diff --git a/src/_zkapauthorizer/_plugin.py b/src/_zkapauthorizer/_plugin.py
index 95a45a4388485c136e00087d29db949046e84271..7d25ffac47d2e05b859bd56d92ecdacd3588da86 100644
--- a/src/_zkapauthorizer/_plugin.py
+++ b/src/_zkapauthorizer/_plugin.py
@@ -80,7 +80,7 @@ class ZKAPAuthorizer(object):
         connection.
     """
 
-    name = attr.ib(default=u"privatestorageio-zkapauthz-v1")
+    name = attr.ib(default="privatestorageio-zkapauthz-v1")
     _stores = attr.ib(default=attr.Factory(WeakValueDictionary))
 
     def _get_store(self, node_config):
@@ -113,25 +113,25 @@ class ZKAPAuthorizer(object):
         kwargs = configuration.copy()
 
         # If metrics are desired, schedule their writing to disk.
-        metrics_interval = kwargs.pop(u"prometheus-metrics-interval", None)
-        metrics_path = kwargs.pop(u"prometheus-metrics-path", None)
+        metrics_interval = kwargs.pop("prometheus-metrics-interval", None)
+        metrics_path = kwargs.pop("prometheus-metrics-path", None)
         if metrics_interval is not None and metrics_path is not None:
             FilePath(metrics_path).parent().makedirs(ignoreExistingDirectory=True)
             t = task.LoopingCall(make_safe_writer(metrics_path, registry))
             t.clock = reactor
             t.start(int(metrics_interval))
 
-        root_url = kwargs.pop(u"ristretto-issuer-root-url")
-        pass_value = int(kwargs.pop(u"pass-value", BYTES_PER_PASS))
+        root_url = kwargs.pop("ristretto-issuer-root-url")
+        pass_value = int(kwargs.pop("pass-value", BYTES_PER_PASS))
         signing_key = load_signing_key(
             FilePath(
-                kwargs.pop(u"ristretto-signing-key-path"),
+                kwargs.pop("ristretto-signing-key-path"),
             ),
         )
         public_key = PublicKey.from_signing_key(signing_key)
         announcement = {
-            u"ristretto-issuer-root-url": root_url,
-            u"ristretto-public-keys": [public_key.encode_base64()],
+            "ristretto-issuer-root-url": root_url,
+            "ristretto-public-keys": [public_key.encode_base64()],
         }
         anonymous_storage_server = get_anonymous_storage_server()
         spender = get_spender(
@@ -145,7 +145,7 @@ class ZKAPAuthorizer(object):
             signing_key=signing_key,
             spender=spender,
             registry=registry,
-            **kwargs
+            **kwargs,
         )
         return succeed(
             AnnounceableStorageServer(
@@ -203,7 +203,7 @@ def make_safe_writer(metrics_path, registry):
     def safe_writer():
         try:
             with start_action(
-                action_type=u"zkapauthorizer:metrics:write-to-textfile",
+                action_type="zkapauthorizer:metrics:write-to-textfile",
                 metrics_path=metrics_path,
             ):
                 write_to_textfile(metrics_path, registry)
@@ -288,9 +288,7 @@ def _create_maintenance_service(reactor, node_config, client_node):
         progress=store.start_lease_maintenance,
         get_now=get_now,
     )
-    last_run_path = FilePath(
-        node_config.get_private_path(u"last-lease-maintenance-run")
-    )
+    last_run_path = FilePath(node_config.get_private_path("last-lease-maintenance-run"))
     # Create the service to periodically run the lease maintenance operation.
     return lease_maintenance_service(
         maintain_leases,
diff --git a/src/_zkapauthorizer/_storage_client.py b/src/_zkapauthorizer/_storage_client.py
index e8fe8c468507c60ea0fad0672798605c4f8ce62b..1ed34f356c3882bb90e04f74d0ff949ea74955ff 100644
--- a/src/_zkapauthorizer/_storage_client.py
+++ b/src/_zkapauthorizer/_storage_client.py
@@ -112,7 +112,7 @@ def invalidate_rejected_passes(passes, more_passes_required):
     rejected_passes, okay_passes = passes.split(
         more_passes_required.signature_check_failed
     )
-    rejected_passes.mark_invalid(u"signature check failed")
+    rejected_passes.mark_invalid("signature check failed")
 
     # It would be great to just expand okay_passes right here.  However, if
     # that fails (eg because we don't have enough tokens remaining) then the
diff --git a/src/_zkapauthorizer/config.py b/src/_zkapauthorizer/config.py
index f13e895f8b6da3055d53ed1e37d62a4da43fc4f2..cb9dc3886a0749ca2cca54b4d30800bb48bd70be 100644
--- a/src/_zkapauthorizer/config.py
+++ b/src/_zkapauthorizer/config.py
@@ -46,12 +46,12 @@ def lease_maintenance_from_tahoe_config(node_config):
     return LeaseMaintenanceConfig(
         crawl_interval_mean=_read_duration(
             node_config,
-            u"lease.crawl-interval.mean",
+            "lease.crawl-interval.mean",
             timedelta(days=26),
         ),
         crawl_interval_range=_read_duration(
             node_config,
-            u"lease.crawl-interval.range",
+            "lease.crawl-interval.range",
             timedelta(days=4),
         ),
         # The greater the min lease remaining time, the more of each lease
@@ -72,7 +72,7 @@ def lease_maintenance_from_tahoe_config(node_config):
         # if you want.
         min_lease_remaining=_read_duration(
             node_config,
-            u"lease.min-time-remaining",
+            "lease.min-time-remaining",
             timedelta(days=0),
         ),
     )
@@ -124,7 +124,7 @@ def _read_duration(cfg, option, default):
         as a ``timedelta``.
     """
     # type: (_Config, str) -> Optional[timedelta]
-    section_name = u"storageclient.plugins.privatestorageio-zkapauthz-v1"
+    section_name = "storageclient.plugins.privatestorageio-zkapauthz-v1"
     value_str = cfg.get_config(
         section=section_name,
         option=option,
diff --git a/src/_zkapauthorizer/lease_maintenance.py b/src/_zkapauthorizer/lease_maintenance.py
index ed7d9672eee51c5d9c151c2f0d77f36b6ca0b678..10846fe542f1736d9144f79f8a9799024d60049c 100644
--- a/src/_zkapauthorizer/lease_maintenance.py
+++ b/src/_zkapauthorizer/lease_maintenance.py
@@ -40,7 +40,7 @@ from .controller import bracket
 from .foolscap import ShareStat
 from .model import ILeaseMaintenanceObserver
 
-SERVICE_NAME = u"lease maintenance service"
+SERVICE_NAME = "lease maintenance service"
 
 
 @inlineCallbacks
diff --git a/src/_zkapauthorizer/tests/__init__.py b/src/_zkapauthorizer/tests/__init__.py
index 313d67dc92c15224f147dd97e1a229a127bb95df..12772a0529efb022a4c8d1b8a739c665686f9a4e 100644
--- a/src/_zkapauthorizer/tests/__init__.py
+++ b/src/_zkapauthorizer/tests/__init__.py
@@ -46,7 +46,7 @@ def _configure_hypothesis():
         # Make CI runs a little more aggressive in amount of coverage they try
         # to provide.
         max_examples=200,
-        **base
+        **base,
     )
 
     settings.register_profile(
@@ -58,7 +58,7 @@ def _configure_hypothesis():
         # full 50 because, combined with searching for 10000 successful
         # examples this makes the stateful test take *ages* to complete.
         stateful_step_count=15,
-        **base
+        **base,
     )
 
     profile_name = environ.get("ZKAPAUTHORIZER_HYPOTHESIS_PROFILE", "default")
diff --git a/src/_zkapauthorizer/tests/fixtures.py b/src/_zkapauthorizer/tests/fixtures.py
index a01dc6ff430eef143a73c0b0242767514b136dbb..318707ece9d8eab7afe1730ceba7e6812af0def6 100644
--- a/src/_zkapauthorizer/tests/fixtures.py
+++ b/src/_zkapauthorizer/tests/fixtures.py
@@ -48,7 +48,7 @@ class AnonymousStorageServer(Fixture):
     backend: StorageServer = attr.ib(default=None)
 
     def _setUp(self):
-        self.tempdir = FilePath(self.useFixture(TempDir()).join(u"storage"))
+        self.tempdir = FilePath(self.useFixture(TempDir()).join("storage"))
         self.backend = StorageServer(
             self.tempdir.path,
             b"x" * 20,
@@ -74,7 +74,7 @@ class TemporaryVoucherStore(Fixture):
 
     def _setUp(self):
         self.tempdir = self.useFixture(TempDir())
-        self.config = self.get_config(self.tempdir.join(u"node"), u"tub.port")
+        self.config = self.get_config(self.tempdir.join("node"), "tub.port")
         self.store = VoucherStore.from_node_config(
             self.config,
             self.get_now,
@@ -100,7 +100,7 @@ class ConfiglessMemoryVoucherStore(Fixture):
         self.redeemer = DummyRedeemer(self._public_key)
 
     def _setUp(self):
-        here = FilePath(u".")
+        here = FilePath(".")
         self.store = VoucherStore(
             pass_value=2 ** 15,
             database_path=here,
diff --git a/src/_zkapauthorizer/tests/test_client_resource.py b/src/_zkapauthorizer/tests/test_client_resource.py
index c8af0774d635a99bec0801e6bfe0bf80e9807a5c..2d827a9addca8e9be652385d36fadc2bb04792aa 100644
--- a/src/_zkapauthorizer/tests/test_client_resource.py
+++ b/src/_zkapauthorizer/tests/test_client_resource.py
@@ -269,8 +269,8 @@ def get_config_with_api_token(tempdir, get_config, api_auth_token):
     :param bytes api_auth_token: The HTTP API authorization token to write to
         the node directory.
     """
-    basedir = tempdir.join(u"tahoe")
-    config = get_config(basedir, u"tub.port")
+    basedir = tempdir.join("tahoe")
+    config = get_config(basedir, "tub.port")
     add_api_token_to_config(
         basedir,
         config,
@@ -284,9 +284,9 @@ def add_api_token_to_config(basedir, config, api_auth_token):
     Create a private directory beneath the given base directory, point the
     given config at it, and write the given API auth token to it.
     """
-    FilePath(basedir).child(u"private").makedirs()
+    FilePath(basedir).child("private").makedirs()
     config._basedir = basedir
-    config.write_private_config(u"api_auth_token", api_auth_token)
+    config.write_private_config("api_auth_token", api_auth_token)
 
 
 class FromConfigurationTests(TestCase):
@@ -611,7 +611,7 @@ class UnblindedTokenTests(TestCase):
             api_auth_token,
             agent,
             b"GET",
-            u"http://127.0.0.1/unblinded-token?limit={}".format(limit).encode("utf-8"),
+            "http://127.0.0.1/unblinded-token?limit={}".format(limit).encode("utf-8"),
         )
         self.addDetail(
             "requesting result",
@@ -664,7 +664,7 @@ class UnblindedTokenTests(TestCase):
             api_auth_token,
             agent,
             b"GET",
-            u"http://127.0.0.1/unblinded-token?position={}".format(
+            "http://127.0.0.1/unblinded-token?position={}".format(
                 quote(position.encode("utf-8"), safe=b""),
             ).encode("utf-8"),
         )
@@ -1012,7 +1012,7 @@ class VoucherTests(TestCase):
         )
         root = root_from_config(config, datetime.now)
         agent = RequestTraversalAgent(root)
-        url = u"http://127.0.0.1/voucher/{}".format(
+        url = "http://127.0.0.1/voucher/{}".format(
             quote(
                 not_voucher,
                 safe=b"",
@@ -1254,10 +1254,10 @@ class VoucherTests(TestCase):
             api_auth_token,
             agent,
             b"GET",
-            u"http://127.0.0.1/voucher/{}".format(
+            "http://127.0.0.1/voucher/{}".format(
                 quote(
                     voucher,
-                    safe=u"",
+                    safe="",
                 ),
             ).encode("ascii"),
         )
@@ -1420,7 +1420,7 @@ def mime_types(blacklist: Optional[Set[str]] = None) -> SearchStrategy[str]:
             text(),
         )
         .map(
-            u"/".join,
+            "/".join,
         )
         .filter(
             lambda content_type: content_type not in blacklist,
diff --git a/src/_zkapauthorizer/tests/test_controller.py b/src/_zkapauthorizer/tests/test_controller.py
index f48b8e11d9f7f02441839660f9afee081bd4ff86..86d933d1e00565bc5928fc2bffc2524ae39e8b09 100644
--- a/src/_zkapauthorizer/tests/test_controller.py
+++ b/src/_zkapauthorizer/tests/test_controller.py
@@ -441,7 +441,7 @@ class PaymentControllerTests(TestCase):
         If ``IRedeemer.redeem`` fails with an unrecognized exception then the
         voucher is put into the error state.
         """
-        details = u"these are the reasons it broke"
+        details = "these are the reasons it broke"
         store = self.useFixture(TemporaryVoucherStore(get_config, lambda: now)).store
         controller = PaymentController(
             store,
@@ -747,7 +747,7 @@ class PaymentControllerTests(TestCase):
         )
 
 
-NOWHERE = URL.from_text(u"https://127.0.0.1/")
+NOWHERE = URL.from_text("https://127.0.0.1/")
 
 
 class RistrettoRedeemerTests(TestCase):
@@ -897,7 +897,7 @@ class RistrettoRedeemerTests(TestCase):
         ``RistrettoRedeemer.redeemWithCounter`` returns a ``Deferred`` that
         fails with ``UnrecognizedFailureReason``.
         """
-        details = u"mysterious"
+        details = "mysterious"
         num_tokens = counter + extra_tokens
         issuer = UnsuccessfulRedemption(details)
         treq = treq_for_loopback_ristretto(issuer)
@@ -916,8 +916,8 @@ class RistrettoRedeemerTests(TestCase):
                     Equals(
                         UnrecognizedFailureReason(
                             {
-                                u"success": False,
-                                u"reason": details,
+                                "success": False,
+                                "reason": details,
                             }
                         )
                     ),
@@ -949,7 +949,7 @@ class RistrettoRedeemerTests(TestCase):
             counter,
             random_tokens,
         )
-        self.addDetail(u"redeem Deferred", text_content(str(d)))
+        self.addDetail("redeem Deferred", text_content(str(d)))
         self.assertThat(
             d,
             failed(
@@ -1099,7 +1099,7 @@ class UnsuccessfulRedemption(Resource, object):
         if request_error is not None:
             return request_error
 
-        return bad_request(request, {u"success": False, u"reason": self.reason})
+        return bad_request(request, {"success": False, "reason": self.reason})
 
 
 def unpaid_redemption():
@@ -1108,7 +1108,7 @@ def unpaid_redemption():
     vouchers to be redeemed and reports an error that the voucher has not been
     paid for.
     """
-    return UnsuccessfulRedemption(u"unpaid")
+    return UnsuccessfulRedemption("unpaid")
 
 
 def already_spent_redemption():
@@ -1117,7 +1117,7 @@ def already_spent_redemption():
     vouchers to be redeemed and reports an error that the voucher has already
     been redeemed.
     """
-    return UnsuccessfulRedemption(u"double-spend")
+    return UnsuccessfulRedemption("double-spend")
 
 
 class RistrettoRedemption(Resource):
@@ -1132,7 +1132,7 @@ class RistrettoRedemption(Resource):
             return request_error
 
         request_body = loads(request.content.read())
-        marshaled_blinded_tokens = request_body[u"redeemTokens"]
+        marshaled_blinded_tokens = request_body["redeemTokens"]
         servers_blinded_tokens = list(
             BlindedToken.decode_base64(marshaled_blinded_token.encode("ascii"))
             for marshaled_blinded_token in marshaled_blinded_tokens
@@ -1156,10 +1156,10 @@ class RistrettoRedemption(Resource):
 
         return dumps_utf8(
             {
-                u"success": True,
-                u"public-key": self.public_key.encode_base64().decode("utf-8"),
-                u"signatures": list(t.decode("utf-8") for t in marshaled_signed_tokens),
-                u"proof": marshaled_proof.decode("utf-8"),
+                "success": True,
+                "public-key": self.public_key.encode_base64().decode("utf-8"),
+                "signatures": list(t.decode("utf-8") for t in marshaled_signed_tokens),
+                "proof": marshaled_proof.decode("utf-8"),
             }
         )
 
@@ -1177,7 +1177,7 @@ class CheckRedemptionRequestTests(TestCase):
         issuer = unpaid_redemption()
         treq = treq_for_loopback_ristretto(issuer)
         d = treq.post(
-            NOWHERE.child(u"v1", u"redeem").to_text().encode("ascii"),
+            NOWHERE.child("v1", "redeem").to_text().encode("ascii"),
             b"{}",
         )
         self.assertThat(
@@ -1198,9 +1198,9 @@ class CheckRedemptionRequestTests(TestCase):
         issuer = unpaid_redemption()
         treq = treq_for_loopback_ristretto(issuer)
         d = treq.post(
-            NOWHERE.child(u"v1", u"redeem").to_text().encode("ascii"),
+            NOWHERE.child("v1", "redeem").to_text().encode("ascii"),
             b"foo",
-            headers=Headers({u"content-type": [u"application/json"]}),
+            headers=Headers({"content-type": ["application/json"]}),
         )
         self.assertThat(
             d,
@@ -1215,7 +1215,7 @@ class CheckRedemptionRequestTests(TestCase):
     @given(
         lists(
             sampled_from(
-                [u"redeemVoucher", u"redeemCounter", u"redeemTokens"],
+                ["redeemVoucher", "redeemCounter", "redeemTokens"],
             ),
             # Something must be missing if the length is no longer than 2
             # because there are 3 required properties.
@@ -1231,9 +1231,9 @@ class CheckRedemptionRequestTests(TestCase):
         issuer = unpaid_redemption()
         treq = treq_for_loopback_ristretto(issuer)
         d = treq.post(
-            NOWHERE.child(u"v1", u"redeem").to_text().encode("ascii"),
+            NOWHERE.child("v1", "redeem").to_text().encode("ascii"),
             dumps_utf8(dict.fromkeys(properties)),
-            headers=Headers({u"content-type": [u"application/json"]}),
+            headers=Headers({"content-type": ["application/json"]}),
         )
         self.assertThat(
             d,
@@ -1263,14 +1263,14 @@ def check_redemption_request(request):
     except ValueError:
         return bad_request(request, None)
 
-    expected_keys = {u"redeemVoucher", u"redeemCounter", u"redeemTokens"}
+    expected_keys = {"redeemVoucher", "redeemCounter", "redeemTokens"}
     actual_keys = set(request_body.keys())
     if expected_keys != actual_keys:
         return bad_request(
             request,
             {
-                u"success": False,
-                u"reason": u"{} != {}".format(
+                "success": False,
+                "reason": "{} != {}".format(
                     expected_keys,
                     actual_keys,
                 ),
diff --git a/src/_zkapauthorizer/tests/test_model.py b/src/_zkapauthorizer/tests/test_model.py
index f5d195f21a005b1f42e2fc8f30ef640334577fa5..f72c46301f03bee1aca421680b6be758e52f536a 100644
--- a/src/_zkapauthorizer/tests/test_model.py
+++ b/src/_zkapauthorizer/tests/test_model.py
@@ -251,13 +251,13 @@ class VoucherStoreTests(TestCase):
         then ``VoucherStore.from_node_config`` raises ``StoreOpenError``.
         """
         tempdir = self.useFixture(TempDir())
-        nodedir = tempdir.join(u"node")
+        nodedir = tempdir.join("node")
 
         # Create the node directory without permission to create the
         # underlying directory.
         mkdir(nodedir, 0o500)
 
-        config = get_config(nodedir, u"tub.port")
+        config = get_config(nodedir, "tub.port")
 
         self.assertThat(
             lambda: VoucherStore.from_node_config(
@@ -293,9 +293,9 @@ class VoucherStoreTests(TestCase):
         ``VoucherStore.from_node_config`` raises ``StoreOpenError``.
         """
         tempdir = self.useFixture(TempDir())
-        nodedir = tempdir.join(u"node")
+        nodedir = tempdir.join("node")
 
-        config = get_config(nodedir, u"tub.port")
+        config = get_config(nodedir, "tub.port")
 
         # Create the underlying database file.
         store = VoucherStore.from_node_config(config, lambda: now)
@@ -356,9 +356,9 @@ class VoucherStoreTests(TestCase):
         :return: A three-tuple of (backed up tokens, extracted tokens, inserted tokens).
         """
         tempdir = self.useFixture(TempDir())
-        nodedir = tempdir.join(u"node")
+        nodedir = tempdir.join("node")
 
-        config = get_config(nodedir, u"tub.port")
+        config = get_config(nodedir, "tub.port")
 
         # Create the underlying database file.
         store = VoucherStore.from_node_config(config, lambda: now)
@@ -376,7 +376,7 @@ class VoucherStoreTests(TestCase):
             spendable=True,
         )
 
-        backed_up_tokens = store.backup()[u"unblinded-tokens"]
+        backed_up_tokens = store.backup()["unblinded-tokens"]
         extracted_tokens = []
         tokens_remaining = len(unblinded_tokens)
         while tokens_remaining > 0:
@@ -508,7 +508,7 @@ class UnblindedTokenStateMachine(RuleBasedStateMachine):
         self.using, to_invalidate = random_slice(self.using, random, data)
         note("invalidate_passes: {}".format(to_invalidate))
         self.configless.store.invalidate_unblinded_tokens(
-            u"reason",
+            "reason",
             to_invalidate,
         )
         self.invalid.extend(to_invalidate)
@@ -945,7 +945,7 @@ def store_for_test(testcase, get_config, get_now):
     :return VoucherStore: A newly created temporary store.
     """
     tempdir = testcase.useFixture(TempDir())
-    config = get_config(tempdir.join(u"node"), u"tub.port")
+    config = get_config(tempdir.join("node"), "tub.port")
     store = VoucherStore.from_node_config(
         config,
         get_now,
diff --git a/src/_zkapauthorizer/tests/test_plugin.py b/src/_zkapauthorizer/tests/test_plugin.py
index 27e2a5a679cdb5c4260bb9101f02ad3b616e8171..d2badccfa8927ff0d4e83301f5d91671f59a1baa 100644
--- a/src/_zkapauthorizer/tests/test_plugin.py
+++ b/src/_zkapauthorizer/tests/test_plugin.py
@@ -360,8 +360,8 @@ class ClientPluginTests(TestCase):
         """
         tempdir = self.useFixture(TempDir())
         node_config = get_config(
-            tempdir.join(u"node"),
-            u"tub.port",
+            tempdir.join("node"),
+            "tub.port",
         )
 
         storage_client = storage_server.get_storage_client(
@@ -383,8 +383,8 @@ class ClientPluginTests(TestCase):
         """
         tempdir = self.useFixture(TempDir())
         node_config = config_from_string(
-            tempdir.join(u"node"),
-            u"tub.port",
+            tempdir.join("node"),
+            "tub.port",
             config_text.encode("utf-8"),
         )
         config_text = StringIO()
@@ -427,8 +427,8 @@ class ClientPluginTests(TestCase):
         """
         tempdir = self.useFixture(TempDir())
         node_config = get_config(
-            tempdir.join(u"node"),
-            u"tub.port",
+            tempdir.join("node"),
+            "tub.port",
         )
 
         storage_client = storage_server.get_storage_client(
@@ -477,8 +477,8 @@ class ClientPluginTests(TestCase):
         """
         tempdir = self.useFixture(TempDir())
         node_config = get_config(
-            tempdir.join(u"node"),
-            u"tub.port",
+            tempdir.join("node"),
+            "tub.port",
         )
 
         store = VoucherStore.from_node_config(node_config, lambda: now)
@@ -528,7 +528,7 @@ class ClientPluginTests(TestCase):
                         lambda logged_message: logged_message.message,
                         ContainsDict(
                             {
-                                "message": Equals(u"request binding message"),
+                                "message": Equals("request binding message"),
                                 "count": Equals(num_passes),
                             }
                         ),
@@ -550,8 +550,8 @@ class ClientResourceTests(TestCase):
         ``get_client_resource`` returns an object that provides ``IResource``.
         """
         tempdir = self.useFixture(TempDir())
-        nodedir = tempdir.join(u"node")
-        config = get_config(nodedir, u"tub.port")
+        nodedir = tempdir.join("node")
+        config = get_config(nodedir, "tub.port")
         self.assertThat(
             storage_server.get_client_resource(
                 config,
@@ -613,27 +613,27 @@ class LeaseMaintenanceServiceTests(TestCase):
             file, ``False`` otherwise.
         """
         tempdir = self.useFixture(TempDir())
-        nodedir = tempdir.join(u"node")
-        privatedir = tempdir.join(u"node", u"private")
+        nodedir = tempdir.join("node")
+        privatedir = tempdir.join("node", "private")
         makedirs(privatedir)
-        config = get_config(nodedir, u"tub.port")
+        config = get_config(nodedir, "tub.port")
 
         # In Tahoe-LAFS 1.17 write_private_config is broken.  It mixes bytes
         # and unicode in an os.path.join() call that always fails with a
         # TypeError.
         def write_private_config(name, value):
-            privpath = FilePath(config._basedir).descendant([u"private", name])
+            privpath = FilePath(config._basedir).descendant(["private", name])
             privpath.setContent(value)
 
         if servers_yaml is not None:
             # Provide it a statically configured server to connect to.
             write_private_config(
-                u"servers.yaml",
+                "servers.yaml",
                 servers_yaml,
             )
         if rootcap:
             config.write_private_config(
-                u"rootcap",
+                "rootcap",
                 b"dddddddd",
             )
 
@@ -779,7 +779,7 @@ class LoadSigningKeyTests(TestCase):
 
         :param bytes key: A base64-encoded Ristretto signing key.
         """
-        p = FilePath(self.useFixture(TempDir()).join(u"key"))
+        p = FilePath(self.useFixture(TempDir()).join("key"))
         p.setContent(key_bytes)
         key = load_signing_key(p)
         self.assertThat(key, IsInstance(SigningKey))
diff --git a/src/_zkapauthorizer/tests/test_private.py b/src/_zkapauthorizer/tests/test_private.py
index ba1fa34deed90454a4360c38464c3dcbe3a66645..0cfcd0d8ff0bc44132da0975f9973f5f4d00fa91 100644
--- a/src/_zkapauthorizer/tests/test_private.py
+++ b/src/_zkapauthorizer/tests/test_private.py
@@ -37,8 +37,8 @@ class PrivacyTests(TestCase):
     def _authorization(self, scheme, value):
         return Headers(
             {
-                u"authorization": [
-                    u"{} {}".format(scheme.decode("ascii"), value.decode("ascii")),
+                "authorization": [
+                    "{} {}".format(scheme.decode("ascii"), value.decode("ascii")),
                 ],
             }
         )
diff --git a/src/_zkapauthorizer/tests/test_spending.py b/src/_zkapauthorizer/tests/test_spending.py
index 42a5d87f5c5d7fd9d860f28445051aa03e270972..06f6c6d6701f18a80f591a33dbb255b4447b87c1 100644
--- a/src/_zkapauthorizer/tests/test_spending.py
+++ b/src/_zkapauthorizer/tests/test_spending.py
@@ -128,7 +128,7 @@ class PassGroupTests(TestCase):
             return AfterPreprocessing(
                 # The use of `backup` here to check is questionable.  TODO:
                 # Straight-up query interface for tokens in different states.
-                lambda store: store.backup()[u"unblinded-tokens"],
+                lambda store: store.backup()["unblinded-tokens"],
                 HasLength(num_passes - len(group.passes)),
             )
 
@@ -153,12 +153,12 @@ class PassGroupTests(TestCase):
             return AfterPreprocessing(
                 # The use of `backup` here to check is questionable.  TODO:
                 # Straight-up query interface for tokens in different states.
-                lambda store: store.backup()[u"unblinded-tokens"],
+                lambda store: store.backup()["unblinded-tokens"],
                 HasLength(num_passes - len(group.passes)),
             )
 
         return self._test_token_group_operation(
-            lambda group: group.mark_invalid(u"reason"),
+            lambda group: group.mark_invalid("reason"),
             matches_tokens,
             voucher,
             num_passes,
diff --git a/src/_zkapauthorizer/tests/test_storage_client.py b/src/_zkapauthorizer/tests/test_storage_client.py
index 5a0658b61072c9119f2f518551d1c03d2605bc55..9f26eb6ee98d9d58630ff4cb7fd6b80edb2d0cb8 100644
--- a/src/_zkapauthorizer/tests/test_storage_client.py
+++ b/src/_zkapauthorizer/tests/test_storage_client.py
@@ -439,7 +439,7 @@ def spend(group):
 
 
 def invalidate(group):
-    group.mark_invalid(u"reason")
+    group.mark_invalid("reason")
 
 
 class PassFactoryTests(TestCase):
diff --git a/src/_zkapauthorizer/tests/test_storage_protocol.py b/src/_zkapauthorizer/tests/test_storage_protocol.py
index 2ee75aaae77a34dadf1c239c2397ceddcd852fc7..c44fb6fd53da4159e19cdb9e36f6c07d64703f9e 100644
--- a/src/_zkapauthorizer/tests/test_storage_protocol.py
+++ b/src/_zkapauthorizer/tests/test_storage_protocol.py
@@ -314,12 +314,12 @@ class ShareTests(TestCase):
         self.expectThat(
             alreadygot,
             Equals(set()),
-            u"fresh server somehow already had shares",
+            "fresh server somehow already had shares",
         )
         self.expectThat(
             set(allocated.keys()),
             Equals(sharenums),
-            u"fresh server refused to allocate all requested buckets",
+            "fresh server refused to allocate all requested buckets",
         )
         self.expectThat(
             self.spending_recorder,
@@ -335,13 +335,13 @@ class ShareTests(TestCase):
         self.expectThat(
             set(readers.keys()),
             Equals(sharenums),
-            u"server did not return all buckets we wrote",
+            "server did not return all buckets we wrote",
         )
         for (sharenum, bucket) in readers.items():
             self.expectThat(
                 bucket.remote_read(0, size),
                 Equals(bytes_for_share(sharenum, size)),
-                u"server returned wrong bytes for share number {}".format(
+                "server returned wrong bytes for share number {}".format(
                     sharenum,
                 ),
             )
@@ -621,7 +621,7 @@ class ShareTests(TestCase):
             # joined by pathsep
             storage_index_to_dir(storage_index),
         )
-        sharepath = sharedir.child(u"{}".format(sharenum))
+        sharepath = sharedir.child("{}".format(sharenum))
         sharepath.parent().makedirs()
         whitebox_write_sparse_share(
             sharepath,
@@ -663,7 +663,7 @@ class ShareTests(TestCase):
             # joined by pathsep
             storage_index_to_dir(storage_index),
         )
-        sharepath = sharedir.child(u"{}".format(sharenum))
+        sharepath = sharedir.child("{}".format(sharenum))
         sharepath.parent().makedirs()
         whitebox_write_sparse_share(
             sharepath,
@@ -717,7 +717,7 @@ class ShareTests(TestCase):
                 storage_index_to_dir(storage_index),
             )
             for sharenum in sharenums:
-                sharepath = sharedir.child(u"{}".format(sharenum))
+                sharepath = sharedir.child("{}".format(sharenum))
                 sharepath.parent().makedirs()
                 whitebox_write_sparse_share(
                     sharepath,
@@ -771,7 +771,7 @@ class ShareTests(TestCase):
         self.assertThat(
             wrote,
             Equals(True),
-            u"Server rejected a write to a new mutable slot",
+            "Server rejected a write to a new mutable slot",
         )
 
         # The spent passes have been reported to the spending service.
@@ -970,7 +970,7 @@ class ShareTests(TestCase):
         self.assertThat(
             write(),
             is_successful_write(),
-            u"Server rejected a write to a new mutable slot",
+            "Server rejected a write to a new mutable slot",
         )
 
         # Note the prior state.
@@ -980,7 +980,7 @@ class ShareTests(TestCase):
         self.assertThat(
             write(),
             is_successful_write(),
-            u"Server rejected rewrite of an existing mutable slot",
+            "Server rejected rewrite of an existing mutable slot",
         )
 
         # Leases are exactly unchanged.
@@ -1178,7 +1178,7 @@ def assert_read_back_data(
         self.assertThat(
             single_read[sharenum],
             Equals(expected_result),
-            u"Server didn't reliably read back data just written",
+            "Server didn't reliably read back data just written",
         )
 
 
diff --git a/src/_zkapauthorizer/tests/test_strategies.py b/src/_zkapauthorizer/tests/test_strategies.py
index 1184dbbe0951ac80e759e799bd5c57b80e0d481e..a98142af888e59a4bc9fdb465efc802687ae335b 100644
--- a/src/_zkapauthorizer/tests/test_strategies.py
+++ b/src/_zkapauthorizer/tests/test_strategies.py
@@ -47,7 +47,7 @@ class TahoeConfigsTests(TestCase):
         )
         note(config_text)
         config_from_string(
-            tempdir.join(u"tahoe.ini"),
-            u"tub.port",
+            tempdir.join("tahoe.ini"),
+            "tub.port",
             config_text.encode("utf-8"),
         )