Doctorow's keynote address at DEF CON 31 in August 2023, delivered at one of the world's premier hacker and security conferences, is among the most significant single talks of his career. It brought the enshittification framework to the security community in its most fully developed form and demonstrated the synthesis between his digital rights work and the technical culture that has always been his home community. The talk was widely shared, transcribed, and republished, and versions of the argument appeared in the-internet-con, published the following month.
DEF CON as Venue and Audience
The choice of DEF CON — a conference that originates in the hacker subculture and remains the largest gathering of security researchers, penetration testers, and technically sophisticated people in the world — was significant. DEF CON is not a policy or business conference; its audience is people who understand systems at a technical level and have cultural commitments to openness, adversarial thinking, and skepticism of authority. This is the community that gave Doctorow his political formation and where his arguments land with the greatest technical fluency.
Keynoting DEF CON 31 gave Doctorow an audience of thousands of people who could understand both the technical mechanisms he describes (API restrictions, DRM, protocol opacity) and the hacker ethos that underlies adversarial-interoperability and competitive-compatibility. The talk translates the policy arguments of the-internet-con into the cultural register of the hacker community, framing mandatory interoperability as the legitimate continuation of what hackers have always done: building tools that work with existing systems regardless of whether incumbents want them to.
The Enshittification Framework at Full Development
The talk presented enshittification in its most comprehensive public form to that point. Doctorow's argument proceeds through three phases:
First, the mechanism: platforms are good to users in order to acquire them, then good to business customers (advertisers, sellers, app developers) in order to monetize, then extract from both users and business customers once lock-in makes exit costly. This is the platform-decay-cycle stated as a precise sequence with named phases.
Second, the enabling conditions: switching-costs created by technical lock-in (incompatible formats, proprietary protocols, API restrictions) enforced by legal mechanisms (DMCA anti-circumvention, Computer Fraud and Abuse Act misapplication, Terms of Service) make exit from degraded platforms practically impossible even when users want to leave.
Third, the remedy: interoperability-mandates that remove the legal protection for switching-cost engineering, combined with competitive-compatibility norms that make it culturally and legally acceptable to build tools that work with incumbent platforms without their permission. The argument is that reversing enshittification requires not better platforms but structural changes that discipline platforms through the credible threat of exit.
The Security Community Framing
The talk frames its argument specifically for the security community's concerns and values. Security researchers have a direct professional interest in interoperability — much security research involves reverse engineering proprietary systems, building tools that interact with systems their designers did not anticipate, and finding vulnerabilities that vendors would prefer remain hidden. The DMCA's anti-circumvention provisions have been used to suppress security research; the Computer Fraud and Abuse Act has been used to criminalize researchers who probe systems without explicit permission.
Doctorow argues that these legal tools — deployed nominally to protect intellectual property and system security — function primarily to protect incumbent platforms from competitive challenge. The security community's interest in adversarial-interoperability is thus continuous with the broader interoperability argument: both are about the right to investigate and interact with systems regardless of the incumbent's preferences.
Relationship to the Broader Enshittification Moment
The DEF CON keynote came at the peak of the enshittification concept's public circulation. The term had been introduced on pluralistic-blog in November 2022, reached wide circulation via the January 2023 TikTok post, and had spread widely in technology and policy discussions by the time of the August talk. The talk consolidated the concept for a technically sophisticated audience and connected it explicitly to the policy arguments Doctorow was making simultaneously in policy venues and in the-internet-con.
The talk's wide circulation — video recordings spread through hacker community networks, transcripts republished across technology media — made it one of the most effective deployments of Doctorow's argument. The security community's credibility and technical fluency gave the enshittification framework a kind of validation that policy papers or trade books cannot provide.
Legacy and Influence
The DEF CON 31 talk is frequently cited as the moment the enshittification framework achieved full public visibility in technical communities. Its framing of the security community as natural allies of the interoperability movement, and the explicit connection between hacker ethics and the policy arguments of the-internet-con, made it a touchstone for technologists trying to understand the relationship between their technical work and the political economy of platforms.