- 15 Posts
- 48 Comments
41·8 days agoThose do not obviate the use cases I have in mind. Secure drops are useful tools for specific whistle blowing scenarios. But they are not a one-size-fits-all tool.
I routinely use framadrop and then transmit the links to regulators or whoever I am targeting to act on a report. But what if the target audience is not a specific journalist or regulator but rather the entire general public? The general public does not have access to reports submitted to the Guardian’s dropbox or NYTimes’ dropbox. Those are exclusive channels of communication just for their own journalists. The report then only gets acted on or exposed if the story can compete with the sensationalisation level of other stories they are handling. If I’m exposing privacy abuses, the general public does not give a shit about privacy for the most part. So only highly scandelous privacy offenses can meet the profitable publication standards of Guardian and nytimes. The reports also cannot be so intense as to be on par with Wikileaks. There is a limited intensity range.
The fedi offers some unique reach to special interest groups like this one without the intensity range limitation.
NYtimes is also a paywall. So even if the story gets published it still ends up a place of reduced access.
They are great tools for some specific jobs but cannot wholly replace direct anonymous publication. Though I must admit I often overlook going to journalists. I should use those drop boxes more often.
(edit) from the guardian page:
Once you launch the Tor browser, copy and paste the URL xp44cagis447k3lpb4wwhcqukix6cgqokbuys24vmxmbzmaq2gjvc2yd.onion or theguardian.securedrop.tor.onion into the Tor address bar.
That
theguardian.securedrop.tor.onionURL caught my attention. I did not know about onion names until now. Shame it’s only for secure drops.
3·8 days agoThat story is focused on #CloudSTRIKE but the bigger more remarkable demon here is #CloudFLARE.
This story demonstrates Cloudflare acting as a proxy bully of their own customer, on behalf of CloudStrike by pushing a frivilous #DMCA take-down demand. CF took the spineless route as it sees CloudStrike as having more muscle than their customer. After CF joins the Goliath side of the David vs. Goliath battle, CF ignores Senk’s responses and keeps proxying threats.
Senk bounced from Cloudflare and went to a provider who has his back. #ArsTechnica publishes Cloudflare’s conduct. As embarrassment hits Cloudflare and David (Senk) starts winning against Goliath (CloudStrike), CF changes their tune. Suddenly they are on Senk’s side, saying “come back, we’ll protect you – we promise we didn’t get your messages”. LOL. Senk should do a parody site for Cloudflare too.
Senk’s mistake: leaving CF. He should have waited until CF actually booted him. Then that would have more thoroughly exposed CF’s shitty actions. Senk gave CF an easy out.
Interesting to note how a human on the side of civil rights who advocates decentralisation was treated with hostility by Cloudflare. Yet CF is fine with sheltering actual criminals.
Customers should take several proactive steps to protect their personal information and reduce potential risks: Be Wary of Phishing Attempts
Customers should rethink their stupid ass decision to use AT&T in the first place since it has been known for over a decade that AT&T is the most privacy abusive of all US telecoms, most notably their role in project Fairview (archive for clearnet users and wikipedia).
AT&T customers don’t give a shit about privacy. But I do have some sympathy for all the non-AT&T people who communicated with AT&T pawns.
BTW, the OP’s link avoids reclaimthenet’s shitty popup if proxied through 12ft.io:
https://12ft.io/https://reclaimthenet.org/nearly-all-at
Not sure it matters since the text is in the OP anyway… guess if someone wants to share it around.
Folks, FedEx has always been on the extreme right. Some basic facts:
- FedEx is an ALEC member (extreme right lobby and bill mill), largely as an anti-union measure
- FedEx founded by an ex military serviceman
- FedEx gives discounts for NRA membership (though I heard this was recently discontinued). NRA is obviously an extreme right org who also finances ALEC.
- During the NFL take-a-knee protest, FedEx is one of very few die-hard corps that refused to give in to the boycott. FedEx continued supporting the NFL against all the Black Lives Matter athletes taking knees and getting punished.
- FedEx ships shark fins, slave dolphins and hunting trophies. Does not give a shit about harm to animals (even when endangered) or environment.
I have been boycotting FedEx for over a decade. Certainly being pro-surveillance is fitting with their history and should not be a surprise to anyone who is aware of this background.
The only moral inconsistency is that FedEx has a reputation for not snooping on your packages and seems to be favored by people shipping contraband. But to find the consistency it’s just about the bottom line. They make no money by ratting out their customers who break the law. But installing a surveillance system on their trucks is probably yielding revenue for FedEx.
Sounds mostly reasonable… but I don’t see the alternate citizenship helping, unless you mean to go as far as renouncing because all FATCA regions (~130+ countries) look at the birthplace, not nationality, and you can never get a new birthplace. It’s probably hard to find a non-FATCA region where you can trust the banks. But indeed… getting your 4th amendment rights has come to extremes.
That makes some sense.
In my case I think I have credit that I’ve never actually used; and I think I’ve also put on their file that I am unemployed. So in principle consumers who either don’t care for the credit, or are happy to be in the highest risk category, they should not be harassed with this. I will just ignore it and see what happens.
I doubt it. It will probably show the clearnet address. I just now logged in via the onion, so this reply will be a test.
Replacement link to a privacy-respecting host:
This article seems to suggest the KYC rules only apply to foreign customers:
https://www.bankinfosecurity.com/commerce-proposes-rule-to-fight-foreign-cloud-cyber-threats-a-24219
but then you have to wonder how they will know you’re domestic without a bit of KYC on Americans as well.
BTW, a good way to find privacy-respecting links is to search using this service:
https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/
That search tool will not return Cloudflare MitMd links.
Lawmakers have figured out they can circumvent 4A by forcing the private sector and external governments to do their surveillance. It worked for banking KYC and it worked for FATCA. The industry is apparently not worried at all about losing customers. And they won’t. To circumvent 4A, just outsource governance to a non-government entity.
Love the irony of being blocked from reading that article because I am anonymous and the #reclaimthenet hypocrits insist on using Cloudflare.
So I can only comment on the title and what the OP (apparently) copied. Judging by how the masses happily continue using banks who voluntarily abuse KYC by collecting more info than required, internet users will also be pushovers who give in to whatever KYC comes their way.
This policy will actually create victims. Just like GSM registration creates victims. In regions that require GSM registration phone theft goes up because criminals will steal a phone just for a live SIM chip. So KYC creates incentive for criminals to run their services from someone else’s PC.
2·6 months agoAre those heuristics low bandwidth or is audio involved?
I disable images because of bandwidth consumption. So I’m wondering if it makes sense to install a screen reader in my case.
Surely some of those captured faces are people in Europe, Brazil, and California, who would then be protected by GDPR, L…(something… forgot), and CCPA respectively.
Under the guise of reducing crime,
Woolworths has justified these measures as necessary for the purposes of security.
There is video surveillance, and then there is that extra intrusive step of facial recognition. They can have video without FR. They can submit video evidence to the police who can then use FR, if needed. They probably want to argue that they can block known shoplifters as they enter. But of course what they really want is to track who enters the shop, which products they look at, how long they gaze at promo ads, etc. Being able to preemptively strike without a crime, just a bad reputation, does not justify the intrusion to everyone else.
Food is essential. It’s not like some shitty smartphone shop or Amazon b&m store that people can boycott.
Linux won’t be viable for blind people unless major distros have full time accessibility folks, and refuse to accept inaccessible packages and patches.
Sure, but you need to read what I quoted. I purely addressed the flawed claim that better code comes from those paid to write it. The opposite is true. It’s unclear to what extent that bias has influenced @[email protected]’s thesis. Though I have no notable issues with anything else @[email protected] wrote (much of which is beyond my expertise w.r.t accessibility).
And to be clear, “better code” strictly refers to quality, not accessibility. Accessibility is a design factor.
But that code you write at home is probably not accessible.
That’s right. But then neither is the commercial code I worked on. That would be outside of my domain. I do backends for the most part. The rare UI work I did was for a tiny user base of internal developers within the org and accessibility was not part of the requirements. I worked on a UI for external users briefly but again no requirements for accessibility (which would be very unlikely for that particular product).
In any case, this sidetrack is irrelevant to what you replied to. It’s important to correct bogus claims that being paid to write code is conducive to quality. Some right-wingers I know never miss the opportunity to use the phrase “good enough for government work” because they want to push the mentality that capitalism promotes superior quality. It’s a widespread misconception that needs correction whenever it manifests.
Paying someone to write accessible code should theoretically work on both free software and non-free software. AFAICT the reason non-free software would accommodate blind users is that the market share is large enough to justify the profit-driven bottom line and those users are forced to pay for it (as all users are). In the FOSS domain, payments (“bounties”) are optional. Has this been tried? If not, then you’re relying on blind FOSS developers to suit their own needs in a way that benefits all blind users.
and that someone who is paid to write accessible software is generally going to produce and maintain better code.
In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.
Commercial software development
When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is very short-sighted. I was once back-roomed by a manager and lectured for “gold plating”. That means I was producing code that was higher quality than what management perceives as the economic sweet spot. I was also caught once fixing bugs as I spotted them when I happened to have a piece of code checked out in Clearcase. I was told I was “cheating the company out of profits” because they prefer if the bug goes through a documentation procedure so the customer can ultimately be made to pay separately for the bug fix. Nevermind the fact that my time was already compensated by the customer anyway - but they can get more money if there’s a bigger paper trail involving more staff. So when you say you get what you pay for, that’s what you pay for – busy work (aka working hard not smart). They also want “consistent quality”. So if one module is higher quality than another, there is pressure to lower the quality of the better module because improving the style or design pattern of the lower quality piece is “gold plating”. When I make full use of the language constructs (as intended by the language designers), I am often forced by an employer to use more basic constructs. Employers are worried that junior engineers or early senior engineers who might have to maintain my code will encounter language constructs that are less common and it will slow them down to have to look up the syntax they encounter. Employers under-estimate the value of developers learning on the job. So I am often forced avoid using the more advanced constructs to accommodate some subset of perceived lowest common denominator. E.g. if I were to use an array in bash, an employer might object because some bash maintainers may not be familiar with an array.
Non-commercial software development
Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet some deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline. #FOSS devs are free to gold plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work. I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.
Commercial software from a user PoV
Whenever I encounter a bug in commercial software, there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the bug I found, which is unlikely when there are complex circumstances.
Non-commercial software from a user PoV
Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.
Yes, but to be clear my test may or may not be valid in terms of what a blind person would experience. Unlike a blind person I do not use a screen reader. I merely disabled images and saw no visual indicator of an audio option. I would expect blind people to disable images as well because they would only slow them down for no benefit. But someone else said that they bypassed the CAPTCHA completely due to having a screen reader.
Specifically in the case of Protonmail? That was part of my question. I saw no audio CAPTCHA option.
Thanks for the tip!
Although it’s a tricky decision because if the server can detect that you use a screen reader, then your browser fingerprint uniqueness would increase quite a bit.
Indeed it saves bandwidth – which is particularly important for those with a limited connection. I like it as well because so many images actually downgrade the UX anyway.
It’s a better carbon footprint to nix images but then we get punished for it by anti-bot websites. Bots also neglect to fetch images so I get hit with false positives for robots more frequently.
(Not sure if mentions work on Lemmy… mentioning @[email protected] for good measure)
Self hosting would mean I could control account creation and make many burner accounts. But there are issues with that:
I think it complicates the problem and then each author has to deal with the same. If it’s solved at the fedi API level, then the existing infrastructure is ready to work.
(edit) I recall hearing about a fedi client application that operates in a serverless way. I don’t recall the name of it and know little about how it works, but it is claimed to not depend on account creation on a server and it somehow has some immunity to federation politics. Maybe that thing could work but I would have to find it again. It’s never talked about and I wonder why that is… maybe it does not work as advertised.