freedomPusher

When I tried to attach a jpg image to this post:

https://sopuli.xyz/post/6943637

I got:

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

These are the image details:

$ identify image.jpg
image.jpg JPEG 970x308 970x308+0+0 8-bit sRGB 17005B 0.000u 0:00.000

Why is there no respect for privacy by the Mint project? When documentation was jailed in Cloudflare’s walled-garden, I took people off Mint. Today I tried to visit the mint website to see if the Tor community is still being discriminated against. Things have worsened. Now the Mint landing page is in the restricted walled-garden of Sucuri.

I guess the qustion is, is there just a couple people in control of the website and docs, and no one else on the project notices? Is everyone working on Mint on-board with this?

The station Bruzz has both a DAB (211.648 MHz) and analog signal (98.80 MHz). The DAB signal rarely has enough strength/integrity for the tuner to play it. Sometimes it’s just really choppy, cutting out every ½ second. The FM signal is good enough.. a little static but it’s certainly tolerable, unlike DAB.

So the question: is DAB normally broadcasted from the same transmission point as analog for a given station?

3 ATM machines in Lille would not produce a note bigger than €50. Is that a nationwide limit or did I just choose the wrong ATMs? I tried a couple indoor ATMs. Since indoor machines are more secure some banks are more generous with denominations and quantity, but it did not seem to make a difference.

I also noticed there was no balance inquiry option. Is that also a nationwide limitation or does it depend on the bank?

(fr) 3 distributeurs automatiques à Lille ne produiraient pas un billet supérieur à 50 €. S'agit-il d'une limite nationale ou ai-je simplement choisi les mauvais distributeurs automatiques ? J'ai essayé quelques guichets automatiques intérieurs. Étant donné que les machines intérieures sont plus sécurisées, certaines banques sont plus généreuses en dénominations et en quantité, mais cela ne semble pas faire de différence.

J'ai également remarqué qu'il n'y avait pas d'option de demande de solde. Est-ce également une limitation nationale ou cela dépend-il de la banque ?

UPDATE

I took some surveys and got all different answers.

• banker 1: “I think there are a few ATMs in France that have notes bigger than €50 but they are quite rare / hard to find because people simply do not want bigger notes”
• banker 2: “Maybe other banks but certainly none of our ATMs will have anything bigger than €50”
• banker 3: “No banks France have anything bigger than €50; I do not know why”
• banker 4: “No banks France have anything bigger than €50 because no shops will accept notes bigger than €50”
• bartender: “If your bank card was issued by the same bank that owns the ATM, you will have the option to get bigger notes”

I’m annoyed by the lack of transparency. Bankers and the public should know the answer to that. Seems like secrecy is a #warOnCash tactic. Big notes are important if someone wants to clear out their account so it seems they are trying to prevent a run on the banks.

The bartender also made some interesting points about cash:

• All shops in France are legally obligated to accept cash and they are not obligated to accept electronic payment. But some shops break that law.
• Buses do not (or cannot) accept cash because it slows down movement but you can always buy a ticket from a machine using cash.

cross-posted from: https://sopuli.xyz/post/6076984

Belgian municipalities have started forcing people to use web browsers to interact with public services. That’s right. It’s no longer possible to reach a variety of public services in an analog way in some Belgian regions. And for people willing to wrestle with the information systems being imposed, it also means cash payment is now impossible when a service requires a fee. The government is steam-rolling over elderly people who struggle with how to use technology along with those who only embrace inclusive privacy-respecting technology. These groups are apparently small enough to be marginalized without government reps worrying about lost votes.

Hypothetically, what would happen if some Amish villages existed in Belgium? I ask because what’s being imposed would strongly go against their religion. Would the right to practice religion carry enough weight to compel the government to maintain an offline option even if it’s a small group of Amish? If yes, would that option likely be extended to everyone, or exclusive to the Amish?

In answering this question, this seems to be relevant:

GDPR Art.7(3):

…It shall be as easy to withdraw as to give consent.

^ If you can no longer login to easily withdraw consent because they started blocking your connection, Art.7(3) would apparently be unsatisfied.

EDPB Guidelines 01/2022 pg.21 ¶53:

The EDPB encourages the controllers to provide the most appropriate and user-friendly communication channels, in line with Art.12(2) and Art.25, to enable the data subject to make an effective request.

^ Blockades against platforms, tools, mechanisms that users rely on would seem to be “user-unfriendly”, though it’s unclear if their meaning of “user friendly” is broad enough to have this interpretation.

EDPB Guidelines 01/2022 pg.23 ¶63:

The controllers must implement or re-use an authentication procedure in order to ascertain the identity of the data subjects requesting their personal data or exercising the rights granted by the GDPR.

^ Creating new access restrictions would seem to fail to re-use the original authentication procedure.

Data controllers often tend to start blocking Tor and/or VPNs spontaneously without warning. That seems to violate the rules of informed consent. That is, the data subject consented to the processing of their data by website A, but when website A made a significant material change (i.e. blocking Tor/VPNs), it effectively changes the deal the data subject thought they were consenting to. EDPB Guidelines 05/2020 pg.23 ¶110 seem to capture this:

There is no specific time limit in the GDPR for how long consent will last. How long consent lasts will depend on the context,the scope of the original consent and the expectations of the data subject. If the processing operations change or evolve considerably then the original consent is no longer valid. If this is the case, then new consent needs to be obtained.

So IIUC, the data controller must warn you before blocking your access to their service and give you a chance to withdraw your consent. This assumes we can interpret the IT infrastructure of the data controller as part of the “processing operations”.

I get the feeling the EDPB has not exactly nailed the scenario of Tor/VPN blockades, so we are left with picking through scraps somewhat out of context to get an idea of how this would go in court.

Are there any more relevant decisive guidelines from the EDPB that I’ve missed?

TMC is a broadcast of traffic information which usually uses an FM signal. These protectionist countries encrypt the data:

• #Australia
• #Finland
• #Germany
• #Italy
• #Norway
• #Sweden

That’s fucked up, is it not? Shouldn’t publicly funded information be open to the public? These countries provide unencrypted #TMC data:

• Estonia
• France

#openData

This app requires root but is not tagged as such:

http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/com.slash.batterychargelimit/index.html.en

Cannot report this bug via the official bug tracker for #Fdroid because the bug tracker is Cloudflare-jailed on github·com.

Belgian municipalities have started forcing people to use web browsers to interact with public services. That’s right. It’s no longer possible to reach a variety of public services in an analog way in some Belgian regions. And for people willing to wrestle with the information systems being imposed, it also means cash payment is now impossible when a service requires a fee. The government is steam-rolling over elderly people who struggle with how to use technology along with those who only embrace inclusive privacy-respecting technology. These groups are apparently small enough to be marginalized without government reps worrying about lost votes.

Hypothetically, what would happen if some Amish villages existed in Belgium? I ask because what’s being imposed would strongly go against their religion. Would the right to practice religion carry enough weight to compel the government to maintain an offline option even if it’s a small group of Amish? If yes, would that option likely be extended to everyone, or exclusive to the Amish?

cross-posted from: https://sopuli.xyz/post/5888507

Cloudflare blocking medical information

I was having some medical problems involving increasing pain coupled with a somewhat terrifying symptom. I did a web search to work out what I might be dealing with & whether going to the ER was essential or whether it was just a matter of pain tolerance. I use Tor for everything -- but especially for healthcare matters. It would be foolish to step outside of Tor and compromise sensitive medical data. Most of the search hits that looked useful were sites giving medical information from behind anti-tor firewalls, many of which are Cloudflare. My usual circumvention of using archive.org was broken. For some reason archive.org simply gives a “cannot connect” msg, lately. I get the impression archive.org has started blacklisting fingerprints of frequent users because changing browsers and window geometry often solves the problem.

I found one article saying the need for ER is really just a matter of pain but I would have liked to see more articles saying the same thing. During my search which was mostly thwarted by an enshitified tor-hostile web, the pain intensified to a point where I simply had to go to the ER.

Security nannying interferes with family comms

I’m only connected to my family over Wire & XMPP. The iPhone version of the xmpp app my family uses drops the ball on notifications, so #XMPP was effectively a black hole. (This is possibly a defect in the iPhone system and may not even be an app-specific issue.. an honest bug regardless)

The #Wire app developers decided at some point that my AOS version was unacceptable so they coded a self-destruction mechanism in the app. The incompetence of their nannying manifested into a mostly broken app. If someone msgs me on Wire, the app shows just as much text of each msg that fits on the notifications screen in one line. Effectively, the first 5 or so words on inbound msgs and no way to see the whole msg and no way to send an outbound msg of any kind.

So I could not notify my family due to #securityNannying. There are often cases where a developer appoints themselves as an authority on security and decides for everyone (who they effectively perceive as children) whether the user’s unknown security model is compatible with the level of security the app gives. E.g. a typical manifestation of security nannying is when a project removes an encryption algorithm because they arbitrarily think it’s too old. Too weak for what use-case? They cannot know all the ways the tool is used. Sometimes the two endpoints are both on the LAN (or potentially over a sufficiently secure VPN tunnel), in which case app-level encryption is often not even needed. Yet a project will decide to nix an algo and two differing implementations lose interoperability. Why not have a popup warning and allow adults to make an adult decision as to whether the security circumstances are suitable for the situation?

Hospital staff insist on using Google

Anyway, in ER I’m asked for my email address by someone who handles finances. I supplied it without thinking (mind was elsewhere). When I got out of the hospital I did an MX lookup on her address before she could send a msg. Google! WTF… no, I do not consent to Google having a view of my health records. So before she sent anything I requested erasure of my email address and supplied my snail mail address (which she likely already had). She was supposed to followup with financial aid information. But she never did. I can only guess that her take was apparently that if I’m unwilling to make it easy on her by allowing her to use Gmail, then she’s not willing to cooperate on the financing situation.

Human rights

Healthcare and privacy (esp. privacy OF heath data) are both human rights. When we are forced to choose between two obviously human rights are not being protected.

Cloudflare blocking medical information

I was having some medical problems involving increasing pain coupled with a somewhat terrifying symptom. I did a web search to work out what I might be dealing with & whether going to the ER was essential or whether it was just a matter of pain tolerance. I use Tor for everything -- but especially for healthcare matters. It would be foolish to step outside of Tor and compromise sensitive medical data. Most of the search hits that looked useful were sites giving medical information from behind anti-tor firewalls, many of which are Cloudflare. My usual circumvention of using archive.org was broken. For some reason archive.org simply gives a “cannot connect” msg, lately. I get the impression archive.org has started blacklisting fingerprints of frequent users because changing browsers and window geometry often solves the problem.

I found one article saying the need for ER is really just a matter of pain but I would have liked to see more articles saying the same thing. During my search which was mostly thwarted by an enshitified tor-hostile web, the pain intensified to a point where I simply had to go to the ER.

Security nannying interferes with family comms

I’m only connected to my family over Wire & XMPP. The iPhone version of the xmpp app my family uses drops the ball on notifications, so #XMPP was effectively a black hole. (This is possibly a defect in the iPhone system and may not even be an app-specific issue.. an honest bug regardless)

The #Wire app developers decided at some point that my AOS version was unacceptable so they coded a self-destruction mechanism in the app. The incompetence of their nannying manifested into a mostly broken app. If someone msgs me on Wire, the app shows just as much text of each msg that fits on the notifications screen in one line. Effectively, the first 5 or so words on inbound msgs and no way to see the whole msg and no way to send an outbound msg of any kind.

So I could not notify my family due to #securityNannying. There are often cases where a developer appoints themselves as an authority on security and decides for everyone (who they effectively perceive as children) whether the user’s unknown security model is compatible with the level of security the app gives. E.g. a typical manifestation of security nannying is when a project removes an encryption algorithm because they arbitrarily think it’s too old. Too weak for what use-case? They cannot know all the ways the tool is used. Sometimes the two endpoints are both on the LAN (or potentially over a sufficiently secure VPN tunnel), in which case app-level encryption is often not even needed. Yet a project will decide to nix an algo and two differing implementations lose interoperability. Why not have a popup warning and allow adults to make an adult decision as to whether the security circumstances are suitable for the situation?

Hospital staff insist on using Google

Anyway, in ER I’m asked for my email address by someone who handles finances. I supplied it without thinking (mind was elsewhere). When I got out of the hospital I did an MX lookup on her address before she could send a msg. Google! WTF… no, I do not consent to Google having a view of my health records. So before she sent anything I requested erasure of my email address and supplied my snail mail address (which she likely already had). She was supposed to followup with financial aid information. But she never did. I can only guess that her take was apparently that if I’m unwilling to make it easy on her by allowing her to use Gmail, then she’s not willing to cooperate on the financing situation.

Human rights

Healthcare and privacy (esp. privacy OF heath data) are both human rights. When we are forced to choose between two obviously human rights are not being protected.

All libraries in #Brussels are closed on holidays and most of them closed on Sunday. Exceptionally, a few open on Sunday for just a 2 hour window so you can get a book and get out.

Even more exceptional is one branch in the city that is officially closed on Sunday but you can sign up for access all day. It’s not staffed but you can badge in and surveillance cameras record everything throughout. You cannot bring friends and have a duty to prevent tail-gating through the door. But it’s good to at least have the option. Otherwise it’d be quite annoying to have no access on Sunday. Most people get Sunday off so of course it’s the most interesting day to use the library.

Anyway, it’s cool that the Swedish library in that article was respected apparently despite no surveillance (I assume). If that were a regular thing I guess there would eventually be a bad apple.