coffeeClean

cross-posted from: https://infosec.pub/post/9936059

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

• Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
  • emergency apps (e.g. that dial 112 in Europe or 911 in the US)
  • banking apps
  • apps for public services (e.g. public parking)
  • others?
• (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
• (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

cross-posted from: https://infosec.pub/post/9930406

I have never used Facebook. I’m trying to understand the ways in which people are getting trapped in there. Obviously there is an addiction factor, but I’m more interested in how someone who is (hypothetically) immune to addiction might still be forced into #Facebook.

If someone needs Facebook to access something essential like healthcare, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

I don’t imagine that Facebook has an essential role in supporting people’s human rights. I assume most gov offices have a Facebook presence, but there is always a way to access the same services outside of FB, correct?

I can think of a couple situations where FB access is important to reaching something essential. E.g.

• A police department recovered stolen bicycles and announced that theft victims could visit the FB page of the police dept. to see if their bicycle appears in the photos. Non-FB users were blocked from the page and there was no other means to reach the photos. Effectively, non-FB users were denied equal access to public services.

• A Danish university has a Facebook page as well as just about every single student. Facebook was used exclusively to announce campus social events and even some optional classes. Students without FB were excluded. In a sense, they were being excluded from some aspects to public education, although strictly speaking the FB exclusive events were not required to obtain a degree.

• Regarding freedom of assembly, there is an activist group in my local area fighting for the right to be offline. I wanted to join the group, but their sole presence is on Facebook, ironically. So my freedom of assembly in this case is conditioned on being trapped in Facebook.

In any case, I would like to hear more examples of what essential information or services is compromised by leaving or neglecting to join Facebook.

#askFedi #Meta #walledGarden

cross-posted from: https://infosec.pub/post/9930406

I have never used Facebook. I’m trying to understand the ways in which people are getting trapped in there. Obviously there is an addiction factor, but I’m more interested in how someone who is (hypothetically) immune to addiction might still be forced into #Facebook.

If someone needs Facebook to access something essential like healthcare, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

I don’t imagine that Facebook has an essential role in supporting people’s human rights. I assume most gov offices have a Facebook presence, but there is always a way to access the same services outside of FB, correct?

I can think of a couple situations where FB access is important to reaching something essential. E.g.

• A police department recovered stolen bicycles and announced that theft victims could visit the FB page of the police dept. to see if their bicycle appears in the photos. Non-FB users were blocked from the page and there was no other means to reach the photos. Effectively, non-FB users were denied equal access to public services.

• A Danish university has a Facebook page as well as just about every single student. Facebook was used exclusively to announce campus social events and even some optional classes. Students without FB were excluded. In a sense, they were being excluded from some aspects to public education, although strictly speaking the FB exclusive events were not required to obtain a degree.

• Regarding freedom of assembly, there is an activist group in my local area fighting for the right to be offline. I wanted to join the group, but their sole presence is on Facebook, ironically. So my freedom of assembly in this case is conditioned on being trapped in Facebook.

In any case, I would like to hear more examples of what essential information or services is compromised by leaving or neglecting to join Facebook.

cross-posted from: https://infosec.pub/post/8864206

I bought a Silicondust HD Homerun back before they put their website on Cloudflare. I love the design of having a tuner with a cat5 port, so the tuner can work with laptops and is not dependent on being installed into a PC.

But now that Silicondust is part of Cloudflare, I will no longer buy their products. I do not patronize Cloudflare patrons.

I would love to have a satellite tuner in a separate external box that:

• tunes into free-to-air content
• has a cat5 connection
• is MythTV compatible

Any hardware suggestions other than #Silicondust?

catcatnya.com just gives a black page. Up, but broken, at least in my browser.

(update) browser issue. Downvoted myself on this to lessen the visibility although some may still find that interesting so I’ll let the thread live.

Images do not get mirrored from one Lemmy instance to another. Understandably so. But there is a harmful side effect: if SourceNode is behind an access-restricted walled-garden and an image from that node is cross-posted to a DestinationNode that is not inside the same access-restricted walled-garden, then some readers on DestinationNode see posts where the image is inaccessible.

All variants of walled gardens are can trigger this problem but the most common is Cloudflare. So posts that contain images coming from instances like sh.itjust.works and lemmy.world are exclusive and do not include all people who infosec.pub includes.

How can this be fixed?

1. infosec.pub could defederate from all Cloudflare nodes. This would prevent CF pawns from pushing exclusive content onto infosec.pub, but infosec.pub users could probably still post links to the exclusive venues.
2. infosec.pub could block just cross-posts from CF nodes that contain images.
3. infosec.pub could mirror images when the image is in a known exclusive walled garden.
4. infosec.pub could accept posts that contain images in walled gardens and then immediately hide those posts. Perhaps a bot could populate a community designated for exclusive walled gardens with links to hidden posts so users not excluded by the walled garden can still reach the content.

Some of those options might require changes to lemmy code.

cross-posted from: https://infosec.pub/post/9382315

I have had no problem using VOIP over #protonVPN until recently. Connections happen but there is no audio. Anyone notice this?

I wondered if maybe they decided to make VOIP a non-free feature, but their premium plans do not list VOIP as an extra feature.

This may be an instance-specific problem because I’ve had no problem editing posts on other instances. When I try to exit the title and body of this post, I click save (or whatever) and without error it behaves as if my change was accepted.

Most instances take a minute or two to re-render the screen to show my updates. If the wait is long, I sometimes do a hard refresh to make sure the change got accepted (and if I don’t do that and I do another update, the old content populates the form and causes the recent edit to be lost).

Anyway, with infosec.pub my edits on the above-mentioned post just take no effect, confirmed by a hard-refresh showing no change.

What happens if an app uses UDP instead of TCP (or both UDP and TCP), and you use the torsocks wrapper script? Would the UDP connections all leak without the Tor user knowing?

I simply make a GDPR request. Write to a Tor-hostile data controller making an Article 15 request for a copy of all your data. Also ask for a list of all entities your data is shared with.

The idea is that if a website blocks Tor (or worse, uses Cloudflare to also share all traffic with a privacy offender), then they don’t give a shit about privacy. So you punish them with some busy work and that busy work might lead to interesting discoveries about data abuses.

Of course this only works in the EU and also only works with entities that have collected your personal data non-anonymously.

tested from tor. Also reported down by downinspector.com.

BTW, downinspector.com is the only Cloudflare-free service of its kind, but it’s notable that noscript reports XSS scripting attempts via Google.

(edit) it came back online yesterday.

I bought a Silicondust HD Homerun back before they put their website on Cloudflare. I love the design of having a tuner with a cat5 port, so the tuner can work with laptops and is not dependent on being installed into a PC.

But now that Silicondust is part of Cloudflare, I will no longer buy their products. I do not patronize Cloudflare patrons.

I would love to have a satellite tuner in a separate external box that:

• tunes into free-to-air content
• has a cat5 connection
• is MythTV compatible

Any hardware suggestions other than #Silicondust?

#AskFedi