Self hosting would mean I could control account creation and make many burner accounts. But there are issues with that:
I think it complicates the problem and then each author has to deal with the same. If it’s solved at the fedi API level, then the existing infrastructure is ready to work.
(edit) I recall hearing about a fedi client application that operates in a serverless way. I don’t recall the name of it and know little about how it works, but it is claimed to not depend on account creation on a server and it somehow has some immunity to federation politics. Maybe that thing could work but I would have to find it again. It’s never talked about and I wonder why that is… maybe it does not work as advertised.
Those do not obviate the use cases I have in mind. Secure drops are useful tools for specific whistle blowing scenarios. But they are not a one-size-fits-all tool.
I routinely use framadrop and then transmit the links to regulators or whoever I am targeting to act on a report. But what if the target audience is not a specific journalist or regulator but rather the entire general public? The general public does not have access to reports submitted to the Guardian’s dropbox or NYTimes’ dropbox. Those are exclusive channels of communication just for their own journalists. The report then only gets acted on or exposed if the story can compete with the sensationalisation level of other stories they are handling. If I’m exposing privacy abuses, the general public does not give a shit about privacy for the most part. So only highly scandelous privacy offenses can meet the profitable publication standards of Guardian and nytimes. The reports also cannot be so intense as to be on par with Wikileaks. There is a limited intensity range.
The fedi offers some unique reach to special interest groups like this one without the intensity range limitation.
NYtimes is also a paywall. So even if the story gets published it still ends up a place of reduced access.
They are great tools for some specific jobs but cannot wholly replace direct anonymous publication. Though I must admit I often overlook going to journalists. I should use those drop boxes more often.
(edit) from the guardian page:
Once you launch the Tor browser, copy and paste the URL xp44cagis447k3lpb4wwhcqukix6cgqokbuys24vmxmbzmaq2gjvc2yd.onion or theguardian.securedrop.tor.onion into the Tor address bar.
That theguardian.securedrop.tor.onion
URL caught my attention. I did not know about onion names until now. Shame it’s only for secure drops.
Customers should take several proactive steps to protect their personal information and reduce potential risks: Be Wary of Phishing Attempts
Customers should rethink their stupid ass decision to use AT&T in the first place since it has been known for over a decade that AT&T is the most privacy abusive of all US telecoms, most notably their role in project Fairview (archive for clearnet users and wikipedia).
AT&T customers don’t give a shit about privacy. But I do have some sympathy for all the non-AT&T people who communicated with AT&T pawns.
BTW, the OP’s link avoids reclaimthenet’s shitty popup if proxied through 12ft.io:
https://12ft.io/https://reclaimthenet.org/nearly-all-at
Not sure it matters since the text is in the OP anyway… guess if someone wants to share it around.
Folks, FedEx has always been on the extreme right. Some basic facts:
I have been boycotting FedEx for over a decade. Certainly being pro-surveillance is fitting with their history and should not be a surprise to anyone who is aware of this background.
The only moral inconsistency is that FedEx has a reputation for not snooping on your packages and seems to be favored by people shipping contraband. But to find the consistency it’s just about the bottom line. They make no money by ratting out their customers who break the law. But installing a surveillance system on their trucks is probably yielding revenue for FedEx.
Sounds mostly reasonable… but I don’t see the alternate citizenship helping, unless you mean to go as far as renouncing because all FATCA regions (~130+ countries) look at the birthplace, not nationality, and you can never get a new birthplace. It’s probably hard to find a non-FATCA region where you can trust the banks. But indeed… getting your 4th amendment rights has come to extremes.
That makes some sense.
In my case I think I have credit that I’ve never actually used; and I think I’ve also put on their file that I am unemployed. So in principle consumers who either don’t care for the credit, or are happy to be in the highest risk category, they should not be harassed with this. I will just ignore it and see what happens.
I doubt it. It will probably show the clearnet address. I just now logged in via the onion, so this reply will be a test.
Replacement link to a privacy-respecting host:
This article seems to suggest the KYC rules only apply to foreign customers:
https://www.bankinfosecurity.com/commerce-proposes-rule-to-fight-foreign-cloud-cyber-threats-a-24219
but then you have to wonder how they will know you’re domestic without a bit of KYC on Americans as well.
BTW, a good way to find privacy-respecting links is to search using this service:
https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/
That search tool will not return Cloudflare MitMd links.
Lawmakers have figured out they can circumvent 4A by forcing the private sector and external governments to do their surveillance. It worked for banking KYC and it worked for FATCA. The industry is apparently not worried at all about losing customers. And they won’t. To circumvent 4A, just outsource governance to a non-government entity.
Love the irony of being blocked from reading that article because I am anonymous and the #reclaimthenet hypocrits insist on using Cloudflare.
So I can only comment on the title and what the OP (apparently) copied. Judging by how the masses happily continue using banks who voluntarily abuse KYC by collecting more info than required, internet users will also be pushovers who give in to whatever KYC comes their way.
This policy will actually create victims. Just like GSM registration creates victims. In regions that require GSM registration phone theft goes up because criminals will steal a phone just for a live SIM chip. So KYC creates incentive for criminals to run their services from someone else’s PC.
Surely some of those captured faces are people in Europe, Brazil, and California, who would then be protected by GDPR, L…(something… forgot), and CCPA respectively.
Under the guise of reducing crime,
Woolworths has justified these measures as necessary for the purposes of security.
There is video surveillance, and then there is that extra intrusive step of facial recognition. They can have video without FR. They can submit video evidence to the police who can then use FR, if needed. They probably want to argue that they can block known shoplifters as they enter. But of course what they really want is to track who enters the shop, which products they look at, how long they gaze at promo ads, etc. Being able to preemptively strike without a crime, just a bad reputation, does not justify the intrusion to everyone else.
Food is essential. It’s not like some shitty smartphone shop or Amazon b&m store that people can boycott.
I’ve been out of the loop on games for a while but ReactOS may be worth a look.
The 1st ½ of your comment sounds accurate. But…
And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,
Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.
That all sounds accurate enough to me… but thought I should comment on this:
However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.
It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing – which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).
Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)
Nobody is disagreeing with you or saying your wrong
At least 10 people here believe Google/MS avoidance is “tinfoil hat” paranoia. It’s a stark disagreement on infosec principles. All responders in this thread (apart from 3 exceptions) come from privacy-hostile #Cloudflare instances including yourself. This crowd has little hope of taking privacy seriously.
However, it’s not really realistic to expect everyone to abandon the easy and useful tools that they’re comfortable with just to match your views, regardless of the ethics or logic involved.
You’re probably not going to sell anyone on an idea that requires discarding ethics and logic. That’s actually the crux of the problem. The problem exists because people disregard ethics and logic in pursuit of pragmatism.
You seem to be overlooking the fact that Google and MS are inherently exclusive choices. That is, if I try to connect to gmail-smtp-in.l.google.com
, the connection is refused, full stop. Google is blocking me before I send the first packet. So you’re implying that I must go through Google’s hoops in order to not be “extreme”. IMO, that’s an extreme position to take. To expect people to go beyond the norms of established open standards to cater for the extra requirements and special needs of a monopolistic corporation. I must either rent an IP address that’s to Google’s liking at my own expense, or I must establish a contract with another third-party who I must then trust with a centralized view on all my outbound traffic. I’m not supporting that abuse and loss of freedom.
Ways that are beyond either the capabilities or desires of the average user.
You vastly underestimate the average user w.r.t to “capabilities”. You can scrap capability from your statement because the avg user can just as well use protonmail/tuta, or disroot.org, for example.
That leaves “desires”. Two people agree on how to correspond. The desire of someone to use one of the most unethical controversial corporations possible and in an insecure manner that exposes the data to a profitable extent in a privacy-lacking part of the world, and the other party has a higher privacy bar (and/or high moral bar), the party who must adapt is the one with the lower standards. It’s unreasonable to expect someone to lower their privacy standards or to lower their moral standards. If someone’s desire to support Google or MS trumps their desire to stay in touch, then the conversation isn’t worth it to them.
There is a rule of least privilege principle that seems to have escaped you. In the information security discipline, we do not need to justify security measures by default. It’s lack of security that calls for justification. If there were truly a capability problem, that would be reasonable rationale for reduced security. But it’s a phantom excuse. And “desire” is not an acceptable rationale for reduced security.
Your doubling down on the tinfoil claim was a failure simply because the security matter is least important of everything I’ve already said on this. But even if security were purely my sole rationale (as it is for some people), you are still calling the practice of basic well-established infosec principles tinfoil hattery. Pushing this culture of branding sound security practices as paranoia is a socially harmful move that you are partaking in.
That’s not the trade-off. Google has no opportunity to show me ads anyway. If alice@privacyrequired.com
emails bob@gmail.com
about a Taylor Swift concert, Google profits from information about both people. Even if Alice does not use Google services, Google’s file on bob shows he knows Alice and Alice is a TS fan. Then when bob searches for gifts, Google shows him TS t-shirts and profits from that. Conversations are two-ways, so when Bob responds to Alice Google learns directly about Bob, such as whether he’s a Swift fan. Alice’s msg therefore generated profitable data about Bob for Google, which potentially works against Alice’s boycott against Google.
That’s just the tip of the iceberg—
Human rights are important. Embodied therein (among other principles) the Charter of Fundamental Rights of the EU, Article 8 states:
As you can see from reading this thread, most people irrationally believe these human rights constitute paranoia and tinfoil hattery. My opposition to mass surveillance is not borne out of fear that my data will be used against me personally, but rather an objection to arbitrary systemic collection that comes at the detriment of some people (e.g. abortion seekers) and ultimately disempowers people.
To have privacy is to have control over information about you. Security from harmful disclosure is only a small component of the utility of privacy. There is a tendency for normies to fixate on that and think that is the sum total purpose of privacy. Having control is also about choosing who gets to profit from your data. It’s about having a right to boycott harmful entities.
Google and Microsoft sabotaged the email infrastructure by imposing rules outside of RFC 5321. Up until the 2000s you could send an email to anyone so long as you comply with the open standards expressed in RFCs. The monopolistic tech giants saw an opportunity to take more market share and reduce their costs by introducing restrictions on email that exclude people who are self-serving. They leveraged spam fatigue to coerce people to conform to non-RFC proprietary reqs in addition to already already having a dominant market share (corp greed has no limits).
I reject Google and Microsoft dictating terms that breaks the purpose of open standards (interoperability). Every time you send an email to or from Google or MS servers, you give your support for corporate dictatorship.
So when you say this is about “the ability to show you ads that are more relevant to your interests”, you and at least 5 others have wholly misunderstood the problem.
You don’t get how boycotts work. Using their products without compensating them doesn’t contradict opposition to feeding them. You don’t know what hypocrisy means. You could more easily argue that it’d be a hypocrisy to leave the PCs in a dumpster and allow e-waste to go to a landfill and pollute ground water against my beliefs. Even in regions where they dispose of PCs properly, I oppose destruction and recycling whenever reuse is an option.
To reach the particular law office which has become a specialist in this particular case, yes you are trapped because they use MS Outlook. There is no way to exchange email with them without involving MS.
Victims can use any lawyer, but any other lawyer will need to research the case (at the victim’s cost).