soloActivist Now • 100%
I’ve been out of the loop on games for a while but ReactOS may be worth a look.
soloActivist Now • 100%
The 1st ½ of your comment sounds accurate. But...
And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,
Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.
soloActivist Now • 100%
That all sounds accurate enough to me.. but thought I should comment on this:
However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.
It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing -- which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).
Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)
There is a common theme pushed by fanatics of capitalism that never dies: that a profit-driven commercial project ensures higher quality products than products under non-profit projects. Some hard-right people I know never miss the chance to use the phrase *“good enough for government work”* to convey this idea. I’m not looking to preach to the choir here, but rather to establish a thread of scenarios that correspond to quality for the purpose of countering inaccurate narratives. This is the thread to share your stories. In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay. ***Commercial software development*** When I have to satisfy an employer, they don’t want quality code. They want ***fast*** code. They want band-aid fixes. The corporate structure is too myopic to optimize for quality. ::: spoiler Anti-gold-plating: I was once back-roomed by a manager and lectured for “gold plating”. That means I was producing code that was higher quality than what management perceives as economically optimal. ::: ::: spoiler Bug fixes hindered: I was caught fixing some bugs conveniently as I spotted them when I happened to have a piece of code checked out in Clearcase. I was told I was “cheating the company out of profits” because they prefer if the bugs each go through a documentation procedure so the customer can ultimately be made to pay separately for the bug fix. Nevermind the fact that my time was already charged anyway (but they can get more money if there’s a bigger paper trail involving more staff). This contrasts with the “you get what you pay for” narrative since money is diverted to busy work (IOW: working hard, not smart). ::: ::: spoiler Bugs added for “consistent quality”: One employer was so insistent on “consistent quality” that when one module was higher quality than another, they insisted on lowering the quality of the better module because improving the style or design pattern of the lower quality piece would be “gold plating”. This meant injecting bugs to achieve consistency. The bugs were non-serious varieties; more along the lines of needless complexity, reduced performance, coding standard non-compliances, etc, but nonetheless something that could potentially be charged to the customer to fix. ::: ::: spoiler Syntactic dumbing-down: When making full use of the language constructs (as intended by the language designers), I am often forced by an employer to use a more basic subset of constructs. Employers are concerned that junior engineers or early senior engineers who might have to maintain my code will encounter language constructs that are less common and it will slow them down to have to look up the syntax they encounter. Managers assume that future devs will not fully know the language they are working in. IMO employers under-estimate the value of developers learning on the job. So I am often forced avoid using the more advanced constructs to accommodate some subset of perceived lowest common denominator. E.g. if I were to use an array in bash, an employer might object because some bash maintainers may not be familiar with an array. ::: ***Non-commercial software development*** Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet a deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline due to a competitive bidding process. #FOSS devs are free to gold-plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work. I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason. ***Commercial software from a user PoV*** Whenever I encounter a bug in commercial software there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost!). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the same bug I found, which is unlikely in complex circumstances. ***Non-commercial software from a user PoV*** Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.
soloActivist Now • 100%
Linux won’t be viable for blind people unless major distros have full time accessibility folks, and refuse to accept inaccessible packages and patches.
Sure, but you need to read what I quoted. I purely addressed the flawed claim that better code comes from those paid to write it. The opposite is true. It’s unclear to what extent that bias has influenced @noahcarver@rblind.com’s thesis. Though I have no notable issues with anything else @noahcarver@rblind.com wrote (much of which is beyond my expertise w.r.t accessibility).
And to be clear, “better code” strictly refers to quality, not accessibility. Accessibility is a design factor.
But that code you write at home is probably not accessible.
That’s right. But then neither is the commercial code I worked on. That would be outside of my domain. I do backends for the most part. The rare UI work I did was for a tiny user base of internal developers within the org and accessibility was not part of the requirements. I worked on a UI for external users briefly but again no requirements for accessibility (which would be very unlikely for that particular product).
In any case, this sidetrack is irrelevant to what you replied to. It’s important to correct bogus claims that being paid to write code is conducive to quality. Some right-wingers I know never miss the opportunity to use the phrase “good enough for government work” because they want to push the mentality that capitalism promotes superior quality. It’s a widespread misconception that needs correction whenever it manifests.
Paying someone to write accessible code should theoretically work on both free software and non-free software. AFAICT the reason non-free software would accommodate blind users is that the market share is large enough to justify the profit-driven bottom line and those users are forced to pay for it (as all users are). In the FOSS domain, payments (“bounties”) are optional. Has this been tried? If not, then you’re relying on blind FOSS developers to suit their own needs in a way that benefits all blind users.
soloActivist Now • 66%
and that someone who is paid to write accessible software is generally going to produce and maintain better code.
In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.
Commercial software development
When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is very short-sighted. I was once back-roomed by a manager and lectured for “gold plating”. That means I was producing code that was higher quality than what management perceives as the economic sweet spot. I was also caught once fixing bugs as I spotted them when I happened to have a piece of code checked out in Clearcase. I was told I was “cheating the company out of profits” because they prefer if the bug goes through a documentation procedure so the customer can ultimately be made to pay separately for the bug fix. Nevermind the fact that my time was already compensated by the customer anyway - but they can get more money if there’s a bigger paper trail involving more staff. So when you say you get what you pay for, that’s what you pay for -- busy work (aka working hard not smart). They also want “consistent quality”. So if one module is higher quality than another, there is pressure to lower the quality of the better module because improving the style or design pattern of the lower quality piece is “gold plating”. When I make full use of the language constructs (as intended by the language designers), I am often forced by an employer to use more basic constructs. Employers are worried that junior engineers or early senior engineers who might have to maintain my code will encounter language constructs that are less common and it will slow them down to have to look up the syntax they encounter. Employers under-estimate the value of developers learning on the job. So I am often forced avoid using the more advanced constructs to accommodate some subset of perceived lowest common denominator. E.g. if I were to use an array in bash, an employer might object because some bash maintainers may not be familiar with an array.
Non-commercial software development
Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet some deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline. #FOSS devs are free to gold plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work. I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.
Commercial software from a user PoV
Whenever I encounter a bug in commercial software, there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the bug I found, which is unlikely when there are complex circumstances.
Non-commercial software from a user PoV
Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.
Some Lemmy instances (e.g. Beehaw) do not support down votes. When an instance does support down-votes, authors often get zero feedback with the down votes which ultimately supports obtuse expression, shenanigans and haters. The status quo suffers from these problems: * down voters do not need to read the comment they are down voting * down votes empower non-moderators to suppress comments and posts * some communities struggle to get content because of some malicious down voters who down vote every post to discourage activity and effectively sabotage the community; voting privacy shields malicious down-voters from discovery and supports their attack * silent down votes are non-constructive * some people make heavy use of down votes to suppress civil comments purely because of disagreement; other (more civil) users only use down votes to suppress uncivil dialog. This inequality ultimately manifests to reduce civility. * transparency: kids and adults are accessing the same forums and adults are blind as to whether down votes are coming from kids (the rationale can reveal this) The fix: An instance admin should be able to flip a switch that requires every down vote to collect a 1-line rationale from the voter. These one-liners should be visible to everyone on a separate page. Upvotes do not need rationale. So instance owners should have 3 configuration options: * down votes disabled (beehaw) * down votes require rationale (proposed) * down votes out of control (the most common status quo) Perhaps overkill, but it might be useful if a moderator can cancel or suppress uncivil down votes. --- BTW, the reason this enhancement request is not in the official bug trackers: * Lemmy’s bug tracker is in MS Github (#deleteGithub) * Kbin’s bug tracker is on codeberg, who silently deleted my account without warning or reason, and #Codeberg reg forces a graphical CAPTCHA (which fails on my non-graphical browser). #lemmyBug #KbinBug /cc [@nutomic@lemmy.ml](https://lemmy.ml/u/nutomic) [@ernest@kbin.social](https://kbin.social/u/ernest)
It would be useful to have more refined control over participation in a group. Someone should be able to create a group that gives permissions to specific individuals. A variety of permissions would be useful: * permission to see that a community/mag ***exists*** (some groups may or may not want to be listed in searchable a public directory) * permission to ***read*** the posts in a community/mag * permission to ***vote*** in the community/mag * permission to ***start a new thread*** in the community/mag * permission to ***comment*** on an existing thread in the community/mag A forum creator should be able to set the above perms on: * individual accounts * all users on an instance (e.g. users on an instance `@weH8privacy.com` might be unfit for voting and writing comments in the community “fightForPrivacy”) * all users not on an instance (e.g. local users only [for example](https://github.com/LemmyNet/lemmy/issues/1576#issuecomment-1611105437)) * instance IP-based (e.g. users from Cloudflared instances might be unfit to participate in a group called “decentralizationAdvocacy”) Settings for individuals should override instance-specific settings. So e.g. a “fightForPrivacy” forum might allow all forms of participation from an instance `stop1984.org`, but if `antiprivacyMallory@stop1984.org` is uncivil, a mod should be able to block all inputs from that user yet perhaps still allow `antiprivacyMallory` to just ***read*** the posts on the off chance of influencing the user to be more civil through exposure to civil chatter. ::: spoiler More background on the rationale - why the fedi needs this (click to expand) The fedi has undergone a huge flood of new users, largely moderates from Twitter. The moderates dilute movements. Consider the evolution of raves and Burning Man. The beginning was a rich subculture that briefly evolved in isolation apart from the ordinary world. These subcultures became more enriched within their own world whereby the core ideas spawned more culture. Then word got out and spread like brush fire. Masses of uninitiated crowds flooded into raves and Burning Man faster than they could be integrated. Commercialization took hold faster than people could be integrated. The scene became diluted with clubbers and conservatives who essentially turned raves into clubs. The way to promote raves that resembled the original experience was to selectively flyer party goers who overtly embraced the experience, who were not merely there to *be seen*. IOW, the fix was invite-only events. The flood of moderates into the fedi has crippled the decentralization movement and corrupted the vision. The fedi is now swamped with people from huge instances that are centralized on Cloudflare (lemmy.world, sh.itjust.works, lemmy.ca, lemm.ee, programming.dev, zerobytes.monster) and lemmy.ml. People without a firm grasp on the meaning, purpose, and benefits of decentralization and privacy still find their way into “privacy” communities and make foolish remarks (e.g. not sharing personal correspondence with Google and Microsoft “[is tinfoil-hattery](https://links.hackliberty.org/comment/1297282)”). Sure, it’s favorable that the “I have nothing to hide” crowd intermingle with more sophisticated privacy-aware folks. It’s important that there be a venue where ignorance can be reversed. But-- **Moderates are a drag on activism.** A “PrivacyAction” forum does not benefit from a mob of idiots who see those practicing established infosec principles as “tinfoil hat” nutters to heckle. Security-wise people with infosec degrees naturally and unavoidably appear “paranoid” to normies. These normies and hecklers can only get in the way in a workshop-centric forum with the mission of strategizing activist movements and protests. Fair enough if a “climate” forum has climate deniers butting heads with those who accept the climate-relevant science. That dialog is needed. But we don’t want climate deniers in a “climate *ACTION*” forum. They are only there to dilute and sabotage.. to side-track the discussion. A workshop is not interested in rhetoric from those who oppose their mission. So the status quo of #Lemmy and #Kbin disservices activism. ::: --- **Workaround 1 (Lemmy only):** Make an announcement community and make all participants a moderator. Bit crazy unless you really trust everyone involved. **Workaround 2 (Lemmy):** One community per instance using [instance-specific registration control](https://github.com/LemmyNet/lemmy/issues/209). Still too blunt, cumbersome, excludes mods who don’t have their own instance. **Question** Sometimes I click to subscribe to a community which then goes into a “subscription pending” state. What does that mean? As a moderator of some groups I never receive a signal that someone is requesting to subscribe. --- BTW, the reason this enhancement request is not in the official bug trackers: * Lemmy’s bug tracker is in MS Github (#deleteGithub) * Kbin’s bug tracker is on codeberg, who silently deleted my account without warning or reason, and #Codeberg reg forces a graphical CAPTCHA (which fails on my non-graphical browser). #lemmyBug #KbinBug /cc [@nutomic@lemmy.ml](https://lemmy.ml/u/nutomic) [@ernest@kbin.social](https://kbin.social/u/ernest)
Some of you might be interested in [this Mastodon thread](https://mastodon.social/@pkiff/111307458285193467). It’s a bit of bashing PDFs for having poor accessibility, and some [guidance](https://www.w3.org/WAI/WCAG22/Techniques/#pdf) on improving PDFs for accessibility. Some people are saying they prefer MS Word over PDF for accessibility reasons. Of course the elephant in the room is that “accessibility” is an over-loaded word. It usually refers to usability by impaired people, but in the case of being generally usable to all people on a broad range of platforms, MS Word is obviously inaccessible due to being encumbered by proprietary tech by a protectionist corporation.
soloActivist Now • 100%
I agree.
One of the reasons no one gives a shit is there is never news about CF making use of that MitM position. But I know they hire data scientists and what corp can resist the urge to monetize data they have access to? So I think it’s just a matter of time before they get caught abusing the vast amount of valuable data they have visibility on.
cross-posted from: https://links.hackliberty.org/post/582272 > I have lots of old friends who I only maintained sparse contact with. When I let my personal email address die (the address they would all have records of), I did not bother to update them with a new address. > > They are all on the platform of some surveillance capitalist (e.g. Google or Microsoft). Google & Microsoft both refuse connections from self-hosted residential servers. And even if they didn’t, I am not willing to feed those surveillance advertisers who obviously don’t limit their surveillance to their users but also inherently everyone who makes contract with their users. I cannot support that or partake in pawning myself to subsidize someone else’s service. > > I just wonder if anyone else has taken this step.
soloActivist Now • 100%
Sorry I do not know if BBC interviews are transcribed.
But FWIW it will air again on BBC World Service at 02:32 GMT tomorrow and the next day (which could be useful for those on limited internet connections)
www.bbc.co.uk
cross-posted from: https://links.hackliberty.org/post/609883 > This BBC interview has a #Cloudflare rep David Bellson who describes CF’s observations on internet traffic. CF tracks for example the popularity of Facebook vs. Tiktok. Neither of those services are Cloudflared, so how is CF tracking this? Apparently they are snooping on traffic that traverses their servers to record what people are talking about. Or is there a more legit way Cloudflare could be monitoring this activity?
soloActivist Now • 100%
Nobody is disagreeing with you or saying your wrong
At least 10 people here believe Google/MS avoidance is “tinfoil hat” paranoia. It’s a stark disagreement on infosec principles. All responders in this thread (apart from 3 exceptions) come from privacy-hostile #Cloudflare instances including yourself. This crowd has little hope of taking privacy seriously.
However, it’s not really realistic to expect everyone to abandon the easy and useful tools that they’re comfortable with just to match your views, regardless of the ethics or logic involved.
You’re probably not going to sell anyone on an idea that requires discarding ethics and logic. That’s actually the crux of the problem. The problem exists because people disregard ethics and logic in pursuit of pragmatism.
You seem to be overlooking the fact that Google and MS are inherently exclusive choices. That is, if I try to connect to gmail-smtp-in.l.google.com, the connection is refused, full stop. Google is blocking me before I send the first packet. So you’re implying that I must go through Google’s hoops in order to not be “extreme”. IMO, that’s an extreme position to take. To expect people to go beyond the norms of established open standards to cater for the extra requirements and special needs of a monopolistic corporation. I must either rent an IP address that’s to Google’s liking at my own expense, or I must establish a contract with another third-party who I must then trust with a centralized view on all my outbound traffic. I’m not supporting that abuse and loss of freedom.
soloActivist Now • 100%
Ways that are beyond either the capabilities or desires of the average user.
You vastly underestimate the average user w.r.t to “capabilities”. You can scrap capability from your statement because the avg user can just as well use protonmail/tuta, or disroot.org, for example.
That leaves “desires”. Two people agree on how to correspond. The desire of someone to use one of the most unethical controversial corporations possible and in an insecure manner that exposes the data to a profitable extent in a privacy-lacking part of the world, and the other party has a higher privacy bar (and/or high moral bar), the party who must adapt is the one with the lower standards. It’s unreasonable to expect someone to lower their privacy standards or to lower their moral standards. If someone’s desire to support Google or MS trumps their desire to stay in touch, then the conversation isn’t worth it to them.
There is a rule of least privilege principle that seems to have escaped you. In the information security discipline, we do not need to justify security measures by default. It’s lack of security that calls for justification. If there were truly a capability problem, that would be reasonable rationale for reduced security. But it’s a phantom excuse. And “desire” is not an acceptable rationale for reduced security.
Your doubling down on the tinfoil claim was a failure simply because the security matter is least important of everything I’ve already said on this. But even if security were purely my sole rationale (as it is for some people), you are still calling the practice of basic well-established infosec principles tinfoil hattery. Pushing this culture of branding sound security practices as paranoia is a socially harmful move that you are partaking in.
soloActivist Now • 100%
That’s not the trade-off. Google has no opportunity to show me ads anyway. If alice@privacyrequired.com emails bob@gmail.com about a Taylor Swift concert, Google profits from information about both people. Even if Alice does not use Google services, Google’s file on bob shows he knows Alice and Alice is a TS fan. Then when bob searches for gifts, Google shows him TS t-shirts and profits from that. Conversations are two-ways, so when Bob responds to Alice Google learns directly about Bob, such as whether he’s a Swift fan. Alice’s msg therefore generated profitable data about Bob for Google, which potentially works against Alice’s boycott against Google.
That’s just the tip of the iceberg—
human rights
Human rights are important. Embodied therein (among other principles) the Charter of Fundamental Rights of the EU, Article 8 states:
- Everyone has the right to the protection of personal data concerning him or her.
- Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
- Compliance with these rules shall be subject to control by an independent authority.
As you can see from reading this thread, most people irrationally believe these human rights constitute paranoia and tinfoil hattery. My opposition to mass surveillance is not borne out of fear that my data will be used against me personally, but rather an objection to arbitrary systemic collection that comes at the detriment of some people (e.g. abortion seekers) and ultimately disempowers people.
privacy is about control
To have privacy is to have control over information about you. Security from harmful disclosure is only a small component of the utility of privacy. There is a tendency for normies to fixate on that and think that is the sum total purpose of privacy. Having control is also about choosing who gets to profit from your data. It’s about having a right to boycott harmful entities.
digital exclusion and diminished open standards
Google and Microsoft sabotaged the email infrastructure by imposing rules outside of RFC 5321. Up until the 2000s you could send an email to anyone so long as you comply with the open standards expressed in RFCs. The monopolistic tech giants saw an opportunity to take more market share and reduce their costs by introducing restrictions on email that exclude people who are self-serving. They leveraged spam fatigue to coerce people to conform to non-RFC proprietary reqs in addition to already already having a dominant market share (corp greed has no limits).
I reject Google and Microsoft dictating terms that breaks the purpose of open standards (interoperability). Every time you send an email to or from Google or MS servers, you give your support for corporate dictatorship.
So when you say this is about “the ability to show you ads that are more relevant to your interests”, you and at least 5 others have wholly misunderstood the problem.
soloActivist Now • 33%
You don’t get how boycotts work. Using their products without compensating them doesn’t contradict opposition to feeding them. You don’t know what hypocrisy means. You could more easily argue that it’d be a hypocrisy to leave the PCs in a dumpster and allow e-waste to go to a landfill and pollute ground water against my beliefs. Even in regions where they dispose of PCs properly, I oppose destruction and recycling whenever reuse is an option.
soloActivist Now • 50%
This. Life is too short to deny myself human contact.
This is scrapping a long list of old contacts who might at most every 5—20 years briefly exchange life updates from another part of the world. It’s not denying human contact. When I meet someone new, they either need to reach me a way that’s agreeable to both of us or they need to proxy msgs through a mutual friend.
You’ve both demonstrated to easily back the gatekeepers as you’ve both needlessly chosen to create fedi accounts that are centralized on Cloudflare (lemmy world and shit just works both). You can’t speak with any credibility on the privacy front under those circumstances because you compromise digital freedom even when it yields no meaningful gain.
soloActivist Now • 100%
Sometimes you have to stay connected to have any chance of saving the others.
This is not that. In this particular situation remaining connected to the surveillance advertisers only reinforces through codependency the idea that people can centralize themselves on those platforms to count on being reachable by everyone. That’s not the right msg.
Being the one hold out is a strong position. There was an academic group of people on FB that I had to corresponded with. When I refused to appear on that platform, everyone was forced to step outside of FB to reach me thus making them consciously aware of the problem. I wouldn’t have it any other way. Taking the pushover stance only proves to them that it works to choose the side of the monopolistic oppressor.
Indeed it makes sense for a privacy advocacy org to have a Facebook acct to reach those people. But most of them get it wrong and needlessly advertise FB on their public website. Which means they’re not just using it for outreach.
soloActivist Now • 50%
I’m merely trying to point out that there is a healthy middle ground between the extremes of internet usage where people can interact with each other in a meaningful way while also being aware of the inherent risks and realities of using the internet today.
You’re mistaken where compromise is needed and where it is not. There are ways to communicate without putting Google or MS in the loop and you’re at the unethical extreme if you have opted to support GAFAM by feeding those platforms.
soloActivist Now • 33%
Doesn’t matter how you got them.
No, it matters absolutely. You can get the goods by financially contributing to their bottom line, or you can get them without contributing financially. Surely you must understand that companies exist to profit.
soloActivist Now • 50%
How do you think your device was made?
I have not bought a PC for the past 15 years. Every upgrade has been from pulling fully functional PCs out of dumpsters, LCDs included. Permacomputing is a good movement to follow.
soloActivist Now • 33%
You are definitely wearing some tin foil, OP.
You have definitely failed to understand how capitalism works and how money flows in relation to data, and the ethical history of corporations involved.
soloActivist Now • 50%
Or you could say that by neglecting to boycott and participate in activism you are neglecting to participate in society.
“Activism is my rent for living on this planet” --Alice Walker
Activism is our duty.
soloActivist Now • 66%
It’s not enough. You have to follow the money (if you are an ethical consumer).
A boycott no longer simply means to not buy products or service from. When you supply profitable data to a harmful entity, it’s as good as giving them cash.
soloActivist Now • 40%
Then you’ve misunderstood. It’s not a security move. It’s a boycott. I will not financially support fossil fuel partners with profitable data.
Google is partnered with Total Energy and uses AI to help them find where to drill. Likewise, Microsoft is partnered with Chevron and Exxon, again using AI to help them drill for oil. Microsoft also has many other matters of ethical wrongdoing. Not a good company to support. Not to mention the lack of ethics of targeted advertising in general.
So it’s privacy for the sake of ethics, not privacy for the sake of security. These are the top reasons not to feed Google or MS, though it’d be poor judgement to also suggest there is no security problem with personal disclosure to such a centralized corporate PRISM venues outside of a GDPR region in a country with no notable privacy safeguards.
It’s also notable that Chevron is an #ALEC member, thus supports US republicans. #ExxonMobil is also an abhorrent company to support (#ExxonKnew).
I have lots of old friends who I only maintained sparse contact with. When I let my personal email address die (the address they would all have records of), I did not bother to update them with a new address. They are all on the platform of some surveillance capitalist (e.g. Google or Microsoft). Google & Microsoft both refuse connections from self-hosted residential servers. And even if they didn’t, I am not willing to feed those surveillance advertisers who obviously don’t limit their surveillance to their users but also inherently everyone who makes contract with their users. I cannot support that or partake in pawning myself to subsidize someone else’s service. I just wonder if anyone else has taken this step.
There’s a widespread nuisance of shared e-scooters (which do not need to be locked) taking up bicycle stalls that cyclists need to lock their bikes. Are e-scooter platforms instructing users to use bicycle racks? Or are people doing that against policy?
Some banks will annually mail a paper “welcome” letter to all customers purely for the purpose of collecting bounced mail ultimately to verify if anyone has moved without telling them. The letters never state that’s the purpose.. they take that opportunity to talk about their service in arbitrary ways. Some banks even charge customers a fee for their cost in doing that. If you ask the banker about it they readily admit that it’s an address verification technique. That’s it.. just a PSA so folks are aware, as it is a bit sneaky. Some national postal services (e.g. USPS) sell your mail forwarding information which is how you get tracked to your new location by various entities even when you did not inform them of your new address. So obviously a good defensive measure is to never use the mail forwarding service. Select the entities you want to know your new address and inform them directly. But then to get some immunity to the sneaky trick in the 1st paragraph, perhaps give the next resident a stack of addressed envelopes and stamps and ask the next resident to ~~forward~~ (remail) for you.. or just ask them to trash your mail instead of returning it.
A public service started blocking access from Tor users. Blocks like this almost never have the courtesy to acknowledge ***why*** you are blocked (Tor) much less why they decided to exclude Tor users from public access. The blockades seem to always be implemented by an asshole. So I play dumb: “your site is no longer working… here is my screenshot…('Unable to connect')”. I submit that as a complaint. The response I would hope for: “Oh, we are sorry sir, we will send you a link to our bulletin page that publishes a chronology of all changes we make to the site and have a technician call you to troubleshoot the problem.” My goal is to burden those behind unjustified/undocumented anti-Tor configs so they spend some time investigating as a consequence of their unannounced change and their useless error messages. What really happens: They reply saying: “the server works. No problems were reported. The problem is with your browser. Try another computer/browser”. So indeed, they double-down on being assholes. They give this snap response having no idea what could have gone wrong. There is no escalation procedure in government when you reach an incompetent person. So what’s the counter-move? Proposal: network with other Tor users in the region. When one user reports a tor-hostile, everyone else in the group should verify the block and complain at the same time; everyone taking care not to mention Tor. It should remove the the knee-jerk “there have been no complaints” response. Has anyone tried this?
I’m not blind but I browse with images disabled. This means I can no longer login to Protonmail because they push CAPTCHAs. I know some CAPTCHAs have an audio option but I just get a blank box from Protonmail’s CAPTCHA. So I was wondering how blind people deal with that, or if they are simply excluded from using #Protonmail.
If you have a defensive browser that runs over Tor and blocks popups, CAPTCHAs, dark-pattern-loaded cookie walls, and various garbage, we still end up at the losing end of the arms race. The heart of the problem is that privacy enthusiasts are exposed to the same search engine rankings that serve the privacy-naïve/unconcerned masses. Would it make sense for the browser to autodetect various kinds of enshitification, add the hostname to a local db for future use, then report the hostname anonymously over Tor to central db that serves as an enshitification tracker? The local and centralized DBs could be used to down-rank those sites in future results. And if a link to enshitified sites appears on a page unrelated to searches it could be cautioned with a “⚠”. Some forms of enshitification would probably need manual detection but I could see people being motivated to contribute. The security and integrity of a centralized db would perhaps be the hardest part of the effort. But if that could be sorted out, we could get search results to prioritize (pro-user) resources. In principle the DB could also track access methods by which a website is garbage-free (e.g. if the garbage does not manifest when viewed in Lynx, then that should be captured in the DB as well).
If you try to download video `lU4vv7qCQvg` on a variety of #Invidious instances, some (most?) redirect you to a realtime player instead of serving up the file. Those instances that cause the wrong action work correctly for other videos. works → https://invidious.fdn.fr/watch?v=lU4vv7qCQvg broken → https://iv.ggtyler.dev/watch?v=lU4vv7qCQvg
cross-posted from: https://links.hackliberty.org/post/454425 > When I visit this post: > > https://jlai.lu/post/2250911 > > the embedded short abstract intro to the article is “403 Blocked www.lecho.be” When I try visiting the link directly I get “403 bot detection”. This suggests that everyone who opens that thread independently visits that webpage by way of some javascript that’s not under the user’s control. If 1000 people open that thread, then 1000 separate fetches are made. That’s a poor design. The server could do that job just once and the results would be more reliable. As opposed to everyone getting different results. > > This is also a #privacy #security bug. Someone who opens a thread does not necessarily intend to fetch the linked article. Non-tor users are under surveillance in some countries (e.g. the US, where Trump enacted law s.t. ISPs can collect data on users without consent). So they should have control over what sites they visit. Merely opening a thread is an abuse because it makes users actions instantly trackable. IOW, users share information with their ISP without their knowledge or control. > > Note that the example thread shows the full text of the article because the author was diligent about copying it. But that’s not the general case. > > #bug #lemmyBug
When I visit this post: https://jlai.lu/post/2250911 the embedded short abstract intro to the article is “403 Blocked www.lecho.be” When I try visiting the link directly I get “403 bot detection”. This suggests that everyone who opens that thread independently visits that webpage by way of some javascript that’s not under the user’s control. If 1000 people open that thread, then 1000 separate fetches are made. That’s a poor design. The server could do that job just once and the results would be more reliable. As opposed to everyone getting different results. This is also a #privacy #security bug. Someone who opens a thread does not necessarily intend to fetch the linked article. Non-tor users are under surveillance in some countries (e.g. the US, where Trump enacted law s.t. ISPs can collect data on users without consent). So they should have control over what sites they visit. Merely opening a thread is an abuse because it makes users actions instantly trackable. IOW, users share information with their ISP without their knowledge or control. Note that the example thread shows the full text of the article because the author was diligent about copying it. But that’s not the general case. #bug #lemmyBug
The #GDPR states that if an access request is submitted electronically, the response must also be electronic. But then there is a separate rule that if the data is too sensitive for the means of transmission that have been established (e.g. unencrypted email), the data controller must still respect the security requirements in their response at the same time and maintain an appropriate security level for the data. Thus this could mean that they have to send a USB stick via postal service to the data subject. But then at the same time, there is another rule that an initial request must be completed free of charge. So taking all that together, there are situations where data subjects will end up with gratis USB sticks. This inspires the question: what kind of data is too sensitive for unencrypted transmission and what kind of data is not? EDIT: If I were a data controller and for whatever reason I could not establish an appropriately secure channel, I might be tempted to offer data subjects these choices: * provide it on optical media (it’s the subject’s problem if they no longer have a drive) * demand a *refundable* deposit for the media and provide a postage-paid return envelope * require the data subject to deliver their own media * offer the option for the data subject to appear on site in person and copy the data, and return the media * publicly post PDF docs that are AES-encrypted and snail-mail the password to them I have no idea if those would be compliant. Likely the 4th bullet is, because it’s expressly stated that data controllers can require data subjects to collect their data in person so the data controller can get a signature proving that the data made it into the correct hands.
cross-posted from: https://links.hackliberty.org/post/435505 > A data controller responded to a #GDPR request under art.15 & 17 (thus, an access request coupled with erasure request). They responded with a refusal, demanding ID card. They probably demanded it be in color, but I responded with a black and white copy of my ID. They refused again, affirming that the ID card must be in color. So then I sent them a color copy, but I used black boxes to redact my facial image and all personal text except my name. They again refused to honor my request, saying “zonder vlekken en met een goede resolutie om te worden geaccepteerd”. That translates into “without spots or stains”, correct? I don’t think that means without redactions. > > Anyway, I would like a GDPR expert to confirm or deny whether the controller’s refusal and demands are lawful. > > The relevant GDPR text is: > > * https://gdpr-text.com/read/recital-64/ > * https://gdpr-text.com/read/article-12/#para_gdpr-a-12_6 > > My request (via post) included my residential address and also mentioned a unique email address that only that controller knows me by (though they would not necessarily know it’s unique). Shouldn’t that be sufficient? *UPDATE* [This abstract](https://legalitgroup.com/en/guidelines-01-2022-on-data-subject-rights-right-of-access/) covers some of my questions. Indeed redactions on the ID card are allowed when making requests.
A data controller responded to a #GDPR request under art.15 & 17 (thus, an access request coupled with erasure request). They responded with a refusal, demanding ID card. They probably demanded it be in color, but I responded with a black and white copy of my ID. They refused again, affirming that the ID card must be in color. So then I sent them a color copy, but I used black boxes to redact my facial image and all personal text except my name. They again refused to honor my request, saying “zonder vlekken en met een goede resolutie om te worden geaccepteerd”. That translates into “without spots or stains”, correct? I don’t think that means without redactions. Anyway, I would like a GDPR expert to confirm or deny whether the controller’s refusal and demands are lawful. The relevant GDPR text is: * https://gdpr-text.com/read/recital-64/ * https://gdpr-text.com/read/article-12/#para_gdpr-a-12_6 My request (via post) included my residential address and also mentioned a unique email address that only that controller knows me by (though they would not necessarily know it’s unique). Shouldn’t that be sufficient? I ultimately need to know whether a DPA should get involved.
It seems rare that VOIP providers offer a secure tunnel using TLS. I have 2 providers and neither support TLS-- which is reckless because phone conversations are more sensitive than using the web. Conversations are not only quite personal but the realtime nature of a spoken conversation encourages people to divulge things faster than they can think about security. It’s a shitty trend particularly when unwarranted surveillance in the US has targeted VOIP specifically. And why not.. it’s in the clear. Sure, there is the problem that TLS can only secure one segment of the conversation. So if you call your doctor or lawyer using a rare TLS-capable VOIP provider, it’s only secure to the VOIP server and thereafter it’s in the clear. Is that the rationale for VOIP providers not bothering?
cross-posted from: https://links.hackliberty.org/post/285435 > When a private sector company blocks Tor, I simply boycott. No private entity is so important that I cannot live well enough without them. But when a *public* service blocks Tor, that’s a problem because we are increasingly forced to use the online services of the public sector who have gone down the path of assuming offline people do not exist. > > They simply block Tor without discussion. It’s not even clear who at what level makes these decisions.. could even be an IT admin at the bottom of the org chart. They don’t even say they’re blocking Tor. They don’t even give Tor users a block message that admits that they block Tor. They don’t disclose in their privacy policies that they exclude Tor. > > Just a 403 error. That’s all we get. As if it needs no justification. Why is the Tor community so readily willing to play the pushover? Even the Tor project itself will not stand up for their own supporters. > > The lack of justification is damaging because it essentially sends the message: “you Tor-using privacy seekers are such scum we don’t even have to explain why you are outcast. We don’t even have to ask permission to exclude you from participating in society” This reinforces the myth that Tor users are criminals and encourages non-criminal Tor users to abandon Tor, thus shrinking the Tor userbase. The civilized world has evolved to a point of realizing the injustice of #collectivePunishment. At best this is a case of punishing many because of a few. I say “at best” because I’m skeptical that a bad actor provokes the arbitrary denial of service. > > When the question is publicly asked “why did service X start blocking Tor” answers always come as speculation from people who don’t really know, who say they were probably attacked.