To reach the particular law office which has become a specialist in this particular case, yes you are trapped because they use MS Outlook. There is no way to exchange email with them without involving MS.

Victims can use any lawyer, but any other lawyer will need to research the case (at the victim’s cost).

Self hosting would mean I could control account creation and make many burner accounts. But there are issues with that:

• If there are several burner accounts then the admin would have to make it easy for others to create burner accounts or else it would be evident that all the burner accounts are just the admin’s, which does not solve the aggregation problem. It introduces complexities because the DNS provider and ISP would have the identity of the self-hoster. One could onion host but that greatly narrows the audience.
• It does not solve the problem for others. Everyone who has the same need would then be needlessly forced to independently solve all these same problems.
• I do not have high-speed unlimited internet, so I would have to spend more on subscription costs.

I think it complicates the problem and then each author has to deal with the same. If it’s solved at the fedi API level, then the existing infrastructure is ready to work.

(edit) I recall hearing about a fedi client application that operates in a serverless way. I don’t recall the name of it and know little about how it works, but it is claimed to not depend on account creation on a server and it somehow has some immunity to federation politics. Maybe that thing could work but I would have to find it again. It’s never talked about and I wonder why that is… maybe it does not work as advertised.

Those do not obviate the use cases I have in mind. Secure drops are useful tools for specific whistle blowing scenarios. But they are not a one-size-fits-all tool.

I routinely use framadrop and then transmit the links to regulators or whoever I am targeting to act on a report. But what if the target audience is not a specific journalist or regulator but rather the entire general public? The general public does not have access to reports submitted to the Guardian’s dropbox or NYTimes’ dropbox. Those are exclusive channels of communication just for their own journalists. The report then only gets acted on or exposed if the story can compete with the sensationalisation level of other stories they are handling. If I’m exposing privacy abuses, the general public does not give a shit about privacy for the most part. So only highly scandelous privacy offenses can meet the profitable publication standards of Guardian and nytimes. The reports also cannot be so intense as to be on par with Wikileaks. There is a limited intensity range.

The fedi offers some unique reach to special interest groups like this one without the intensity range limitation.

NYtimes is also a paywall. So even if the story gets published it still ends up a place of reduced access.

They are great tools for some specific jobs but cannot wholly replace direct anonymous publication. Though I must admit I often overlook going to journalists. I should use those drop boxes more often.

(edit) from the guardian page:

Once you launch the Tor browser, copy and paste the URL xp44cagis447k3lpb4wwhcqukix6cgqokbuys24vmxmbzmaq2gjvc2yd.onion or theguardian.securedrop.tor.onion into the Tor address bar.

That theguardian.securedrop.tor.onion URL caught my attention. I did not know about onion names until now. Shame it’s only for secure drops.

Customers should take several proactive steps to protect their personal information and reduce potential risks: Be Wary of Phishing Attempts

Customers should rethink their stupid ass decision to use AT&T in the first place since it has been known for over a decade that AT&T is the most privacy abusive of all US telecoms, most notably their role in project Fairview (archive for clearnet users and wikipedia).

AT&T customers don’t give a shit about privacy. But I do have some sympathy for all the non-AT&T people who communicated with AT&T pawns.

BTW, the OP’s link avoids reclaimthenet’s shitty popup if proxied through 12ft.io:

https://12ft.io/https://reclaimthenet.org/nearly-all-at

Not sure it matters since the text is in the OP anyway… guess if someone wants to share it around.

Folks, FedEx has always been on the extreme right. Some basic facts:

• FedEx is an ALEC member (extreme right lobby and bill mill), largely as an anti-union measure
• FedEx founded by an ex military serviceman
• FedEx gives discounts for NRA membership (though I heard this was recently discontinued). NRA is obviously an extreme right org who also finances ALEC.
• During the NFL take-a-knee protest, FedEx is one of very few die-hard corps that refused to give in to the boycott. FedEx continued supporting the NFL against all the Black Lives Matter athletes taking knees and getting punished.
• FedEx ships shark fins, slave dolphins and hunting trophies. Does not give a shit about harm to animals (even when endangered) or environment.

I have been boycotting FedEx for over a decade. Certainly being pro-surveillance is fitting with their history and should not be a surprise to anyone who is aware of this background.

The only moral inconsistency is that FedEx has a reputation for not snooping on your packages and seems to be favored by people shipping contraband. But to find the consistency it’s just about the bottom line. They make no money by ratting out their customers who break the law. But installing a surveillance system on their trucks is probably yielding revenue for FedEx.

Sounds mostly reasonable… but I don’t see the alternate citizenship helping, unless you mean to go as far as renouncing because all FATCA regions (~130+ countries) look at the birthplace, not nationality, and you can never get a new birthplace. It’s probably hard to find a non-FATCA region where you can trust the banks. But indeed… getting your 4th amendment rights has come to extremes.

That makes some sense.

In my case I think I have credit that I’ve never actually used; and I think I’ve also put on their file that I am unemployed. So in principle consumers who either don’t care for the credit, or are happy to be in the highest risk category, they should not be harassed with this. I will just ignore it and see what happens.

I doubt it. It will probably show the clearnet address. I just now logged in via the onion, so this reply will be a test.

Replacement link to a privacy-respecting host:

https://www.blankrome.com/publications/us-department-commerce-publishes-proposed-rule-imposing-know-your-customer-and

This article seems to suggest the KYC rules only apply to foreign customers:

https://www.bankinfosecurity.com/commerce-proposes-rule-to-fight-foreign-cloud-cyber-threats-a-24219

but then you have to wonder how they will know you’re domestic without a bit of KYC on Americans as well.

BTW, a good way to find privacy-respecting links is to search using this service:

https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

That search tool will not return Cloudflare MitMd links.

Lawmakers have figured out they can circumvent 4A by forcing the private sector and external governments to do their surveillance. It worked for banking KYC and it worked for FATCA. The industry is apparently not worried at all about losing customers. And they won’t. To circumvent 4A, just outsource governance to a non-government entity.

Love the irony of being blocked from reading that article because I am anonymous and the #reclaimthenet hypocrits insist on using Cloudflare.

So I can only comment on the title and what the OP (apparently) copied. Judging by how the masses happily continue using banks who voluntarily abuse KYC by collecting more info than required, internet users will also be pushovers who give in to whatever KYC comes their way.

This policy will actually create victims. Just like GSM registration creates victims. In regions that require GSM registration phone theft goes up because criminals will steal a phone just for a live SIM chip. So KYC creates incentive for criminals to run their services from someone else’s PC.

Surely some of those captured faces are people in Europe, Brazil, and California, who would then be protected by GDPR, L…(something… forgot), and CCPA respectively.

Under the guise of reducing crime,

Woolworths has justified these measures as necessary for the purposes of security.

There is video surveillance, and then there is that extra intrusive step of facial recognition. They can have video without FR. They can submit video evidence to the police who can then use FR, if needed. They probably want to argue that they can block known shoplifters as they enter. But of course what they really want is to track who enters the shop, which products they look at, how long they gaze at promo ads, etc. Being able to preemptively strike without a crime, just a bad reputation, does not justify the intrusion to everyone else.

Food is essential. It’s not like some shitty smartphone shop or Amazon b&m store that people can boycott.

I’ve been out of the loop on games for a while but ReactOS may be worth a look.

The 1st ½ of your comment sounds accurate. But…

And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,

Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.

That all sounds accurate enough to me… but thought I should comment on this:

However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.

It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing – which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).

Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)

Nobody is disagreeing with you or saying your wrong

At least 10 people here believe Google/MS avoidance is “tinfoil hat” paranoia. It’s a stark disagreement on infosec principles. All responders in this thread (apart from 3 exceptions) come from privacy-hostile #Cloudflare instances including yourself. This crowd has little hope of taking privacy seriously.

However, it’s not really realistic to expect everyone to abandon the easy and useful tools that they’re comfortable with just to match your views, regardless of the ethics or logic involved.

You’re probably not going to sell anyone on an idea that requires discarding ethics and logic. That’s actually the crux of the problem. The problem exists because people disregard ethics and logic in pursuit of pragmatism.

You seem to be overlooking the fact that Google and MS are inherently exclusive choices. That is, if I try to connect to gmail-smtp-in.l.google.com, the connection is refused, full stop. Google is blocking me before I send the first packet. So you’re implying that I must go through Google’s hoops in order to not be “extreme”. IMO, that’s an extreme position to take. To expect people to go beyond the norms of established open standards to cater for the extra requirements and special needs of a monopolistic corporation. I must either rent an IP address that’s to Google’s liking at my own expense, or I must establish a contract with another third-party who I must then trust with a centralized view on all my outbound traffic. I’m not supporting that abuse and loss of freedom.

Ways that are beyond either the capabilities or desires of the average user.

You vastly underestimate the average user w.r.t to “capabilities”. You can scrap capability from your statement because the avg user can just as well use protonmail/tuta, or disroot.org, for example.

That leaves “desires”. Two people agree on how to correspond. The desire of someone to use one of the most unethical controversial corporations possible and in an insecure manner that exposes the data to a profitable extent in a privacy-lacking part of the world, and the other party has a higher privacy bar (and/or high moral bar), the party who must adapt is the one with the lower standards. It’s unreasonable to expect someone to lower their privacy standards or to lower their moral standards. If someone’s desire to support Google or MS trumps their desire to stay in touch, then the conversation isn’t worth it to them.

There is a rule of least privilege principle that seems to have escaped you. In the information security discipline, we do not need to justify security measures by default. It’s lack of security that calls for justification. If there were truly a capability problem, that would be reasonable rationale for reduced security. But it’s a phantom excuse. And “desire” is not an acceptable rationale for reduced security.

Your doubling down on the tinfoil claim was a failure simply because the security matter is least important of everything I’ve already said on this. But even if security were purely my sole rationale (as it is for some people), you are still calling the practice of basic well-established infosec principles tinfoil hattery. Pushing this culture of branding sound security practices as paranoia is a socially harmful move that you are partaking in.

That’s not the trade-off. Google has no opportunity to show me ads anyway. If alice@privacyrequired.com emails bob@gmail.com about a Taylor Swift concert, Google profits from information about both people. Even if Alice does not use Google services, Google’s file on bob shows he knows Alice and Alice is a TS fan. Then when bob searches for gifts, Google shows him TS t-shirts and profits from that. Conversations are two-ways, so when Bob responds to Alice Google learns directly about Bob, such as whether he’s a Swift fan. Alice’s msg therefore generated profitable data about Bob for Google, which potentially works against Alice’s boycott against Google.

That’s just the tip of the iceberg—

So when you say this is about “the ability to show you ads that are more relevant to your interests”, you and at least 5 others have wholly misunderstood the problem.

You don’t get how boycotts work. Using their products without compensating them doesn’t contradict opposition to feeding them. You don’t know what hypocrisy means. You could more easily argue that it’d be a hypocrisy to leave the PCs in a dumpster and allow e-waste to go to a landfill and pollute ground water against my beliefs. Even in regions where they dispose of PCs properly, I oppose destruction and recycling whenever reuse is an option.