Friday links: December 12, 2025

Every Friday, I share a handful of pieces that caught my eye at the intersection of technology, media, and society.

This week I was drawn to a focus on centralized government oversight and how to avoid it. Trump banned state-level AI regulation (I wonder what the Supreme Court will make of that) and announced that all non-citizens would need to switch their social media to public and hand over the links for scrutiny before traveling to the US. Mastodon reminded us that, particularly in this current context, the world needs its own sovereign services that cannot be regulated by the President. And meanwhile, Let's Encrypt, Tumblr, and the web itself, three reminders of the power of internet freedom, are still powerhouses of real expression.

Did I miss something important? Send me an email to let me know.

Trump Signs Executive Order To Combat State AI Regulation

This is a gift to AI vendors, and more importantly, to the subset of wealthy investors that backed Trump and Vance:

“President Donald Trump signed an executive order on Thursday intended to limit state regulation of artificial intelligence. In a ceremony in the Oval Office, Trump said AI is a strategic priority for the United States, and that there must be “a central source of approval” for regulations.”

This comes at a time when a raft of states have passed or are preparing to pass new legislation. For example, in New York, on the same day:

“The New York bill requires anyone producing or creating an ad to provide a disclosure if it includes AI-generated synthetic performers. A separate but related piece of legislation requires consent from heirs or executors if a person wants to use the name, image, or likeness of an individual for commercial purposes after their death.”

An AI safety bill due to be signed was substantially gutted by the Governor:

“The bill, known as the Responsible Artificial Intelligence Safety and Education (RAISE) Act, would in its original form have become the most expansive state-level regulation of AI for the testing and reporting of advanced “frontier” models. Co-authored by Assemblymember Alex Bores and Sen. Andrew Gounardes, the bill would put the onus on frontier model developers to create plans to make their models safer, proactively report “critical safety incidents,” and ban models deemed unsafe through testing from being released. It has been sitting on Hochul’s desk for months.”

It’s hard to tell which of these measures are driven by lobbying and donations, and which are simply the result of politicians being substantially AI-pilled, unwilling to be seen holding back what they see as a generational innovation. I’d put money on a little from column A and a little from column B. Either way, it’s not great that democratic processes for developing and enforcing regulations are being actively sidelined.

It’ll be interesting to see how well all of this has aged in a year or two.

Also of note is this bizarre comment from the President:

“I always thought it should be the SI, Supreme Intelligence, but, I guess somewhere along the line they decided to put the word artificial, that’s okay with me, it’s up to them. It’s a massive industry.”

Sure, okay.

US plans to start checking all tourists' social media

This is a proposal by Customs and Border Protection, not an implemented policy, which means there’s time to fight it:

“According to a notice published in America's federal register on Tuesday, foreign tourists would need to provide their social media from the last five years.

It will be "mandatory" to hand over the information, and other details - including email addresses and telephone numbers used in the last five years, as well as the names, addresses, numbers, and birthdays of family members - will also be required.”

As the article points out, this has already been happening sporadically, with some people refused entry due to their social media posts, but the proposal would turn it into systemic policy.

This follows a policy earlier this year that forced applicants for student and exchange visas to switch their social media accounts to public:

“The State Department also indicated that if applicants refuse to unlock their accounts or otherwise don’t maintain a social media presence, the government may interpret it as an attempt to evade the requirement or deliberately hide online activity.”

Once data is handed over, existing policies allow for the government to keep surveilling accounts — this isn’t a one-time analysis (although that would be invasive enough). This makes everyone less safe, but is particularly harmful for people from vulnerable communities. As the EFF has pointed out, woman and LGBTQ+ people have more reasons to set their profiles to private, as they’re more likely to experience abuse. Not to mention activists, journalists, and so on.

The more privileged (or isolated) someone is, the more likely they are to wave concerns about surveillance away because they “have nothing to hide”. It’s a common fallacy. We all have the right to privacy in our personal lives; it’s why there are locks on our doors.

These are extraordinary actions for a country that claims to believe in freedom and democracy to take, but of course, the Trump administration has not stood up for either of those things. It’s easy to imagine a person who might otherwise have considered visiting to the United States choosing to visit somewhere else instead. And, perhaps, investing in other countries and supporting the economies of nations that uphold civil rights rather than choosing to erode them. I would not blame them.

The world needs social sovereignty

Over the last week, the European Commission fined Elon Musk’s X €120 million for providing a blue check “verification system” that doesn’t meaningfully verify users. In response to this regulatory action, X blocked the European Commission from posting ads on its platform. “Time to abolish the EU,” Musk posted.

These are the kinds of shenanigans that could only happen and would only be meaningful on a monolithic closed platform, which Mastodon’s Hannah Aubry points out:

“We’re grateful to Elon Musk for proving once again why the world needs to log off corporate-owned, centrally-controlled social media platforms and log on to a better way of being online.

[…] In any free society, it is the right of every citizen to access and comment on the news, decisions, and reasonings of their government. We believe it is a government’s responsibility to ensure this right for its constituents. Public institutions should communicate with their citizens on open platforms, not ones that require creating an account and sending personal data to a self-serving tech company.”

When X reduces the reach of a government entity as an act of retaliation for a regulatory action, it proves how unsuitable closed systems are for any kind of democratic communications. In contrast, open systems are democracy-preserving and resilient to the bad actions of a corporation (or an oligarch): the web itself can’t retaliate against someone (nor does it need to be fined), because it doesn’t have a single owner.

Open social web systems like Mastodon share that important property, as well as making it easier to subscribe via email, RSS, etc, so you don’t need to be a member. They don’t judge their success on whether people are locked in and spending their time, money, and attention on their platforms. That’s where the European Commission, and other government entities, should be reaching their constituents.

10 Years of Let's Encrypt Certificates

Ten years of Let’s Encrypt is an enormous achievement:

“Our biggest goal was to make a concrete, measurable security impact on the web by getting HTTPS connection prevalence to increase—and it’s worked. It took five years or so to get the global percentage from below 30% to around 80%, where it’s remained ever since. In the U.S. it has been close to 95% for a while now.”

It’s hard to overstate how important this was. Obtaining and installing the security certificates needed to secure a website used to be fairly expensive and a really annoying process. The genius of Let’s Encrypt was to make it completely automatic — and, through that innovation, free. Tools like the EFF’s companion software certbot effectively make it one-click. In combination, the baseline work of securing a website is reduced to almost nothing, which has truly democratized the encrypted web.

A decade ago, only organizations with money, patience, and technical support could reliably encrypt their sites. Everyone else — small nonprofits, bloggers, community groups, activists — were effectively told that their work wasn’t important enough to deserve confidentiality. Let’s Encrypt leveled that playing field.

Encryption by default means an activist running a climate-justice community in rural America gets the same protections as a Fortune 500 company. It means dissident organizers can share safely. It means independent journalists and small newsrooms can protect their readers as well as the global giants can. When you make security universal, you empower the people who historically have had the least of it.

Beyond privacy, encryption secures the integrity of the web itself. Without HTTPS, your ISP can modify pages in transit — and they have. In 2014, Comcast was caught injecting JavaScript warnings into unencrypted webpages. Verizon inserted unique tracking headers into customer traffic. Hotel and airport WiFi networks routinely injected ads into pages users were trying to read. Let’s Encrypt made eavesdropping harder and made the web tamper-proof. When you load a page over HTTPS, you can trust you're seeing what the publisher intended, not what someone along the way decided to insert.

Ten years in, Let’s Encrypt has proven that critical internet infrastructure can be free, open, and sustained through community support rather than extraction. Here's to the next decade of that model, and to a more private, safer web.

The Web Runs On Tolerance

I’m not sure exactly who sparked off Terence Eden’s post, but his remarks are completely on point.

“The beauty of the web as a platform is that it isn't a monoculture.

That's why it baffles me that some prominent technologists embrace hateful ideologies. I'm not going to give them any SEO-juice by linking to them, but I cannot fathom how someone can look at the beautiful diversity of the web and then declare that only pure-blooded people should live in a particular city.”

He makes great points about the fault-tolerant nature of web technology, but I’d also add that the web is inherently inclusive at a conceptual level too: the whole point of the thing is to allow anyone to publish. That means a plurality of publishers from a plurality of backgrounds. “This is for everyone,” Tim Berners-Lee famously said, and he meant it.

As it is for the web, so it should be for the world. We are all better off for being around people whose backgrounds are different to our own. As I write this, I’m sat in New York City, truly one of the greatest cities in the world, which wouldn’t be a fraction of itself without the kaleidoscope of backgrounds, cultures, and contexts that make it home. The same is true of London and so many amazing places. Humans ebb; we flow; we connect. Those are the fundamental building blocks of human society. To build walls is to be anti-human.

You can’t effectively work on the web and not be in favor of that vision. To be against that is to be afraid of people, to say that only a few are good enough, or to hide in a monoculture and never venture outside its walls. I don’t think you can be a decent human being and take that position, but this is particularly true on the web. It’s made of inclusion. It’s for the whole world. If you can’t embrace that, I don’t know what you’re doing with it.

2025 on Tumblr: Trends That Defined the Year

Tumblr’s year in review feels like a victory lap:

“ This year, we took a closer look at the culture bubbling up through tag data and across your dashboards in 2025—the communities, aesthetics, and micro-moments that shaped the year and show no signs of stopping. (Don't worry—if you’re all about that ships list, keep an eye out for it in the New Year ;)”

Unlike some other Web 2.0 era sites, it’s taking pains to point out that 54% of daily active users, and 65% of new users, were Gen-Z. Now, admittedly, that demographic is up to 28 years old these days — where did the time go? — but it’s not the aging userbase that some might have assumed. In other words, new people are signing up for Tumblr, and they’re using it.

The roundup is careful not to talk about overall growth, which is down this year, but monthly active users still stand at 10x of Bluesky’s, for example. And it’s highly relevant among the people who make internet-first culture.

Tumblr’s real success is that relevance: it remained a place for interests before audiences and participation without the constant pressure to perform. Honestly, it’s just nice to see it.