Network Neutrality and Digital Inclusion

cross-posted from: https://slrpnk.net/post/24727683

The fediverse w/the activitypub API sell itself as being decentralised, but it’s actually just neutral. It merely enables decentralised forums to coexist with centralised venues. The Lemmy implementation in particular does nothing to proactively promote decentralisation or counter concentrations of power.

When the software is not designed to steer toward decentralisation, centralisation persists because the network effect is left uncountered. The current stats prove that a mass majority of users and their activity are subject to the concentrated power of a few, which ultimately singularly falls under the power, oversight, and competency of the biggest walled garden in the world: Cloudflare Inc, in the US.

Calling Lemmy “neutral” is overly generous, in fact. When the stock Lemmy web client is queried for communities, it prioritises the giant centralised communities in top rankings of the search results. It’s no better than Google, where Cloudflare also dominates the top slots in web search results. This exacerbates the network effect by cattle-herding people toward increased centralisation.

Lemmy ranks decentralised communities at the bottom. And in some cases the ranking is so low that it’s out of reach when cross-posting. The cross-post mechanism forces a search for the target community, and that search does not support entry of the address of the community that includes the domain. When the list is so long it exceeds the pulldown window length, it’s out of reach.

Yes, we know centralisation is not their deliberate goal. Lemmy developers fear that newcoming novices would unwittingly post in a ghost town without strategically cross-posting and then become immediately discouraged by minimal engagement, and from there bounce back to Twitter or wherever they came from. But it must be realised that the mass nannied steering they have resorted to has cultivated centralisation that defeats the founding purpose of the fedi.

cross-posted from: https://slrpnk.net/post/24598576

The state of the fedi superficially parallels what Eric S. Raymond articulated in the 1990s on software construction. There are two models for digital community building within the fediverse. The intent was a decentralised bazaar whereby power is well dispersed, with no single entity excessively wielding disproportionate power. Activitypub was designed to enable the bazaar model to exist, but it neglects to curtail the antithetical model that anarchy-minded folks want to escape: the cathedral.

The hope and expectation was simply that builders of giant monolithic cathedrals would have no interest in the fedi; that they would want their empire to take the conventional path of walling themselves off. Fedi founders did not envision ambitions for power would emerge within the fedi. Who would have predicted that Facebook would decide to compromise its garden walls in exchange for influence over a quite small population? Or that Cloudflare’s centralized walled garden would be exploited to supercharge disproportionate growth by node operators intent on using the network effect to concentrate power? These kinds of technofeudal actors have traditionally vied for absolute power without attempting to cannabalise and occupy a fair structure to then coexist with.

Fedi founders thought the federate/defederate option would sufficiently control for actors who would work against the vision of the bazaar. This blunt tool relies heavily on the demographic of relative pseudo anarchists being larger than it is.

I think it was Kensanata (Alex Schröder) who notably stressed what I regard as a true dichotomy, the sentiment of which was something to the effect of:

you can simply go where the people are, or you can go where the platform and tech is well-designed.¹

The former are utilitarians and the latter are deontologists who find other people (though far fewer) that share the same understanding and appreciation of structures that feature resistance to tyranny. The separation is comparable to anarchists (at heart) seeking out a small freedom-rich niche away from the ivory tower cathedral.

The bazaar (decentralised) segment of the fedi comes at the cost of utility, as principles of digital ethics trump the instant gratification of a large audience. The sacrifice is not in vain. It’s made with an expectation that wisdom will spread and sustain. Though it seems clear that the cathedral will always exist and perhaps always enjoy dominance of the majority who serve it (are pawned by it).

There is a noteworthy contrast from Raymond’s C&B essay. Raymond likens the bazaar to “selfish agents” attributed to “utilitarian” Linux hackers under the idea that Linus harnesses their egos collectively (“egoboo”). Whereas in the fediverse of community builders, it is the selfish agents unwilling to compromise time and convenience who fill the cathedrals, baited by heavily populated communities.

Raves and Burning Man started off small and great; rich in culture, before rapid growth diluted the subculture and commercialisation did what it does. The natural response is to “take it underground” to try to restore the original greatness.

The fedi has passed that inflection point. We have LW serfs popping into */c/privacy communities to heckle whoever they perceive as “paranoid”, or worse, deliver a lecture on privacy (from Cloudflare). There is a profound and somewhat ironic number of CF cathedral folks making way into digital rights types of communities, not seeing the starkness of which would be comparable to Donald Trump appearing at a reggae festival, or an AOL user in the 1990s stepping into an engineering usenet newsgroup.

So here’s a fun search result:

🌩 lemmy.world🌩|decentralization 🌩 kbin.earth🌩|decentralize ⚠lemmy.ml/c/decentralized

There are just 3 communities specifically for decentralisation chatter and they are all on centralised hosts. It’s actually useful that they exist in those places from an outreach standpoint. But it’s likely being overly generous to assume they exist for outreach to those who need to be reached.

Anyway, going forward we need tools and datasets with metrics. The metrics currently serve the utilitarian who simply looks for the most exposure of their content without regard to the ethics underpinning decentralisation. Metrics that serve the bazaar would have to measure degree of power centralisation.

¹ paraphrased - not an exact quote

cross-posted from: https://slrpnk.net/post/24512484

(The pic is sample output for an arbitrary query on “vegan vege pesc”. Irrelevant side note: there is no free-world venue for pescatarians.. just one in L/W that scrolled off the screen)

CF

The federation is not wholly decentralised, obviously, when giant centralised fiefdoms like Facebook “Threads”™ and Cloudflare hook in their technofeudal variety of oppressive infra and abuse their power.

Each post submission begins with finding a relevant venue for the content and it must be consistent with my sense of ethics. Cloudflare is automatically nixed because it’s inherently centralised in a walled garden (regardless of the user count for any given node). CF is a non-starter for an open, free, and fair society (fair implying power balance, equality, transparency, etc).

My script queries the catalog of communities for relevant venues. It still prints the Cloudflare walled garden because it’s useful to see what names match my regex queries, which sometimes helps form a better query. It’s the only thing #LemmyWorld is good for (a shit-ton of community names with redundant variations of the same subject matter). Those results are in red, tagged with a thundercloud (🌩 ), and printed first (because when they scroll off the terminal I don’t typically care to scroll up to see them).

non-CF

CF is not the only issue. Some non-CF nodes are centralized due to uncontrolled growth to disproportionately large sizes. I don’t cancel them hard-and-fast like CF nodes, but they get treated with low “last resort” favorability. They have the warning symbol (⚠) and are in yellow.

Is my math decent?

My script began by filtering on total user count. Then I realised dead or dormant users probably should not count because such users don’t really contribute to a node’s disproportionate power over a population. It’s active users that matter. But if the number of active users in a day are filtered on, that’s too dynamic for deciding where my post can live for a month or however long it is relevant. So I took the users_active_half_year count. Is that sensible?

What constitutes an “active” user, simply logging in, or commenting?

The line is drawn at 2 standard deviations above the average -- after tossing outliers. Nodes with less than 5 active users in ½ a year are likely 1-person nodes which do not influence the average. The average is around 320 active ½yr users per node. The standard deviation is ~702 users. My statistical competence is rusty for sure, but I’m a bit bothered by a standard deviation that’s more than double the mean. Seems like a variation so wild it should perhaps be disregarded. Nonetheless, I opted to flag nodes that exceed ~1724 users_active_half_year.

The pseudocode looks like this:

avg=$(sqlite3 "$db" 'select round(avg([counts.users_active_half_year])) from node_tbl where tags not like "%cloudflare%" and [counts.users_active_half_year] > 4')
variance=$(sqlite3 "$db" 'select avg(([counts.users_active_half_year] - subtbl.aua) * ([counts.users_active_half_year] - subtbl.aua)) as var from node_tbl, (select avg([counts.users_active_half_year]) as aua from node_tbl where tags not like "%cloudflare%" and [counts.users_active_half_year] > 4) as subtbl where tags not like "%cloudflare%" and [counts.users_active_half_year] > 4;')

sqlite3 "$db" "select case when baseurl in (select baseurl from node_tbl where [counts.users_active_half_year] > $avg+sqrt($variance)*2) then '$yellow⚠' else '$cyan' end||baseurl||'$reset',name from community_tbl where (name like '%${1}%' or desc like '%${1}%') and baseurl not in (select baseurl from node_tbl where tags like '%cloudflare%') order by baseurl,name"

Code is ugly because sqlite does not have a stdev builtin function.

My other thought is to cut slack for closed nodes because at least they are expected to shrink. To list the possible figures to filter on, this is a record for lemmy.ml (the biggest non-Cloudflare node):

record for lemmy.ml

url = https://lemmy.ml/ baseurl = lemmy.ml name = Lemmy desc = A community of privacy and FOSS enthusiasts, run by Lemmy’s developers downvotes = 1 nsfw = 1 create_admin = 0 private = 0 fed = 1 version = 0.19.12 open = 1 usage.users.total = 54790 usage.users.activeHalfyear = 4201 usage.users.activeMonth = 2125 usage.localPosts = 167331 usage.localComments = 818559 counts.site_id = 1 counts.users = 54790 counts.posts = 167331 counts.comments = 818559 counts.communities = 4608 counts.users_active_day = 947 counts.users_active_week = 1496 counts.users_active_month = 2125 counts.users_active_half_year = 4201 icon = https://lemmy.ml/pictrs/image/fa6d9660-4f1f-4e90-ac73-b897216db6f3.png banner = langs = ["all"] date = 2019-04-20T18:53:54.608882Z published = 1555786434000 time = 1751974533970 score = uptime.domain = lemmy.ml uptime.latency = 0.034 uptime.countryname = France uptime.uptime_alltime = 99.04 uptime.date_created = uptime.date_updated = 2021-10-29 15:09:21 uptime.date_laststats = 2025-04-11 21:03:25 uptime.score = 100 uptime.status = 1 isSuspicious = 0 metrics.usersTotal = 54790 metrics.usersMonth = 2125 metrics.usersWeek = 1496 metrics.totalActivity = 985890 metrics.localPosts = 167331 metrics.localComments = 818559 metrics.averageUsers = 50720.8825256975 metrics.biggestJump = 225 metrics.averagePerMinute = 0.02475 metrics.userActivityScore = 0.055574151274483 metrics.activityUserScore = 17.9939770031028 metrics.userActiveMonthScore = 25.7835294117647 tags = [] susReason = [] trust.lastCrawled = 1751974533970 trust.baseurl = lemmy.ml trust.metrics.usersTotal = 54790 trust.metrics.usersMonth = 2125 trust.metrics.usersWeek = 1496 trust.metrics.totalActivity = 985890 trust.metrics.localPosts = 167331 trust.metrics.localComments = 818559 trust.metrics.averageUsers = 50720.8825256975 trust.metrics.biggestJump = 225 trust.metrics.averagePerMinute = 0.02475 trust.metrics.userActivityScore = 0.055574151274483 trust.metrics.activityUserScore = 17.9939770031028 trust.metrics.userActiveMonthScore = 25.7835294117647 trust.users = 54790 trust.name = Lemmy trust.base = lemmy.ml trust.actor_id = https://lemmy.ml/ trust.tags = [] trust.guarantor = fediseer.com trust.endorsements = 17 trust.score = 598.1875 trust.reasons = [] blocks.incoming = 0 blocks.outgoing = 0 blocked = []

Some communities missing from the Lemmyverse DB - why?

Anyone know why some slrpnk.net communities are in the Lemmyverse DB, and some are not? E.g. why is !nolawns@slrpnk.net missing, despite many others from the same node that are included?

More importantly, what’s the fix apart from crawling all the nodes (which would probably be unwelcome)? Is there another open DB apart from Lemmyverse? There is fediverse.space and fediverse.observer, but they don’t appear to be sharing their data.

A lot of tech knowledge is jailed in #StackOverflow, #StackExchange. Too much. The tech world is very dependant on this single gate keeper. This week, freedom to access SE’s indispensible tech knowledge has been lost.

Timeline

• pre-2016: SE jailed itself inside Cloudflare
• ? - At some point SE became “openly” accessible and Cloudflare-free. But a massive #cookieWall blocked content and it was broken to a large extent. That is, in some browsers there was no way to get past the cookie wall.
• 2022 - #AnonymousOverflow was founded. This front-end platform made the cookie wall problem go away regardless of your browser and anonymity.
• 2023 - SE reverted back to Cloudflare, effectively making the need for AnonymousOverflow more dire; more important.
• This week - SE tunes the Cloudflare settings to aggressively block AnonymousOverflow instances, ultimately killing off free-world access to tech information.

A new fiber network provider drilled into the façades of private homes to run their cables, without consent, to save themselves the cost of digging. Their website was in Cloudflare’s exclusive walled garden -- which means they were drilling people’s façades who were not even necessarily in the included group who could get service.

So my friend hand-delivered a letter and got the receptionist to sign for it (thus can be recognised by a court). The letter objected to the use of their home to deploy a network that exclude everyone Cloudflare excludes, and also said something like “since you had no consent to drill my house and I explicitly object, I will detach your cable on date X. And unless you say otherwise, if you consent to my work then take no action. Your inaction will signal acceptance to my plans.”

The Internet carrier had to employ a lawyer to write a long strongly worded response citing laws and their right to drill people’s façades, which they then had to send using registered mail (these letters are not cheap).

That’s it. My friend did not actually go through with it. But it’s a bit of justice nonetheless because the Internet provider had to pay a lawyer then pay the reg. letter costs. Would be even better if a lot of people would react in this way and help pile on the costs.

Incidentally, the network carrier quit using Cloudflare. They did not state why, but it’s nice to think that it’s possible that they realised the injustice of being exclusive.

Just did a search using the most privacy respecting search service in the world:

ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion

Was quite disgusted to see a link to a sh.itjust.works thread in the results. It was rightfully low-ranking with a strike-through, which is how ombrelo treats Cloudflare sites. But still, ombrelo sources the results from the giants and that exclusive centralised shit is now polluting search results even more.

The linked “magazine” (community) is where Twitter & FB users can converge with non-Twitter & non-FB users to have their messages to their gov reps relayed. This is a hack to circumvent digital exclusion.

Folks just post whatever link they want to share without thinking. Then thousands of people have to grapple with some enshitified paywall or a shitty Cloudflare CAPTCHA. We need smarter users. It just takes one lazy/naive motherfucker to cause a lot of work for people collectively.

This is inspired by archive.org going down. The sole digital public library we have in the world is a hack around shared links to shitty servers -- servers that expect US to serve THEM. Servers that piss on their role as a /server/ and fail to serve us.

So here are some methods/rules that will make you a better contributor:

① Realize that the same story is often published by several sources. Whatever source you first encountered, it’s probably not decent. The web is designed to get the most enshitified page in front of you. Instead of spreading that garbage, go to Ombrelo:

https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

Search for the story there. Ombrelo will down-rank the exclusive Cloudflare garbage so the more inclusive links float to the top.

② Copy the whole text of the article into your post. This will become the most convenient and most accessible version of the article. Maybe not convenient for you but the reader’s convenience is more important (because there are thousands of them).

③ Don’t link archive.is. That’s just another shitty exclusive walled garden. Link to archive.org if it is online.

④ Don’t create an original thread on a Cloudflared community or you are just worsening the problem of jailing more content in an exclusive place. These are some of the mainstream shitty oppressive Cloudflare instances:

• lemmy.world
• lemm.ee
• sh.itjust.works
• lemmy.ca
• lemmy.zip
• aussie.zone
• lemmy.one
• lemdro.id
• programming.dev
• literature.cafe
• beehaw.org ← not Cloudflare, but Tor-hostile thus exclusive

Most people are ignorant and have no idea that by using those places they are jailing content in the worlds biggest centralized walled garden. Now that you know, you can choose more wisely. Use lemmyverse.net to find the community you’re after. And use the filter to nix the above nodes. If it does not show the community you need outside of the above giant walled garden, then create the community in the open free world. If you are desperate for visibility you can cross-post to those shitty places above. At least some of the subscribers in the walled garden will learn of your more free venue.

Follow the advice RMS gives to people who insist on feeding Facebook, but substitute the above Cloudflare list. Ensure everything you author is reachable somewhere in the open free world. Only show a minimal number of posts on Cloudflare-pawned or exclusive nodes. Keep in mind when you post to those places, you are feeding an oppressive corporation while blocking some demographics of your fellow human beings from access. That’s some fucked up boot licking when done knowingly.

⑤ If you want to link a youtube video, yikes. That sucks because (at least at the moment) the free world resources (Invideous) have been rendered dysfunctional by Google. But in the very least, you can copy the Youtube transcript into the body of your post. If you have the video up in Youtube, you can click into the transcript. I forgot how.. something like expanding the description then details, or some buried place. There is also https://www.tubetranscripts.com/

⑥ If you want to link a NY Times article, we’re all fucked.. plz don’t do it. Look for the story elsewhere. NYtimes has this onion: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/

which used to give full access to content, but now it’s as enshitified as the clearnet site. For BBC, there is:

https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/

I don’t recall if BBC’s onion is free-er. For medium.com, there is https://scribe.rip/ (many instances thereof). I suggest also searching here:

https://search.fabiomanganiello.com/search

That guy has gone to some trouble to do link replacements with better versions. Though i’m confused because he is no longer replacing Reddit links with mirrors.. wtf.

What’s going to happen in the EU is public spaces like libraries which already have wi-fi service are going unplug their wi-fi service and take this free wifi4eu option. Then only people who can get the special Google/Apple-only app will have wi-fi access.

So while the project falsely claims to favor digital inclusion, they will actually be making existing networks more exclusive.

When Google sabotages network neutrality by blocking Tor and Invidious instances, is it wise for the fedi to facilitate the sharing of #Youtube links?

Fedi instance operators would probably not tolerate links into Facebook’s walled-garden if people were to start polluting an otherwise open community with them. So Youtube links should probably be treated with contempt during periods where Google’s DoS attack is underway.

ecfr.gov used to be a decent source for looking up laws. When looking up the anti spam laws, the linked page is littered with links to an access-restricted Cloudflare site (www.govinfo.gov). The important parts of the law are missing from ecfr.gov. It’s common for various states to have this mom-pop shop competency level, but tragic and embarrassing that the US feds lack competency to the point of Cloudflare-dependency.

Often Cornell University publishes federal law and mitigates the embarrassment to some extent. But when looking up the CAN-SPAM law at Cornell, the Cornell law site redirects to another access-restricted Cloudflare site (www.gpo.gov).

There needs to be a fundamental high-level that requires all laws to be accessible to all people, not just people who Cloudflare is willing to give access to.

Yikes. As some Tor users may know, the UN drafted the Unified Declaration of Human Rights, which in principle calls for privacy respect and inclusion. That same UN blocks the Tor community from their website. Indeed, being denied access to the text that embodies our human rights is rich in irony.

Well that same UN plans to create a “Global Digital Compact” to protect digital human rights. It’s a good idea, but wow, they just don’t have their shit together. I have so little confidence that they can grasp the problems they are hoping to solve. Cloudflare probably isn’t the least bit worried. Competence prevailing, Cloudflare should be worried, theoretically, but the UN doesn’t have the competence to even know who Cloudflare is.

One quite annoying Lemmy behaviour is when you search for a community that has many results spanning multiple screens (e.g. query “software”), the list is largely clusterfucked with crappy centralised instances that go against the #fedi philosophy (e.g. #lemmyWorld, #ShItjustWorks, #lemmyCa, #LemmEE, #LemmyZip, #programmingDev, etc).

I discovered a fix: ctrl-rt-click on every community in the list to open each in a tab. Then click “block community”, then repeat the search. It works the way it should: blocked communities are excluded from search results.

Wish I realised that sooner.. would have saved me some effort and frustration in trying to search only for communities in the decentralised free world.

The problem:

Most #fedi authors post links with no idea if the hosting server discriminates against people, or who. The consequence is that the fedi is muddied with references to exclusive venues that do not treat people equally, which wastes the time of readers who are impacted by discrimination. A variety of walled gardens pollute our threadiverse experience. So how can we remedy this?

Proposed fix:

Suppose we create a community and designate it as a testing area which welcomes bots. So e.g. I post something in the test community, and a bot that is paywall-aware replies yes or no whether the link is paywall-free. A bot that is Cloudflare-aware does the same. A regional bot, such as a bot in Poland can check that Polish IP addresses can reach the URL and make noise if the website blocks Poland. Etc. It need not be just bots.. someone in some oppressed region might manually attempt to visit links and report access problems. We would certainly like a bot in a GDPR region to test whether access is refused on the basis of a data controller’s unwillingness to respect GDPR rules. The OONI project could have a bot that reports anything interesting in their database.

There could also be anti-enshitification bots, which point out things like cookie walls.

There are bots that find better links to replace Cloudflare links. Those bots could help direct authors to better URLs to share.

There could be a TL-DR bot that replies with a summary or even the full text, so an author can decide before posting in the target community whether to omit a shitty link and just post the content.

(update) It’s worth noting that for Mastodon there an ad hoc tool. If you follow @mg@101010.pl, that bot will follow you back and analyze every URL you share for whether it is Cloudflared. If yes, it will DM you with alternative URLs.

Note that the mitigator bot is quite loose it its judgement. If the host is not Cloudflared but another host on the same domain is Cloudflared, it is treated as a positive because it’s assumed that when you visit the host it will link to other hosts on the same domain.

The linked¹ #gemini article is the political platform of the French green party in Belguim w.r.t. digital rights. It was translated from French.

I’m overall impressed enough to vote for them. But I do have some concerns:

“At the Belgian level, we propose to establish a legal guarantee of 5 years for new electronic devices.”

Yikes, waaay too short. Needs to be at least 10 years. But it helps that they advocate FOSS:

“Generalize the ability to use free software on all devices to decrease software obsolescence.”

Though this statement is far too vague. If a maker of hardware with proprietary non-free software only gives 5 years of support, there needs to be a legal obligation that they port FOSS to the device at the end of the warranty. This is missing in the green party’s plan.

A lot of other things are missing in their plan, but generally their principles are sensible.

¹ (edit) actually it cannot be linked using the URL field due to a #LemmyBug. But at least it was linkable in the msg body.

Might be useful for some.. but note that it uses CF to get the CIDRs.

Mastodon used to show people the mirrored version of federated content which shielded users from Cloudflare’s discriminatory blockade. But something apparently changed. If I try to visit this mirror of a mastodonapp.uk status on layer8.space:

https://layer8.space/@tmmj@mastodonapp.uk/112387605497275701

it redirects to:

https://mastodonapp.uk/@tmmj/112387605489133663

which is apparently a shitty Cloudflare node that deceives us into thinking the account does not exist. If you are logged into the mirrored node, then it does not redirect and you can see the content. Of course, only if you have an account on the mirror which means anonymous viewing is no longer possible.

If I want to share that layer8.space link with other people, it would be an injustice to share the mastodonapp.uk link because it’s in a walled garden that excludes people. It would be like sharing a Facebook link with an audience that includes people outside of Facebook. So naturally I would share the layer8.space version because layer8.space allows all people to visit. But now this is impossible. Cloudflare’s stranglehold of control has been increased by this Mastodon move.

Worse, Cloudflare has started pushing error code 404, not 403. So CF is misrepresenting the error to suggest that the page does not exist. Cloudflare has carte blanche in fucking up the web. A 404 error is supposed to inform users that an object is not found, not that they are not authorised to access it.

The attached image is what Cloudflare-excluded people see when trying to visit this image:

https://files.mastodonapp.uk/media_attachments/files/112/387/580/865/787/635/original/f4442c8789ad52c2.png

When an image is posted by someone on a Cloudflared instance like the following:

• #LemmyWorld
• #ShitJustworks
• #LemmyCA
• #LemmyEE
• #LemmyZip
• #LemmyOne

the image is inaccessible to all demographics of people who Cloudflare discriminates against because images are not mirrored to federated nodes.

We expect corporations to not give a shit about marginising people who are not profitable enough to care about. But when naive asshole users outnumber progressive egalitarians, it highlights a problem with the fedi, which still lacks the tooling needed to keep oppression at bay.

The six listed nodes above effectively host the AOL users of our time. Lacking the sophistication needed to detect and grasp situations of eroded digital rights with a degree of blindness and lack of concern for centralised corporate control.

Suggestions needed for Lemmy nodes that are defederated from the above listed six.

cross-posted from: https://sopuli.xyz/post/11709471

Many political parties are allowing Cloudflare to block some demographics of voters from seeing election info on their own candidates. These political parties are running exclusive websites:

• PS/Vooruit (Socialist / Parti Socialiste [fr/nl])
• Défi (previously part of the MR, now more at the center [fr])
• CD & V (center / Christen Democratisch en Vlaams [nl])
• Groen (Green Party [nl])
• Open VLD (liberal [nl])

Effectively they are operating in an anti-democratic fashion. Open and inclusive access to election info is paramount to democracy.

The political parties who are running inclusive websites are (quite ironically) the right-wing parties. And funnily enough, some of the right-wing parties actually have an English version of their website as well. This defies their historic reputation as being relatively xenophobic. If voting purely on the basis of digital rights and digital inclusion fostered by their website implementation, the right-wingers are the clear winners here.

Voting left entails supporting parties that suppress election info from some demographics of people. Voting right is a non-starter on general principle (e.g. climate denial). Voting is mandatory but there is said to be a “none of the above” option.

(edit) OTOH, the French green party (ecolo.be) has an open website. Perhaps that’s a decent way to vote.

IMO this is a #netneutrality issue due to lack of access equality. People with old phones are discriminated against.

cross-posted from: https://infosec.pub/post/11021006

…
TLS-encumbered captive portal (transit service)

A transit service offered wi-fi but the network forcibly redirected me to a captive portal that triggers this error:

net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I tried a couple browsers and tried rewriting the https:// scheme as http:// but SSL redirect was forced consistently. The error apparently implies my phone’s browser can’t do TLS 1.3.

It seems like a shitty move for a transit service to require passengers to use TLS 1.3 just to tick a fucking box that says “I agree” (to the terms no one reads anyway). Couple questions:

• I’m generally in the /protect everything by default/ school of thought. But I cannot get my head around why a captive portal where people just tap “I agree” would warrant disclosure protection that could hinder availability. In reality, I don’t really know what the captive portal at hand requests.. maybe it demands people’s phone# or email, in which case it might make sense (though I would object to them collecting that info in a GDPR region in the 1st place).

• Is there a good reason for a captive portal to require TLS 1.3? It seems either the network provider does not trust their own network, or they’re simply incompetent (assumes everyone runs the latest phones). But if I’m missing something I would like to understand it.

I still have to investigate what limitation my browser has and whether I can update this whilst being trapped on an unrooted Android 5.

Bypass methods

I guess I need to study:

• ICMP tunnel (slow, but IIUC it’s the least commonly blocked)
• SSH tunnel
• others?

Are there any decent FOSS tools that implement the client side of tunnels without needing root? I have openvpn but have not tested to see if that can circumvent captive portals. I’ve only found:

• MultiVNC - VNC over SSH
• AVNC - VNC over SSH
• ConnectBot - Can all traffic be routed over this SSH tunnel, or just a shell session?
• VX ConnectBot - same as connectBot but expanded

I’m curious if the VNC clients would work but at the same time I’m not keen to bring in the complexity of then having to find a VNC server. Running my own server at home is not an option.

My to-do list of things to tinker with so far:

• Captive Portal Controller
• ~~CaptivePortalLogin~~ (AOS 6+, and no Izzy archives on this)
• Hotspot Login

Legal options

If a supplier advertises Wi-Fi but then they render it dysfunctional by imposing arbitrary tech requirements after consumers have already bought the product/service it was included with (coffee, train/bus/plane fare, etc), then they neglect to support it, doesn’t that constitute false advertising? Guess this is out of scope for the community but I might be ½ tempted to file false advertising claims with consumer protection agencies in some cases.

And when a captive portal demands email or phone number, it would seem to be a GDPR violation. Some public libraries make wi-fi access conditional on sharing a mobile phone number which then entails an SMS verification loop.

Some people think Cloudflare is not a “walled garden”. This article goes to a great extent to show not only that Cloudflare is a #walledGarden, but it’s actually more of a walled garden than the well known ones (Facebook & Google).

(⚠ Enshitification warning: The linked article has a cookie wall; just click “reject” and the article appears)

Google is ending the public access to the cache of sites it indexes. AFAICT, these are the consequences:

• People getting different treatment due to their geographic location will lose the cache they used as a remedy for access inclusion.
• People getting different treatment due to having a defensive browser will lose access.
• The 12ft.io service which serves those who suffer access inequality will be rendered useless.
• Google will continue to include paywalls in search results, but now consumers of Google search results will be led to a dead-end.
• The #InternetArchive #WaybackMachine will take on the full burden of global archival.
• Consumers will lose a very useful tool for circumventing web enshitification.

Websites treat the Google crawler like a 1st class citizen. Paywalls give Google unpaid junk-free access. Then Google search results direct people to a website that treats humans differently (worse). So Google users are led to sites they cannot access. The heart of the problem is access inequality. Google effectively serves to refer people to sites that are not publicly accessible.

I do not want to see search results I cannot access. Google cache was the equalizer that neutralizes that problem. Now that problem is back in our face.