freedomPusher

Lemmy version 0.19.4 introduces ~~3~~ 4 relatively intolerable bugs, and 0.19.5 only fixes one of them.

• cannot post, risk of data loss
• cannot cross-post, but no data loss.
• can only visit the default timeline view
• (update) cannot search

In the US, consumers can freeze their credit worthiness records and receive a code. When the records are frozen, the only orgs that can access the records are those already doing business with the consumer. If a consumer wants to open up a new account, they share the code with the prospective creditor who uses it to see the credit report.

So the question is, how are access controls on credit histories done in various EU nations? Do any use unlock codes like the US, or is it all trust based?

cross-posted from: https://sopuli.xyz/post/13985430

The problem:

Most #fedi authors post links with no idea if the hosting server discriminates against people, or who. The consequence is that the fedi is muddied with references to exclusive venues that do not treat people equally, which wastes the time of readers who are impacted by discrimination. A variety of walled gardens pollute our threadiverse experience. So how can we remedy this?

Proposed fix:

Suppose we create a community and designate it as a testing area which welcomes bots. So e.g. I post something in the test community, and a bot that is paywall-aware replies yes or no whether the link is paywall-free. A bot that is Cloudflare-aware does the same. A regional bot, such as a bot in Poland can check that Polish IP addresses can reach the URL and make noise if the website blocks Poland. Etc. It need not be just bots.. someone in some oppressed region might manually attempt to visit links and report access problems. We would certainly like a bot in a GDPR region to test whether access is refused on the basis of a data controller’s unwillingness to respect GDPR rules. The OONI project could have a bot that reports anything interesting in their database.

There could also be anti-enshitification bots, which point out things like cookie walls.

There are bots that find better links to replace Cloudflare links. Those bots could help direct authors to better URLs to share.

There could be a TL-DR bot that replies with a summary or even the full text, so an author can decide before posting in the target community whether to omit a shitty link and just post the content.

(update) It’s worth noting that for Mastodon there an ad hoc tool. If you follow @mg@101010.pl, that bot will follow you back and analyze every URL you share for whether it is Cloudflared. If yes, it will DM you with alternative URLs.

Note that the mitigator bot is quite loose it its judgement. If the host is not Cloudflared but another host on the same domain is Cloudflared, it is treated as a positive because it’s assumed that when you visit the host it will link to other hosts on the same domain.

cross-posted from: https://sopuli.xyz/post/13133455

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

1. your coin gets stuck
2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

1. your internet service goes down
2. the internet service of the laundry room goes down
3. the website is incompatible with your browser
4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
5. you cannot (or will not) solve CAPTCHA
6. the website rejects your IP address because it is a shared IP
7. the payment processor rejects your IP address because it is a shared IP
8. the bank rejects your IP address because it is a shared IP
9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
10. the accepted payment forms do not match your payment cards
11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.
16. (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

1. your coin gets stuck
2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

1. your internet service goes down
2. the internet service of the laundry room goes down
3. the website is incompatible with your browser
4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
5. you cannot (or will not) solve CAPTCHA
6. the website rejects your IP address because it is a shared IP
7. the payment processor rejects your IP address because it is a shared IP
8. the bank rejects your IP address because it is a shared IP
9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
10. the accepted payment forms do not match your payment cards
11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.
16. (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?

I’ve noticed that if you try to contact corp or gov offices the old fashioned way, they simply ignore you. They want to force you to use email or solve a CAPTCHA. The fix I have in mind is a tweak on this idea:

https://sopuli.xyz/post/12919557

but the first contact you make with an office need not even be GDPR¹ related. If you contact a gov or corp for any purpose and they ignore it, your next request can and should include an access request for records on how they handled your initial correspondence.

¹ GDPR isn’t the only game in town. Brazil and California supposedly have some privacy law similar to the GDPR which I assume includes a right of access. Hence why they were also mentioned in the title.

#fuckEmail

I just had to send a msg to a gov office.

Email has been generally broken¹ the past couple decades. I prefer fax. It’s more reliable and I choose what I want to disclose to the recipient. Even in cases where part of the fax transmission routes over email, it’s still more reliable than pure email because those fax→email gateways are managed by recipients to ensure all-or-nothing (all faxes are delivered or none of them). Fax is immune to shenanigans like “mail server X accepts mail from Y but not Z”.

When I tried to send the fax, the fax machine did not answer. So I voice called the office. They said “we unplugged our fax machine”. WTF! So I said please plug it back in because I’m trying to send a fax. So a bit later I tried again and it worked.

Folks, we are losing fax because most of the population does not grasp the privacy compromise with email, and the compromise of netneutrality and reliability. If I am the only person in the world who keeps fax in use, fax will die fast because it’s easy to marginalise 1 person.

cross-posted from: https://sopuli.xyz/post/12944261

The psychology of this problem is that users are too lazy to maintain multiple accounts when all they have is Lemmy’s stock web client. So they choose one of the big nodes: lemmy.world, sh.itjust.works, lemm.ee, lemmy.ca, etc.

These Cloudflare-centralized nodes are able to greedily exploit the #networkEffect because due to lack of multi-account software. If there were some well-made 3rd party client apps for Lemmy that would be designed for multiple accounts, then more users would be willing to create accounts in more decentralized parts of the fedi.

Mastodon somewhat proves this because the client-side tooling is in place to make it convenient to have 6 or Mastodon accounts. And Mastodon nodes are better balanced.

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

cross-posted from: https://sopuli.xyz/post/10440580

The source of this article is in a walled garden that disrespects our privacy so I will not cite it. But here’s the text, posted here in the free world for all people to access:

The menace of “the War on Cash” is making steady headway across the board.

And that’s whether it concerns big-time international policy-makers pushing for total digitization of financial assets – or individual examples that showcase just how serious this threat is.

Here’s one such case: Elizabeth Dasburg and two others were denied the right to use cash to pay entry fee to the Fort Pulaski National Monument in Georgia, managed by the National Park Service.

It’s turned into, “parks, but no recreation” – because the victims of this violation of US law regulating the use of domestic currency have now opted for litigation.

Plain and simple, Dasburg and the two others believe it is still illegal in the US to refuse to accept the country’s legal tender. Or is it? That’s the question the US District Court for the District of Columbia will have to spell out.

Judging by the filing, the Fort Pulaski employees were equally indoctrinated against accepting cash, as they were trying to be helpful. The visitors were first told in no uncertain terms that only cards are accepted.

We obtained a copy of the complaint for you here.

And then, if – say they had no cards (that they might not want to use them doesn’t seem to have been a consideration) – they were instructed to go to a grocery chain like Walmart and buy a gift card.

However bizarrely and unnecessarily complicated this might sound – all the more ironic, because it appears the “explanation” for this policy is that cards are more “convenient” – that’s what Fort Pulaski wanted.

Cards. Of any sort. Things that can be tracked and tied to a person, in other words.

“By forcing people to use credit cards or digital wallets, under the guise of convenience, the National Park Service becomes a player in the surveillance state, undermining park visitors’ privacy right,” Children’s Health Defense (CHD) General Counsel Mack Rosenberg commented on the case – and the state of affairs.

CDH has decided to put its money where its mouth is and support the defendants’ case financially.

The National Park Service is said to have been working on cashless-only payment options for some years, the scheme now in effect in to close to 30 national parks, historic sites and monuments.

While those behind such things are always happy to present themselves as champions of “equality and diversity,” the reality looks quite different.

“Only half of low-income households have access to a credit card, according to a March 2022 Federal Reserve Bank of New York report,” CHD President Laura Bono said in a letter to the Park and Service CEO.

cross-posted from: https://sopuli.xyz/post/9076220

I posted this thread on jlai.lu. I got no replies as far as I could see from sopuli -- no notifications, and when I enter that thread there are still zero replies. But when I visit the thread on the hosting instance, I see a reply. This behavior is the same as if I were blocking that community -- but I am not.

When I search in sopuli for the direct link to the comment, the search finds it. And then I was able to forcibly interact with the comment.

I have to wonder how often someone replies to me and I have no idea because the response is hidden from me. This is a serious bug. Wholly unacceptable for a platform designed specifically for communication.

update 1 (another occurrence)

Here’s another thread with the same issue. Zero replies when I visit that thread mirror within sopuli, but 3 replies when visiting direct. I was disappointed that high-effort post got no replies. Now 2 months later I see there actually were replies. I will search those comment URLs perhaps in a couple days to interact. But I’ll hold off in case someone wants to investigate (because I think the act of searching those URLs results in copying the comments which could interfere with the investigation).

update 2 (subscription relevancy)

I was asked if I am subscribed to the community. Good question! The answer is no, so there’s a clue. Perhaps mentions do not trigger notifications if no one on the instance of the mentioned account is subscribed to the community. This could be the root cause of the bug.

cross-posted from: https://sopuli.xyz/post/7212221

Keeping $1k in a bank for 1 year is equal to the CO₂ emissions of flying New York to Seattle. Because banks invest in fossil fuels.