(cross-posting is broken on links.hackliberty.org, so the following is manually copied from the original post)

When your bank/CU/brokerage demands that you login to their portal to update KYC info soloActivist to Privacy@fedia.io ·

In the past I have only seen PayPal spontaneously demand at arbitrary/unexpected moments that I jump their their hoops -- to login and give them more info about me. I reluctantly did what they wanted, and they kept my account frozen and kept my money anyway.

So I’ve been boycotting PayPal ever since. Not worth it for to work hard to find out why they kept my account frozen and to work hard to twist their arm to so that I can give them my business.

Now an actual financial institution is trying something similar. They are not as hostile as PayPal was (they did not pre-emptively freeze my account until I dance for them), but they sent an email demanding that I login and update my employment information (even though it has not changed). Presumably they will eventually freeze my account if I do not dance for them to satisfy their spontaneous demand.

I just wonder how many FIs are pulling this shit. And what are people doing about it? Normally I would walk.. pull my money out and go elsewhere. But the FI that is pushing KYC harassment has a lot of power because they offer some features I need that I cannot get elsewhere, and I have some stocks through them, which makes it costly/non-trivial to bounce.

I feel like we should be keeping a public database on FIs who pull this shit, so new customers can be made aware of who to avoid.

There is a common theme pushed by fanatics of capitalism that never dies: that a profit-driven commercial project ensures higher quality products than products under non-profit projects. Some hard-right people I know never miss the chance to use the phrase “good enough for government work” to convey this idea.

I’m not looking to preach to the choir here, but rather to establish a thread of scenarios that correspond to quality for the purpose of countering inaccurate narratives. This is the thread to share your stories.

In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.

Commercial software development

When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is too myopic to optimize for quality.

Non-commercial software development

Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet a deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline due to a competitive bidding process. #FOSS devs are free to gold-plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work.

I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.

Commercial software from a user PoV

Whenever I encounter a bug in commercial software there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost!). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the same bug I found, which is unlikely in complex circumstances.

Non-commercial software from a user PoV

Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.

cross-posted from: https://links.hackliberty.org/post/609883

This BBC interview has a #Cloudflare rep David Bellson who describes CF’s observations on internet traffic. CF tracks for example the popularity of Facebook vs. Tiktok. Neither of those services are Cloudflared, so how is CF tracking this? Apparently they are snooping on traffic that traverses their servers to record what people are talking about. Or is there a more legit way Cloudflare could be monitoring this activity?

There’s a widespread nuisance of shared e-scooters (which do not need to be locked) taking up bicycle stalls that cyclists need to lock their bikes. Are e-scooter platforms instructing users to use bicycle racks? Or are people doing that against policy?

Some banks will annually mail a paper “welcome” letter to all customers purely for the purpose of collecting bounced mail ultimately to verify if anyone has moved without telling them. The letters never state that’s the purpose.. they take that opportunity to talk about their service in arbitrary ways. Some banks even charge customers a fee for their cost in doing that. If you ask the banker about it they readily admit that it’s an address verification technique.

That’s it.. just a PSA so folks are aware, as it is a bit sneaky.

Some national postal services (e.g. USPS) sell your mail forwarding information which is how you get tracked to your new location by various entities even when you did not inform them of your new address. So obviously a good defensive measure is to never use the mail forwarding service. Select the entities you want to know your new address and inform them directly. But then to get some immunity to the sneaky trick in the 1st paragraph, perhaps give the next resident a stack of addressed envelopes and stamps and ask the next resident to ~~forward~~ (remail) for you.. or just ask them to trash your mail instead of returning it.

cross-posted from: https://links.hackliberty.org/post/454425

When I visit this post:

https://jlai.lu/post/2250911

the embedded short abstract intro to the article is “403 Blocked www.lecho.be” When I try visiting the link directly I get “403 bot detection”. This suggests that everyone who opens that thread independently visits that webpage by way of some javascript that’s not under the user’s control. If 1000 people open that thread, then 1000 separate fetches are made. That’s a poor design. The server could do that job just once and the results would be more reliable. As opposed to everyone getting different results.

This is also a #privacy #security bug. Someone who opens a thread does not necessarily intend to fetch the linked article. Non-tor users are under surveillance in some countries (e.g. the US, where Trump enacted law s.t. ISPs can collect data on users without consent). So they should have control over what sites they visit. Merely opening a thread is an abuse because it makes users actions instantly trackable. IOW, users share information with their ISP without their knowledge or control.

Note that the example thread shows the full text of the article because the author was diligent about copying it. But that’s not the general case.

#bug #lemmyBug

When I visit this post:

https://jlai.lu/post/2250911

the embedded short abstract intro to the article is “403 Blocked www.lecho.be” When I try visiting the link directly I get “403 bot detection”. This suggests that everyone who opens that thread independently visits that webpage by way of some javascript that’s not under the user’s control. If 1000 people open that thread, then 1000 separate fetches are made. That’s a poor design. The server could do that job just once and the results would be more reliable. As opposed to everyone getting different results.

This is also a #privacy #security bug. Someone who opens a thread does not necessarily intend to fetch the linked article. Non-tor users are under surveillance in some countries (e.g. the US, where Trump enacted law s.t. ISPs can collect data on users without consent). So they should have control over what sites they visit. Merely opening a thread is an abuse because it makes users actions instantly trackable. IOW, users share information with their ISP without their knowledge or control.

Note that the example thread shows the full text of the article because the author was diligent about copying it. But that’s not the general case.

#bug #lemmyBug

cross-posted from: https://links.hackliberty.org/post/285435

When a private sector company blocks Tor, I simply boycott. No private entity is so important that I cannot live well enough without them. But when a public service blocks Tor, that’s a problem because we are increasingly forced to use the online services of the public sector who have gone down the path of assuming offline people do not exist.

They simply block Tor without discussion. It’s not even clear who at what level makes these decisions.. could even be an IT admin at the bottom of the org chart. They don’t even say they’re blocking Tor. They don’t even give Tor users a block message that admits that they block Tor. They don’t disclose in their privacy policies that they exclude Tor.

Just a 403 error. That’s all we get. As if it needs no justification. Why is the Tor community so readily willing to play the pushover? Even the Tor project itself will not stand up for their own supporters.

The lack of justification is damaging because it essentially sends the message: “you Tor-using privacy seekers are such scum we don’t even have to explain why you are outcast. We don’t even have to ask permission to exclude you from participating in society” This reinforces the myth that Tor users are criminals and encourages non-criminal Tor users to abandon Tor, thus shrinking the Tor userbase. The civilized world has evolved to a point of realizing the injustice of #collectivePunishment. At best this is a case of punishing many because of a few. I say “at best” because I’m skeptical that a bad actor provokes the arbitrary denial of service.

When the question is publicly asked “why did service X start blocking Tor” answers always come as speculation from people who don’t really know, who say they were probably attacked.

cross-posted from: https://links.hackliberty.org/post/303031

These are the steps I take against companies who block Tor (e.g. a grocery store, bank, DNS provider.. whoever you do business with who have started using Cloudflare):

1. GDPR art.17 request to delete my email address & any other electronic means to reach me, but nothing else.
2. Wait 30 days for them to comply.
3. GDPR art.13 & 14 request to disclose all entities personal data was shared with + art.15 request for all my data (if I am interested) + art.17 request to erase all records. These requests are sent together along with criticisms for their lack of respect for privacy and human rights and shaming for treating humans like robots (if that’s the case).

The reason for step 1 & 2 is to neuter the data controller’s option to respond electronically so they are forced to pay postage. It’s a good idea as well because they would otherwise likely use Microsoft for email and you obviously don’t want to feed MS. It may be feasible to skip steps 1 & 2 by withdrawing consent to use the email address (untested).

A few people doing this won’t make a dent but there is a threshold by which a critical mass of requests would offset their (likely uncalculated) cost savings by arbitrarily marginalizing the Tor community. It’s a way to send a message that cannot be ignored.

cross-posted from: https://links.hackliberty.org/post/307315

Considering Sam Bankman-Fried claimed to practice #effectiveAltruism, and the fact that he makes substantial political donations, I thought we can validate to some extent whether his effective altruism is bogus or genuine. I thought this would be easily settled. If he favors democrats, he’s putting humanity above wealth & tyranny. If republicans, the altruistic claim can be easily dismissed.

It turns out #SamBankmanFried donated to democrats and republicans both. It’s unclear if the donations were equally effective for both parties, but interesting that he donated to dems in-the-clear while hiding donations to republicans. One of the notable donations went to a congressman who was most critical of cryptocurrency. So naturally he had to bribe that politician.

Dems were surprised to find that he also donated to republicans (and by his own admission!). Had he donated to both parties in transparency, recipients could see their opponent is also being fed and disregard the donation (i.e. give no preferential treatment). Seeing all the recipients would reveal if there were at least a consistent ideology or philosophy in play.

I have to conclude the political donations were likely all just to promote his own success. It does not completely nix the claim of effective altruism because he would argue it was purely a wealth accumulation endeavor as a precursor to effective altruism. But I have to say someone who is fully engaged in the idea of effective altruism would be irresistibly selective in who receives political contributions even at the cost of reduced wealth. A humanitarian would not be able to stomach the idea of financing a republican war chest.

You also have to figure that since he chose to make dem financing transparent and repub financing in the dark, he inherently gave republican recipients full view of it. That’s only viable if he donates much more to republicans who would see that he donates mere peanuts to the opponent for optics.

Considering Sam Bankman-Fried claimed to practice #effectiveAltruism, and the fact that he makes substantial political donations, I thought we can validate to some extent whether his effective altruism is bogus or genuine. I thought this would be easily settled. If he favors democrats, he’s putting humanity above wealth & tyranny. If republicans, the altruistic claim can be easily dismissed.

It turns out #SamBankmanFried donated to democrats and republicans both. It’s unclear if the donations were equally effective for both parties, but interesting that he donated to dems in-the-clear while hiding donations to republicans. One of the notable donations went to a congressman who was most critical of cryptocurrency. So naturally he had to bribe that politician.

Dems were surprised to find that he also donated to republicans (and by his own admission!). Had he donated to both parties in transparency, recipients could see their opponent is also being fed and disregard the donation (i.e. give no preferential treatment). Seeing all the recipients would reveal if there were at least a consistent ideology or philosophy in play.

I have to conclude the political donations were likely all just to promote his own success. It does not completely nix the claim of effective altruism because he would argue it was purely a wealth accumulation endeavor as a precursor to effective altruism. But I have to say someone who is fully engaged in the idea of effective altruism would be irresistibly selective in who receives political contributions even at the cost of reduced wealth. A humanitarian would not be able to stomach the idea of financing a republican war chest.

You also have to figure that since he chose to make dem financing transparent and repub financing in the dark, he inherently gave republican recipients full view of it. That’s only viable if he donates much more to republicans who would see that he donates mere peanuts to the opponent for optics.

After submitting an HTML sample in this post, #Lemmy gutted the content silently and destructively without telling me. The original text is totally lost and not recoverable. I only noticed because more than half the code was discarded.

This is terrible. It’s perhaps understandable that raw HTML might have security issues if it appears as-is, so of course the angle brackets should be automatically encoded as literals by the submission processing modules. The status quo is obviously a #LemmyBug because authors are not even warned about the destruction and given a chance to preserve their work. It just gets trashed.