freedomPusher

joined 4 years ago
MODERATOR OF
netneutrality
bugs
gdpr
right_to_unplug
paperless
sorted by: new top controversial old
cafe in Amsterdam could not produce a receipt -- a “digital transformation” scenario; are receipts no longer obligatory? in c/thenetherlands@feddit.nl
[–] freedomPusher@sopuli.xyz 5 points 7 months ago* (last edited 7 months ago) (1 children)

There is a new law that allows merchants to stop giving paper receipts.

The forced use of e-receipts in Europe (France, Belgium, Netherlands, Denmark, England, & Italy)

Don’t upgrade Lemmy past 0.19.3. Serious/significant regressions intoduced. in c/infosecpub@infosec.pub
[–] freedomPusher@sopuli.xyz 0 points 8 months ago* (last edited 8 months ago) (2 children)

One of the big problems social and collaboration platforms is people go to where the people are, like Lemmings, with disregard to principles and ethics. I go to the ethical venues regardless of where the people are. Instead of feeding a harmful network effect, I would rather feed free and open spaces. If I were to contribute to MS Github, I would have to consider myself part of the problem.

Don’t upgrade Lemmy past 0.19.3. Serious/significant regressions intoduced. in c/infosecpub@infosec.pub
[–] freedomPusher@sopuli.xyz -1 points 8 months ago (4 children)

Did you report the bugs on the Lemmy github?

No, and I wouldn’t. I created this community specifically for reporting bugs when bug trackers are in bad places like Github:

!bugs@sopuli.xyz

Most people are indeed probably using Firefox

The cross-posting problem is specific to Tor Browser, which is Firefox based. But that one was fixed in 0.19.5.

I was actually shocked to recently learn many are using their phones, which often means 3rd party apps (and which would not have any of the stock UI bugs).

Don’t upgrade Lemmy past 0.19.3. Serious/significant regressions intoduced. in c/infosecpub@infosec.pub
[–] freedomPusher@sopuli.xyz 1 points 8 months ago* (last edited 8 months ago) (7 children)

0.19.5 only fixes one of the 4 bugs (cross-posting). None of them seem to be mentioned in the change notes.

141 servers are already running 0.19.5

Ungoogled Chromium and Tor Browser are perhaps less popular than they should be.

12
Don’t upgrade Lemmy past 0.19.3. Serious/significant regressions intoduced. (sopuli.xyz)
 

cross-posted from: https://sopuli.xyz/post/14184367

Lemmy version 0.19.4 introduces 3 relatively intolerable bugs, and 0.19.5 only fixes one of them.

1
Plz don’t upgrade. Lemmy 0.19.3 is good. Later versions introduce serious regressions. (sopuli.xyz)
submitted 8 months ago* (last edited 8 months ago) by freedomPusher@sopuli.xyz to c/meta@sopuli.xyz
0 comments fedilink
 

Lemmy version 0.19.4 introduces ~~3~~ 4 relatively intolerable bugs, and 0.19.5 only fixes one of them.

Do any credit reporting agencies in Europe give consumers control over creditors access? in c/europe@feddit.de
[–] freedomPusher@sopuli.xyz 1 points 8 months ago* (last edited 8 months ago) (3 children)

So not what their running debt is but only whether they can take on a new, specific one.

I knew the criteria was out of the hands of EU-based lenders, but didn’t realise the data is also out of reach to the lender. I suppose it makes sense that the lender would get no info other than a yes or no, if lenders have no discretion.

I noticed A shop had a rediculously priced phone (like €800+, something I would never buy) but advertised something like €9 if you take a contract. So it’s effectively a loan factored into a locked-in phone service plan. IIUC, the phone shop must arrange that with a bank and does not have the option of taking on risk, and then the bank asks the central bank if customer X can handle that loan, correct?

You can reverse payments through the bank in the EU as well but it’s seldom necessary, since the companies tend to revert the charge willingly when confronted by the consumer protection bureaus.

I’ve only had to resort to bank reverse a couple if times.

One was when I ordered a pair of shoes of what appeared to be an Italian website. It later turned out it was a scam site that listed popular models that were not made anymore and then sent you a ridiculously poorly made knock-off copy from China. I explained the issue to my bank and showed the knockoffs I got and a week or so later the charge was reversed.

That’s quite a surprise. I heard SWIFT/IBAN transfers were permanent and irreversable. I heard of mistakes being corrected but it required the two banks to collude and the bank of the recipient to do a money grab on their account, which I suppose would be impossible if a criminal closes their account. I wonder if your bank took a loss or if they colluded with the other bank. IIRC, banks have a minimum “investigation” fee of like €25 plus an hourly rate to pay bankers to deal with bad transactions. Did your bank offer that service for free?

Do any credit reporting agencies in Europe give consumers control over creditors access? in c/europe@feddit.de
[–] freedomPusher@sopuli.xyz 1 points 8 months ago* (last edited 8 months ago) (1 children)

The only similar things I know is the central bank keeping a listing of “unpaid credit” which make ban you from getting any new credit for a certain time.

Indeed that’s what I’m talking about. In Belgium it seems consumers have no control over whether a creditor can access the central bank’s records. Apparently the central bank simply trusts that creditors are checking records in response to an application for credit. I would like to know if any EU countries make use of an access code so consumers can control which creditors can see their records.

Do any credit reporting agencies in Europe give consumers control over creditors access? in c/europe@feddit.de
[–] freedomPusher@sopuli.xyz 0 points 8 months ago* (last edited 8 months ago) (2 children)

I don’t mean to imply anything about scoring, but certainly there must be some kind of mechanism to expose bad debtors to lenders.

In Belgium, there are no private credit bureaus but there is a central bank. Belgian banks are obligated to report loan defaults and cash transactions to the central bank, and creditors are obligated to check the central bank’s records. Consumers have no way to control creditors access to their records in the central bank. It seems to be trust based. The central bank apparently trusts that a creditor is checking a consumer’s file in connection with an application for credit by the consumer.

20
Do any credit reporting agencies in Europe give consumers control over creditors access? (sopuli.xyz)
 

In the US, consumers can freeze their credit worthiness records and receive a code. When the records are frozen, the only orgs that can access the records are those already doing business with the consumer. If a consumer wants to open up a new account, they share the code with the prospective creditor who uses it to see the credit report.

So the question is, how are access controls on credit histories done in various EU nations? Do any use unlock codes like the US, or is it all trust based?

European Commission decided the US is safe from a privacy standpoint for data transfers (WTF?) in c/privacy@links.hackliberty.org
[–] freedomPusher@sopuli.xyz 4 points 8 months ago* (last edited 8 months ago)

I wasn’t aware of the “Privacy Shield”, but the article mentions that:

“In the Schrems II judgement, the CJEU raised several points regarding the U.S. intelligence agencies’ access to EU data. The EU-U.S. Data Privacy Framework tackles them and includes significant improvements compared to the mechanism having existed under the Privacy Shield.”

Found this and this to help me catch up on this.

(edit) in this doc I counted 81 “should”s and 33 “shall”s, to get an idea of the strength.

23
European Commission decided the US is safe from a privacy standpoint for data transfers (WTF?) (web.archive.org)
submitted 8 months ago* (last edited 8 months ago) by freedomPusher@sopuli.xyz to c/privacy@links.hackliberty.org
4 comments fedilink
 

cross-posted from: https://sopuli.xyz/post/14006758

Yikes.

“In the adequacy decision, the European Commission estimated that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union.” (emphasis added)

Does the EU disregard the Snowden revelations?

And what a missed opportunity. California state specifically has some kind of GDPR analogue, so it might be reasonable if CA specifically were to satisfy an adequacy decision, (still a stretch) but certainly not the rest of the country. Such a move could have motivated more US states to do the necessary.

I must say I’ve lost some confidence and respect for the #GDPR.

You have ZERO financial privacy in c/privacy@links.hackliberty.org
Unemployment rate in Belgium (2020) in c/map_enthusiasts@sopuli.xyz
[–] freedomPusher@sopuli.xyz 1 points 8 months ago

Wish I could see it. www.onem.be seems to be dropping my packets.

You have ZERO financial privacy in c/privacy@links.hackliberty.org
[–] freedomPusher@sopuli.xyz 12 points 8 months ago* (last edited 8 months ago) (3 children)

“One more step…”

Nothing like a privacy abusing Cloudflare site to expose privacy abuse. If anyone has openly accessible Cloudflare-free links, or can post the info for the excluded people, plz post.

Ethical, easy-to-use and privacy-conscious alternatives to well-known software in c/foss@beehaw.org
[–] freedomPusher@sopuli.xyz 1 points 8 months ago

eclic.ro is an exclusive Cloudflare site just like change.org is. Exclusivity is obviously quite lousy for democracy. Better alternatives are here:

https://codeberg.org/swiso/website/issues/140

5
A national central bank is using Cloudflare -- risks? (sopuli.xyz)
submitted 8 months ago* (last edited 8 months ago) by freedomPusher@sopuli.xyz to c/privacy@links.hackliberty.org
0 comments fedilink
 

A national central bank that keeps track of bank accounts, credit records, delinquency, etc for everyone in the country has their website on Cloudflare. People are instructed to check their credit records on that site.

The question is: suppose you don’t use the site. Suppose you only request your records offline. What are the chances that Cloudflare handles your sensitive records?

I guess this might be hard to answer. I assume it comes down to whether to central bank itself uses their own website to print records to satisfy an offline request. And I assume it’s also a question of whether the commercial banks use the website of the central bank to feed it. Correct?

7
community.xmpp.net dead or tor-hostile? (community.xmpp.net)
submitted 8 months ago* (last edited 8 months ago) by freedomPusher@sopuli.xyz to c/isitdown@infosec.pub
3 comments fedilink
 

I’m just noticing this instance for the first time. Judging by the hostname, it’s a node that’s devoted to #XMPP chatter. But I cannot reach it. Getting timeouts from Tor. This could mean that they are down, or it could be that they block Tor in the rudest possible way (dropping packets).

To me, it’s a ghost node because I can reach a tiny cache of posts from !infosec@community.xmpp.net locally:

https://sopuli.xyz/c/infosec@community.xmpp.net

cc: @wintermute@feddit.de

1
Privacy comparison: Google location svcs vs Apple maps (www.scss.tcd.ie)
 

cross-posted from: https://sopuli.xyz/post/13155149

other people’s iPhones more intrusive than other people’s droids

According to the linked research, all iPhones are spying on everyone within Wi-Fi range. If your phone of any kind is squawking wi-fi, all in-range iPhones are grabbing various bits of data like your MAC address and the SSIDs your phone normally looks for (e.g. your home SSID) and reports that back to Apple along with time and location data. The same study could not say the same for Google. So other people’s iPhones are more of a privacy intrusion to you than other people’s droids.

your own iPhone is less intrusive than your own droid when navigating

However, another study shows an inversion between Apple and Google when it comes to what you own and use for navigation. If you use an iPhone for navigation, the iPhone will only send one or two BSSIDs near you to Apple’s server, and the server then floods you with detailed information about other possible BSSIDs around you and their position, so your own device computes your precise location, not Apple’s servers.

Whereas if you navigate using Google’s location services, your device feeds everything to Google and Google’s server does all the work, computes your precise location, and tells you. This is of course more intrusive because Google learns your precise location and time, and (IMO) is likely interested in whatever shop you might be in.

These two studies actually seem superficially contradictory. But there is a difference between ratting out other portable devices and reporting stationary devices.

free-world proponents might be able to exploit Apple for better nav

In any case, the take-away for people living in the free world: forget about using Google Location Services to improve your navigation if you do not want to feed Google your precise location. OTOH, there seems to at least be a theoretical possibility for people not pawned by tech giants to use Apple’s API to get better-than-GPS navigation. Though I suspect it would mean many people would have to share someone’s sacrificial Apple account or get burner accounts.

I’m always on the look out for ways to improve my shitty navigation on a deGoogled phone that’s limited to a slow energy hungry GPS receiver -- without feeding the baddies.

40
the wisdom of a Danish & German apartment buildings replacing coin-fed laundry machines with the cloud (yikes!) (sopuli.xyz)
submitted 8 months ago* (last edited 8 months ago) by freedomPusher@sopuli.xyz to c/europe@feddit.de
35 comments fedilink
 

cross-posted from: https://sopuli.xyz/post/13133455

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

  1. your coin gets stuck
  2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

  1. your internet service goes down
  2. the internet service of the laundry room goes down
  3. the website is incompatible with your browser
  4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
  5. you cannot (or will not) solve CAPTCHA
  6. the website rejects your IP address because it is a shared IP
  7. the payment processor rejects your IP address because it is a shared IP
  8. the bank rejects your IP address because it is a shared IP
  9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
  10. the accepted payment forms do not match your payment cards
  11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
  12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
  13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
  14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
  15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.
  16. (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?

2
☠ nano.garden dead (nano.garden)
 

Nano Garden was a node for the Nano cryptocurrency. There is was a “cashless society” community which is now a ghost community:

https://sopuli.xyz/c/cashless_society@nano.garden

I would normally say refugees should move to !cash@slrpnk.net, but it looks like there aren’t many refugees. It always was relatively dead. Which is a shame. There needs to be more people talking about the consequences of #forcedBanking.

1
the wisdom of a Danish & German apartment buildings replacing coin-fed laundry machines with the cloud (yikes!) (sopuli.xyz)
 

cross-posted from: https://sopuli.xyz/post/13133455

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

  1. your coin gets stuck
  2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

  1. your internet service goes down
  2. the internet service of the laundry room goes down
  3. the website is incompatible with your browser
  4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
  5. you cannot (or will not) solve CAPTCHA
  6. the website rejects your IP address because it is a shared IP
  7. the payment processor rejects your IP address because it is a shared IP
  8. the bank rejects your IP address because it is a shared IP
  9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
  10. the accepted payment forms do not match your payment cards
  11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
  12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
  13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
  14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
  15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?

1
the wisdom of a Danish & German apartment buildings replacing coin-fed laundry machines with the cloud (yikes!) (sopuli.xyz)
submitted 9 months ago* (last edited 9 months ago) by freedomPusher@sopuli.xyz to c/right_to_unplug@sopuli.xyz
0 comments fedilink
 

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

  1. your coin gets stuck
  2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

  1. your internet service goes down
  2. the internet service of the laundry room goes down
  3. the website is incompatible with your browser
  4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
  5. you cannot (or will not) solve CAPTCHA
  6. the website rejects your IP address because it is a shared IP
  7. the payment processor rejects your IP address because it is a shared IP
  8. the bank rejects your IP address because it is a shared IP
  9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
  10. the accepted payment forms do not match your payment cards
  11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
  12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
  13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
  14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
  15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?

1
(EU,Brazil,Cali) If a company or gov ignores your analog correspondence (fax or snail mail), use the GDPR to force them to say why (sopuli.xyz)
submitted 9 months ago* (last edited 9 months ago) by freedomPusher@sopuli.xyz to c/right_to_unplug@sopuli.xyz
0 comments fedilink
 

I’ve noticed that if you try to contact corp or gov offices the old fashioned way, they simply ignore you. They want to force you to use email or solve a CAPTCHA. The fix I have in mind is a tweak on this idea:

https://sopuli.xyz/post/12919557

but the first contact you make with an office need not even be GDPR¹ related. If you contact a gov or corp for any purpose and they ignore it, your next request can and should include an access request for records on how they handled your initial correspondence.

¹ GDPR isn’t the only game in town. Brazil and California supposedly have some privacy law similar to the GDPR which I assume includes a right of access. Hence why they were also mentioned in the title.

#fuckEmail

view more: next ›