far are all examples of pseudoscience, so it might seem like sciece appropriation is simply another expression for pseudoscience.

All pseudoscience is sciene appropriation, but not all science appropriation is pseudoscience. Science appropriation also happens when something that isn’t science claims that its principles have been “scientifically proven,” something that happens often in the world of religion.

My sweetie Eve has remarked about how Westerners are quick to appropriate elemets of Indian culture, what with Tantra this and chakra that and having sex is all about spirituality, really it is, I’m being so sincere right now. But when she was in India, she saw the same thing happening in reverse; Indian mystics ad religious people often tried to claim scientific legitimacy for their religious practices, saying that science has “proven” beliefs such as cutting one’s hair is wrong.

When I was working prepress for a living, one of my clients was a book publisher that specialized in supplying books to Christian bookstores. Every year I worked on their catalog, which had an entire section devoted to books that claimed to show how science “proves” that Christianity is the true religion or that Jesus was the son of god or something.

I don’t think of these examles as pseudoscience. Pseudoscience is when something claims to be a science but isn’t, like phrenology or DNA activation or dowsing. The Christians who claim that science supports the divinity of Jesus or the Sikhs who say that refusing to cut their hair is scientifically proven to be beneficial aren’t saying that Christianity or Sikhism is a science; they’re appropriatng the respectability of science to try to support an idea that at its core has nothing to do with science. To me, that’s a it different from prenology and similar systems that claim to be scientific fields but aren’t.

There are overlaps, of course. Creation “science” is a religious belief that’s also a pseudoscience. Sometimes the boundaries get fuzzy. That doesn’t change the fact that some folks claim scientific legitimacy for a belief without saying the belief itself is a science.

Science appropriation also happens in pop culture. An astonishing number of people believe that humans only use 10% of our brains, that the left brain is rational and the right brain is creative, or if you rescue a baby bird that’s fallen from its nest you shouldn’t return it to the nest or its mother will reject it. None of these ideas has any basis in science, but they’re incredibly, annoyingly persistent and many people pass them off as science fact.

Science appropriation is more than annoying; it’s harmful. We live in a technological, post-industrial society with a public school infrastructure that is crap at teaching basic science. Thanks to that, we’ve created a society uniquely vulnerable to science appropriation. When a person with diabetes uses homeopathic “treatment,” the diabetes goes untreated. When someone spends time and money on “DNA activation” in the hopes that it will let her unlock the other 90% of her brain (whatever that means; ae these folks saying that someone with a 110 IQ will have a 1,100 IQ after DNA activation?), she gets fleeced by a scam. The fact that the scammer might also believe the scam dooesn’t make it any less of a scam; it simply means the educational system has failed the scammer, too. Public policy decisions based on science apropriation have the potential to harm lots of people.

So, as part of my own personal crusade to make the world a better place, I’ve created this handy-dandy Science Appropriation Bingo card. Keep it with you when you read New Age Web sites or browse the alternative healing section of WebMD. If you want to print it out, clicky on the picture for a link to a PDF version!

Some thoughts on poly identity

As I write this, I’m in Olympia, Washington. Alas, thanks to a signficant user interface misfeature in the program (Caron Copy Cloner) I use to sync my laptop with my desktop, I don’t have my laptop with me. I’m posting from an iPad. Which has a keyboard quite poorly suited to typing long bits of text (anyone who has a BlueTooth keyboard you’re willing to donate to the cause, see me after class). And I suspect this might get long. In other words, buckle up, it’s going to be a bumpy ride!

A short time ago, I discovered an essay over on the Boldly Go blog called Why I’m No Longer Poly. It’s about seven or eight months old as I type this, but if you haven’t read it yet, it’s worth the read. It’s a critique of the poly community, and there’s quite a bit in it I want to respond to. (This blog post started as a comment over there but quickly overran what can reasonaly go into a comment.)

The critique as I read it breaks down into four main points:

  • Poly is a form of privilege. The time, resources, and attention necessary to find and maintain multiple romantic relationships are most available to middle and upper class people; hence, the poly community tends (unsurprisingly) to be very middle-class and very white.
  • The poly community, possibly because of point 1 above, is guilty of a great deal of appropriation. Some poly folks consider themselves ‘queer’ just based on having non-traditional relationships, which does a disservice to LGBT folks. Gay, bi, and trans* people have been murdered for who they are; to date, that hasn’t happened to anyone for being poly (at least not as far as I know; if you’ve heard of this happening, I’d love to hear about it in the comments). This appropriation is cultural, too, with some poly folk integrating a wishy-washy, Westernized, wildly inaccurate understanding of things like Tantra into the fold of polyamory.
  • The poly community shelters abusers. Whether intentionally or unintentionally, the poly community has failed to create a robust culture of compassion and consent. Serial abusers operate with impunity within the organized poly community.
  • People in the poly commmunity tend to see polyamory as a superior alternatve to monogamy, and therefore (accordng to the Transitive Property of Smugness1) polyamorous people as superior to monogamous people.

The author is talking primarily about the UK poly scene, which I do have some familiarity with, though I’m more grounded in the US poly community.

I think this critique of the poly community has some important points, so I’d like to examine it more closely. Ready? Here we go!

Part 1: Poly Is Privileged

This is an easy claim to make. Look around the poly community in a lot of cities and you’ll see a whole lot of folks who are econmically and racially homogenous. The essay also makes the point:

I’m wondering if non-monogamy is seriously possible for people who are economically disenfranchised or people who blatantly don’t have the time to devote away from work, children, and other social responsibilities to give to other partners. And I wonder now, as I try and create a balance between work, blogging, writing fiction, working out, and all of the other things I have to do if, when I do decide to adopt children, I’ll have the time to devote to more romantic partners.

For a certain model of polyamory, this is true. Maintaining multiple dating-type relationships requires financial and time resources that a lot of folks don’t have. It’s also true that polyamory, as much as it may not be mainstream, is still a hell of a lot more accepted than LGB relationships or relationships with or between trans* people. I know poly folks who have lost custody of their children for being poly, but like I said, I’ve never heard of anyone being killed over it.

But these points, while they are valid, don’t tell the whole story.

One thing it’s important to remember is the poly community is not the same thing as polyamory. The poly ommunity is largely made up of racially and economically privileged folks, but it’s dangerous to infer that polyamory is mostly practiced by that demographic. I’ve met people who are polyamorous who don’t belong to or identify with the organized poly community (particularly when I was living in Florida and Georgia), and there’s quite a lot more variety in socioeconomic class than a look ’round the poly community might suggest.

Likewise, the notion that poly requires a certain level of disposable income and time is true for some models of poly, particularly the I’m-dating-a-bunch-of-people flavor of poly, but it doesn’t necessarily follow that polyamory is therefore limited to the economically privileged. I’ve known–and been involved with!–poly folks who are financially quite poorly off, and who discover in a more communal model of polyamory a way to increase their standard of living.

Indeed, many of the folks in my own poly network have a level of income that’s perilously close to, or in some cases below, the Federal poverty line. Poly people have discovered something that roommates have known for a long time: two can live almost as cheaply as one, and three can live almost as cheaply as two.

The same calculus works for time. A person who’s working two part-time jobs may not have the time to go out on several dates a week, but that’s not the only way to do poly! Both long-distance relationships and communal relationships require much less investment in free time to maintain.

Why is the organized polycommunity so homogenous? That question has a complicated answer. Even the simple version is probably outside the scope of this particular blog post. (That’s not an attempt to handwave away the question; it’s just a really, really complicated subject.) Is the organized poly community a showcase of privilege? You bet. Does that mean polyamory is only for privileged people? Well, that’s a tougher argument to make. The organized poly community does not necessarily reflect the diversity of people who practice polyamory, and identifying as polyamorous does not necessarily mean identifying as part of the poly community.

Part 2: Poly as Cultural Appropriation

This critique breaks down into a couple of broad categories: poly appropriation of the spiritual beliefs of other cultures, usually in a highly adulterated (and somewhat confused) form; and poly appropriation of LGBT identity. As to the first part, from the essay:

I get sick to death of seeing white people in polyamory communities reference a tribe or a culture outside their own, putting white names to their practices, and using them to validate their relationship style or choice. I get sick and tired of the “Ooh”ing and “Aah”ing over appropriated concepts of tantra, chakras, chi, and whatever I’ve seen white people mix together in a fruit salad of whatever cultures they want to build their ignorant burrito out of to try and make their polyamory practice more “exotic” and “sacred”. You shouldn’t have to justify your relationship choice via bigotry. When you act like your polyamory is valid because it’s made of “tiny bubbles of imperfections as proof that it was crafted by the simple, hard-working, indigenous peoples of wherever” you’re being a colonialist jerk.

This gets no disagreement from me. In fact, the urge to validate having multiple romantic partners by mashing together assorted bits of poorly-understood religious traditions from a number of different cultures and wrapping the whole thing up in a ribbon of chakra-expanding tantric sex is one of the more annoying facets of (part of) the poly community.

Does this happen? You bet. I don’t think blame for this rests on the doorstep of polyamory, though. First, most of the offenders I’ve personally seen did it before they became polyamory; they started out involved in alternative New Age spirituality and then, when they started exploring polyamory in the mid to late 90s, they brought their garbled mishmash of other cultures’ spiritual ideas with them.

At least here in the US. I can’t speak for the Tantric/New Age part of the poly community in the UK, because it’s not the bit I interacted with, which brings up a second point:

Not all of the poly community does this. In fact, the poly community is quite diverse in this regard. Most of the community I was part of in Florida, for instance, is made up of rationalists and skeptics with about as much interest in New Age tantric appropriation as they have in six-day-old potato salad.

There’s a polyamory meetup group in Portland for fundamentalist Christians. There’s a group in Vancouver that’s essentially entirely secular. The poly community is not monolithic; to accuse it of cultural appropriation is to miss big chunks that aren’t spiritual at all. Do some poly people do this? You bet. Do most? Not in my experience.

Which brings up the second kind of appropriation. Again from the essay:

I’m sick to death of “allies” telling me that they have a right to call themselves queer just because they date more than one person, especially when they have lipstick parties in middle class suburbia while queer kids are forced into homelessness, nonconsensual sex work, and death. I’ll feel more sympathy for Poly Patriarch not being able to marry all of his concubines when trans* people can get married without having to worry about going to jail for fraud.

I can definitely understand being pretty fed up with this sort of behavior. I personally am not sick to death of it, because so far I personally have not seen it. I certainly would never consider calling myself “queer” because I’m poly; as a cisgendered straight white guy, that would be profoundly nonsensical of me2.

This might be something that’s more common in the UK than the US; I don’t know. I do know that the poly communities I’ve been ppart of have had members who are gay, members who are bi, and members who are trans…all of whm have a reasonable claim to “queerness,” but no because they’re poly.

Part 3: Abusers In the Poly Community

This is the most head-scratching part of the essay to me.

Yes, the poly community has abusers. I don’t see it as a poly problem; I see it as a problem of minority sexual subcultures in general. Ironically, the essay’s author still identifies as kinky, whereas I’ve seen abuse happen a lot more in the BDSM community, as I’ve written about here (trigger warning: rape), here, and here. But saying it isn’t a “poly problem” doesn’t mean it’s not a problem in the poly community. It absolutely is.

And it pisses me off.

A couple of months ago, my partner zaiah and I hosted the first of what’s likely to be a bimonthly poly get-together, whose purpose is to create white papers–papers that an be used by other poly organizers. The very first one? Creating poly communities that are safe and do not shelter abusers. Last month, we hosted the Portland West Side Poy Discussion Group. The topic? Preventing abuse in the poly community.

When I say this is the most head-scratching part of the essay, it’s not because I believe the poly community is a beautific assemblage of saints. It’s because the claims of abuse sound a bit…strange to me. The essay contains this bit…

If I’m dating Tom and Tom is treating his boyfriend Phil like dirt, I can’t possibly tell Tom that I’ll break up with him or I can’t sit by and watch him treating Phil like dirt. Because then I’m being controlling, jealous, and manipulative. I’m stuck in a trap where I have to put up with abusive shit all for the sake of not exercising the dreaded veto. […] Until poly people stop demonising things like “veto power” and start talking and taking seriously how polyamory can work well for abusers, I have a hard time taking on the label…

…which I find a little odd. I’m not sure I get the connection between “opposing veto” and “sheltering abusers.” I am an outspoken opponent of veto3 in poly relationships, because in my experience vetoes are often used as tools of abuse. I almost always see them wielded with indifference of–even contempt for–the needs of the people against whom they are used (people who, most often, are on the short end of a significant power imbalance to begin with).

What I also tend to see in conversations aout veto is a strange sort of either/or, all-or-nothing mentality: if you don’t have veto, that means you have no say at all, and you just have to lie down and take whatever your partner does. You can’t express an opinion or an objection of any sort; to do so is the same as veto.

And don’t psychologists tell us that one of the defining characteristics of many abusers is the fact that they seek to control their partners and particularly control their partners’ interactions with others, cutting their victims off from other sources of love and support?

Frankly, I find the discussion of veto with regards to abuse bizarre. If I were dating Sally and I saw her mistreating Bob, telling Sally I’ll break up with her if her behavior doesn’t improve isn’t veto. Telling Sally “I demand that you break up with Bob”–that is veto.

I don’t do veto, nor get involveed with those who have it. Yet if I’m dating someone who is treating another partner like dirt, or who is being treated like dirt, I’m going to say so. And if someone says that’s “controlling, jealous, and manipulatiive,” that says more about that person than it does about me, I reckon.

Conflating “doesn’t do veto” with “supports abuse” seems…well, I’m not really sure what’s going on there, but in my experience if someone is being abused and won’t leave the abusive relationship if you say “hey, this is abuse,” they aren’t too likely to leave if you say “hey, veto” either.

Just sayin’.

Part 4: Smug

From the essay:

While many poly people acknowledge that “Relationship broke, add people” probably isn’t the best solution, just as many people act like polyamory is the solution for anyone’s relationship problems, or they look down on silly monogamous people who feel things like jealousy and fear (because, you know, non-monogamous people never feel that).

I’ve met this guy. Once. On a Facebook forum. He was roundly (and loudly) ridiculed.

This may be a regional thing. I totally get that there are folks who act this way, but in my expeience there aren’t “just as many” folks who say this as who say exactly the opposite. In fact, the poly groups I’ve belonged to in Florida, Georgia, and Portland, and the poly folks I’ve met in Boston and Chicago, actively frown on the notion that polyamory is more evolved, more enlightened, and/or good for what ails those poor Neanderthal mono folks.

If I were to meet a lot of people proclaiming how backward monogamy iis, I suspect it’d get right up my noose, too. So I’m willing to give this critique a pass; it’s not my experience, but different poly communities, as I mentioned in art 2 up there, have very different attitudes. Perhaps there’s a poly community over across the pond where this idea is prevalent; if so, I can certainly understand opting out of it.

Opting out of a community, though, isn’t the same thing as opting out of an identity. I’ve disassociated myself with the BDSM community, because it has a lot of behaviors and practices I find toxic. I still do BDSM. Distancing myself from others who do some of the same things I do doesn’t, at least for me, change my identity. If it did, the way I see it, I’d be letting folks I don’t like dictate my identity, and that seems an odd choice to me.

1 The Transitive Property of Smugness is what I call the propensity of some folks to talk about how doing some thing like having multiple partners) or being part of some group (like people who practice BDSM) requires skill at a particular thing, and then to assume that because they do that thing, they have that skill. For example: “It takes good communication to be polyamorous. I am polyamorous. Ergo, I have good communication skills. Yay! Go me!” There are variants of this in almost every subculture I’ve ever belonged to; its kink equivalent is “Consent is an important part of BDSM. I am part of BDSM culture. Therefore, I am awesome about consent! Woohoo!”

2 Not to mention insensitive. Rude, too. And kinda stupid.

3 Defined here as a right or agreement by which one person can tell another person “I require you to end your relationship with so-and-so” and have an expectation that the other person will break up with so-and-so. I’ve spoken to some folks who use the term “veto” to mean “I have the right to give you my opinion about whether I like so-and-so.” I don’t think that’s the most common usage of the word “veto,” and it’s not the one I use here.

Evolution of the W32/Kuluoz malware scam

Well, boys and girls, it looks like the malware distribution I talked about here and here has morphed again. This morning, I started receiving emails that pretend to be DHL delivery notifications, rather than American Airlines ticket sales or FedEx notifications:

As before, the links take you to hacked WordPress or Joomla sites that will examine your browser user-agent. If you’re on a Mac or Linux computer, or you’re using a modern Windows browser, you’ll see a phony 404 Not Found error that looks like this:

If you’re using a Windows browser that has vulnerabilities, the link will download a copy of the W32/Kuluoz information and bank password stealing malware.

Stay safe out there.

Malware attacks after the Boston bombing

Yesterday, in the wake of the bombings in Boston, I received an email that looks like this in my inbox.

The links, needless to say, do not go to CNN. Instead, they lead to


This site IS LIVE as of the time of writing this. It WILL attempt to infect your computer with malware. DO NOT visit this site if you don’t know what you’re doing! is a hacked site hosted in Belarus. The URL in the email is a link to a file planted on the site that redirects visitors, using both JavaScript and a REFRESH meta tag, to

This site is hosted by an outfit called Colo Crossing, a server colocation facility headquartered in the US. The domain was registered through (wait for it…) GoDaddy:


Whois Server:
Referral URL:
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 19-nov-2012
Creation Date: 19-nov-2012
Expiration Date: 19-nov-2013

>>> Last update of whois database: Thu, 18 Apr 2013 21:42:55 UTC <<< Registrant: Jigar Kapadia B-32, Mani Ratna Raw House, Opp Sai Nagar New Gujarat Gas Road, Adajan Surat, Gujarat 395009 India Administrative Contact: Kapadia, Jigar
B-32, Mani Ratna Raw House, Opp Sai Nagar
New Gujarat Gas Road, Adajan
Surat, Gujarat 395009

Technical Contact:
Kapadia, Jigar
B-32, Mani Ratna Raw House, Opp Sai Nagar
New Gujarat Gas Road, Adajan
Surat, Gujarat 395009

The domain was registered last November, and put into service after the Boston Marathon bombing. (Interestingly, the HTML file that redirects to this site contains the following block of text:

Be sure you have a transfer reference ID. You will be asked to enter it after we check the link. Important: Please be advised that calls to and from your wire service team may be monitored or recorded.

Redirecting to Complain details… Please wait…

This suggests that an ordinary, garden-variety malware attempt, possibly something like a fake PayPal or bank transaction notification, was hastily modified to exploit the Boston attacks.

As per usual, if you receive any emails like this, do not be tempted to click on the links in them.

I expect to start seeing similar emails targeting the explosion at the fertilizer plant in Texas within the next 24 hours.

More on the W32/Kuluoz malware attack

A short time ago, I wrote about a malware attack in which hacked sites were being used to spread the W32/Kuluoz malware. Kuluoz is a password-stealing Trojan; when it’s installed, it scans your password files for Web browsers, password wallets, and so on looking for bank, PayPal, eBay, FTP, and other sites. People infected with Kuluoz may see their bank accounts emptied, their PayPal accounts drained, and if they use FTP to manage Web sites, their Web sites may be infected with the same malware.

Since I first wrote about it, the attack has changed and grown a lot more aggressive.

I saw the first sign of this attack on November 26 of last year. At the time, the attack was still quite crude: the victim would receive an email claiming to be from FedEx (though the body copy of the email said UPS) that had a message saying a package could not be delivered, and the victim would have to click a link to print out a receipt to pick the package up.

The link, of course, went to a hacked Web site being used to spread the malware. Clicking on the link would download a copy of W32/Kuluoz.B, regardless of what kind of computer the user was using. The first infected link I saw was

hosted on Spanish Web host Arsys. The compromised site was running an outdated copy of WordPress; it has since been pulled down by the host.

In the time between last November and this March, the attack grew more sophisticated. The emails attempting to lure marks to hacked sites got more polished, and grew to resemble actual FedEx emails quite closely. The malware downloaders placed on hacked sites changed; they now examine the browser’s “user agent,” a header that tells a Web site what kind of computer you are using. If you’re on a Mac or Linux computer, you see a bogus “404 not found” error; only if you are on a vulnerable Windows browser does the hacked site download malware. And the malware itself changed rapidly as well; VirusTotal identified the first malware as W32/Kuluoz, but later downloads, with different file sizes and MD5 hashes, are identified as W32/Kuluoz.B or W32/Kuluoz.3.

Since I wrote the report last March, the attack has ramped up significantly and changed again.

At first, in November and December, I averaged 6 emails a month trying to get me to click on links. Now I’m seeing an average of more than 15 of these emails per day.

The emails themselves have changed, too. The fake FedEx emails, though I still get them occasionally, have become quite rare. Instead, the new wave of attacks involves emails that look like American Airlines ticket confirmation emails:

Needless to say, if you get an email that looks like this, DO NOT click on the link.

Right now, there is a hack attack of unprecedented scope and tenacity going on against WordPress and Joomla sites. The attack uses tens of thousands of compromised PCs to try to log in to WordPress and Joomla sites with the username “admin” and a vast number of common passwords. The attack is so severe that some Web hosting companies are reporting that WordPress and Joomla sites on their servers are slow to respond or not loading at all.

I believe that those hack attacks are related to the W32/Kuluoz malware distribution.

I don’t have any direct proof of that. The people attacking WordPress and Joomla sites are covering their tracks well, using botnets and IP spoofing to carry out the attacks.

But the circumstantial evidence seems strong. So far, every single compromised site I’ve seen that’s hosting the Kuluoz downloaders is running WordPress or Joomla. As time has gone on, the number of infected WordPress and Joomla sites has scaled rapidly. The recent wave of emails trying to lure people to infected sites coincides with the ramping up of attacks on WordPress and Joomla sites.

None of this is incontrovertible evidence. It could be coincidence–two different organized crime gangs attacking the same kinds of sites at the same time and ramping up their efforts coincidentally. But my gut says they’re related.

One of the most frustrating parts of this problem, for me, has been how slow Web hosting companies are to respond to reports that their systems have been penetrated and they are hosting computer malware.

I’ve compiled a list of statistics about infected Web hosting companies. Since November 26, I’ve started keeping track of which Web hosting companies are affected by the attack, and how long they’ve taken to remove a malware dropper once they’ve been notified it exists.

Not all Web hosts are created equal. Here, for example, is a graph showing the number of malware infected Web sites I’ve seen on various Web hosts since November, with the Web hosts identified by Spamcop:

The worst of the worst of the lot in terms of sheer number of virus droppers hosted, by a large margin, is GoDaddy.

Now, some ISPs host more Web sites than others, so if all ISPs were equally vigilant (or equally lax) about security you would expect to see larger hosting companies hosting more viruses than smaller companies. But this graph shows that isn’t really how it goes. Hostgator is larger than most the other hosting companies listed here, but has only a small number of malware-infected sites. Dreamhost and OVH are disproportionately represented for their size by a significant margin.

Another place where hosting companies are not created equal is in how speedily they remove malware droppers once they’re notified. The best Web hosting companies will do this within 24-48 hours, which to my mind is still quite a long time to leave a malware dropper active. When I’ve complained to Hostgator,, and Lunarpages, for example, they’ve typically taken action quite quickly.

On the other side of the coin, some Web hosting companies take months to remove malware droppers…or don’t remove them at all.

I don’t know if it’s because they are easily fooled by the phony 404 errors or if they simply don’t care, but a number of Web hosting companies on this list appear unwilling or unable to deal with malware-infected sites at all.

The worst of these are Dreamhost (which has not removed one single malware site from its servers–every single one I’ve notified them of, without exception, is still active as of the time of writing this), GoDaddy (which used to be one of the top most responsive Web hosting companies, but no more; sites that they are notified of typically remain active on their servers for months, with one site I notified them of last December finally being taken down this April), OVH (which, like Dreamhost, appears not to deal with malware-infected sites at all), (a site they were notified of in January is still active and spreading malware as of the time of writing this), and, sadly, Bluehost (which keeps emailing me to say the problem is resolved but the malware droppers remain active on their servers nonetheless).

Other ISPs on the Walk of Shame include 1 and 1 (which typically won’t remove a malware dropper until I’ve emailed them three or four times), Peer 1 (which has several malware droppers active for two months or more), and Calpop (which typically leaves malware droppers live for about six weeks after being notified).

Now it’s time for the practical bit.

If you have a WordPress or Joomla Web site, what can you do to keep it secure?

The two most important things you can do are to use very, very strong admin passwords and keep on top of security updates religiously. When a security update for a popular Web package is released, organized crime gangs will examine it and then roll the security holes it fixes into their automated exploit tools, because they know that most people don’t install them right away. If you don’t install a security patch within a day or two of its release, you run the risk of being pwn3d.

So, here’s a quick list of dos and don’ts to run a WordPress or Joomla site:


  • Use strong passwords.
  • Install updates immediately.
  • Consider locking down your /wp-admin or Joomla admin directories with an .htaccess file that does not permit access without a password. If you don’t know how to use .htaccess files, there are some plugins that can do this for you. A WordPress plugin that can lock down your wp-admin directory is Bulletproof Security. A similar Joomla plugin is JHackGuard.
  • If you have more than one WordPress site, install InfiniteWP. This is a WordPress administration console that will notify you by email when any component of any of your WordPress sites needs to be updated, and allow you to update all your sites with one button click. It’s free.
  • If you create your own WordPress or Joomla themes, consider removing the WordPress or Joomla footers. Automated tools are used to scan for these so that the bad guys know what sites to attack.
  • Make sure you remove the /install directories when you install any CMS. (Joomla requires you to do this.)
  • Use a Web host that is proactive about security and responds quickly to abuse complaints.


  • Assume you don’t have to worry about security because you have a tiny little site that nobody visits. The organized crime groups don’t care what your site is or how much traffic it gets. They use automatic tools that search through hundreds of thousands of Web sites a day searching for vulnerable sites. If you are vulnerable, you will eventually be cracked.
  • Leave your plugins or themes directories indexable. If you don’t know what that means, the easiest way to make sure you’re not indexable is to create an empty file called index.html in your plugins directory and your themes directory. This will keep people from getting a list of all the files in those directories, which they can use to search for vulnerabilities.
  • Set up a WordPress or Joomla Web site and then just walk away from it. If you are not actively maintaining it, take it down.

2013’s First Big List o’ Linky Links

Once again, I have so many browser windows open that my computer, newly upgraded to Mac OS 10.8, is slowing to a crawl. (And on the subject of that upgrade, I’d just like to say that the latest and greatest Safari seems to handle large numbers of open windows with considerably less grace than the old version did, illustrating once more the age-old principle that human progress and the fall from grace go hand in hand.)

So, in time-honored tradition, I’m dumping a list of links here for you. Enjoy!

Photography and Cats

From Buzzfeed comes this awesome page called Perfectly Timed Cat Photos. The Internet is not just for porn; it is for porn and funny pictures of cats. And this page has some of the best of the latter.

This next link is porn, of a sotrt. It’s a Web site called Abandonedography, and it has some of the most amazing photos of urban decay you’ll ever see. Me, I really, really like urban decay.


From Science Daily comes an interesting article, Monogamy and the Immune System: Differences in Sexual Behavior Impact Bacteria Hosted and Genes That Control Immunity.

Through a series of analyses, MacManes and researchers from the Lacey Lab examined the differences between these two species on the microscopic and molecular levels. They discovered that the lifestyles of the two mice had a direct impact on the bacterial communities that reside within the female reproductive tract. Furthermore, these differences correlate with enhanced diversifying selection on genes related to immunity against bacterial diseases.

The Guardian has an article that speaks to my interest (and my annoyance with pop understanding of science), Our brains, and how they’re not as simple as we think.

As neuroscience has gained authority over previous ways of explaining human nature, it is not surprising that people will be compelled to use it if they want to try and make persuasive claims about how people are or should be – regardless of its accuracy. Folk neuroscience has become Freud for Freud-phobes, everyday psychology for the sceptical, although in reality, rarely more helpful than either.

Over on io9, there’s a somewhat breathless but still interesting article, Temporary tattoos could make electronic telepathy and telekinesis possible. The actual technology isn’t about “telepathy and telekinesis” so much as it’s about using tiny, microns-thick electrodes to interface human beings to the world, but headline hype aside, it’s cool stuff.

Society and culture

This is a fairly old article, about a year old at this point, but still worth noting. When people talk about the ‘gay agenda’ as if it’s some dark and sinister thing, I think it’s fair to be reminded occasionally that there are still rather a lot of folks who believe that gays and lesbians should be rounded up and executed. There is little about the supposed ‘gay agenda’ that even comes within a light-year of that.

Over on No Place for Sheep is this article, What is objectification, anyway? Objectification is a hot-button topic in any conversation about misogyny, and this essay lays it out rather well.

Similarly, there’s an article on lacigreen that talks about how oppression works. Many folks I’ve talked to about the ideas of privilege and oppression try to paint the ideas as creating a strict hierarchy, with (presumably) strait white men at the top; this essay talks about why that model isn’t realistic.

Speaking of misogyny: A while ago, there was a short-lived Tumblr blog called “Nice Guys of OK Cupid,” which hilighted online dating profiles of men who called themselves ‘nice guys’ and lamented the fact that they were always getting ‘friend zoned,’ while also expressing horrifyingly misogynistic (and in some cases potentially violent) ideas. The Tumblr blog is no more, but there’s an essay over on Jezebel called No One is Entitled to Sex: Why We Should Mock the Nice Guys of OkCupid that’s definitely worth a read.

The plea to replace mockery with understanding is a familiar one; it’s what lies behind the calls to stop using the word “creep,” because men find it shaming. But in the case of Nice Guys of OkCupid, disdain isn’t rooted in meanness as much as it is in self-preservation. While only a small percentage of these guys may be prone to imminent violence, virtually all of them insist, in one way or another, that women owe them. Mockery, in this instance, isn’t so much about being cruel as it is about publicly rejecting the Nice Guys’ sense of entitlement to both sex and sympathy.

John Scalzi can always be counted on to lay things out plainly, and his essay An Incomplete Guide to Not Creeping is no exception.


In a feat of improvisational engineering that’s equal parts awesome and horrifying, a guy has built himself a drone, armed it with a paintball gun, and programmed it to shoot at human-shaped targets.

I’m a big fan of Arduino hacking, having used an Arduino to make everything from a thought-controlled sex toy to a brainwave-controlled Rubens’ tube to a vibrator guaranteed not to get you off. Adafruit, a company that makes all kinds of neat DIY Arduino-like gear, has introduced a new Lilypad-like microcontroller designed for wearable computers and paired it with programmable smart LEDs to create some really cool stuff. Check out the how-to video on making a tie with a glowing VU meter built in!

Polyamory: So What Is Couple Privilege, Anyway?

I’ve been chewing on this post for more than two years now.

Part of the problem is that it’s a daunting subject; one could easily write a book on the subject of couple privilege and how it plays out in relationships. Another is that a lot of otherwise well-meaning folks tend to get freaky-deaky about the P word; it’s perceived as an accusation or an attempt at guilt-tripping, because we all like to think of ourselves as basically fair and decent people, and the notion that we benefit from advantages that we haven’t earned is an uncomfortable one.

Part 0: Privilege: What is it?

Put simply, when you talk about people or societies, a ‘privilege’ is any advantage that one person or group has over another that hasn’t been specifically earned.

It’s a simple idea that’s complicated and fraught with land mines in practice. Part of the reason for that is that privilege is invisible to those who have it. If you are in a privileged position, it doesn’t seem like you have advantages over other people; it just seems like the Way Things Are. People don’t consciously assert privilege. People don’t get up in the morning and think “Wow, as a heterosexual white guy, I think I’ll go out and oppress some women and minorities today!” Privilege is insidious because it is structural; privileged people get advantages without having to consciously think about them.

Click for an introduction to privilege; if you’re familiar with the concept, you can probably skip this.