freedomPusher

cross-posted from: https://sopuli.xyz/post/9861733

I would cast my drop-in-the-ocean vote if it didn’t require needlessly reckless disclosures. The question is- which states offer more privacy than others? These are some of the issues:

publication of residential address

It’s obviously fair enough that you must disclose your residential address to the election authority so you get the correct ballot. But then the address is public. WTF? I’m baffled that the voter turnout isn’t lower.

Exceptionally, Alaska enables voters to also supply a mailing address along with their residential address. In those cases, the residential address is not made public. But still an injustice as PO Boxes are not gratis so privacy has a needless cost.

Some states give the mailing address option exclusively to battered spouses. So if you are a victim of domestic abuse, you can go through a process by which you receive an address for the public voting records that differs from your residential address. Only victims of domestic abuse get privacy that should be given to everyone.

publication of political party affiliation

You are blocked from voting in primary elections unless you register a party affiliation, in which case you can only vote in the primary election of that party. A green party voter cannot vote in the democrat primary despite the parties being similar. The party you register in is public. So e.g. your neighbors, your boss, and your prospective future boss can snoop into your political leanings.

AFAIK, this is the same for all states.

publication of your voting activity (which is used for shaming)

Whether you voted or not is public. If you register to vote but do not vote, it’s noticed. There is a shaming tactic whereby postcards are sent saying “your neighbors the Johnsons at 123 Main St. voted early -- will you do your civic duty too? Note that the McKinneys at 125 Main St. have not voted; perhaps you can remind them?” They of course do this in an automated way, so non-voters know their neighbors are receiving postcards that say they did not partake in their civic duty.

forced disclosure to Cloudflare

These states force all voter registrations through Cloudflare:

• Arizona
• Florida
• Georgia
• Hawaii
• Idaho
• New York
• Ohio
• Rhode Island
• Washington

That’s not just public info, but everything you submit with your registration including sensitive info like DL# and/or SSN goes to Cloudflare Inc. Cloudflare is not only a privacy offender but they also operate a walled garden that excludes some demographics of people from access. Voters can always register on paper, but whoever the state hires to do the data entry will likely use the Cloudflare website anyway. So the only way to escape Cloudflare getting your sensitive info in the above-mentioned states is to not vote.

To add to the embarrassment, the “US Election Assistance Commission” (#USEAC) has jailed their website in Cloudflare’s walled garden. Access is exclusive and yet they proudly advertise: “Advancing Safe, Secure, Accessible Elections”.

solutions

What can a self-respecting privacy seeker do? When I read @BirdyBoogleBop@lemmy.dbzer0.com’s mention¹ of casting a “spoiled” vote which gets counted, I thought I’ll do that.. but then realized I probably can’t even get my hands on a ballot if I am not registered to vote. So I guess the penis drawing spoiled vote option only makes a statement about the ballot options. It’s useless for those who want to register their protest against the voter registration disclosures.

Are there any states besides Alaska that at least give voters a way to keep their residential address out of publicly accessible records?

1. it was mentioned in this thread: https://lemmy.dbzer0.com/post/8502419

I would cast my drop-in-the-ocean vote if it didn’t require needlessly reckless disclosures. The question is- which states offer more privacy than others? These are some of the issues:

publication of residential address

It’s obviously fair enough that you must disclose your residential address to the election authority so you get the correct ballot. But then the address is public. WTF? I’m baffled that the voter turnout isn’t lower.

Exceptionally, Alaska enables voters to also supply a mailing address along with their residential address. In those cases, the residential address is not made public. But still an injustice as PO Boxes are not gratis so privacy has a needless cost.

Some states give the mailing address option exclusively to battered spouses. So if you are a victim of domestic abuse, you can go through a process by which you receive an address for the public voting records that differs from your residential address. Only victims of domestic abuse get privacy that should be given to everyone.

publication of political party affiliation

You are blocked from voting in primary elections unless you register a party affiliation, in which case you can only vote in the primary election of that party. A green party voter cannot vote in the democrat primary despite the parties being similar. The party you register in is public. So e.g. your neighbors, your boss, and your prospective future boss can snoop into your political leanings.

AFAIK, this is the same for all states.

publication of your voting activity (which is used for shaming)

Whether you voted or not is public. If you register to vote but do not vote, it’s noticed. There is a shaming tactic whereby postcards are sent saying “your neighbors the Johnsons at 123 Main St. voted early -- will you do your civic duty too? Note that the McKinneys at 125 Main St. have not voted; perhaps you can remind them?” They of course do this in an automated way, so non-voters know their neighbors are receiving postcards that say they did not partake in their civic duty.

forced disclosure to Cloudflare

These states force all voter registrations through Cloudflare:

• Arizona
• Florida
• Georgia
• Hawaii
• Idaho
• New York
• Ohio
• Rhode Island
• Washington

That’s not just public info, but everything you submit with your registration including sensitive info like DL# and/or SSN goes to Cloudflare Inc. Cloudflare is not only a privacy offender but they also operate a walled garden that excludes some demographics of people from access. Voters can always register on paper, but whoever the state hires to do the data entry will likely use the Cloudflare website anyway. So the only way to escape Cloudflare getting your sensitive info in the above-mentioned states is to not register to vote.

To add to the embarrassment, the “US Election Assistance Commission” (#USEAC) has jailed their website in Cloudflare’s walled garden. Access is exclusive and yet they proudly advertise: “Advancing Safe, Secure, Accessible Elections”.

solutions

What can a self-respecting privacy seeker do? When I read @BirdyBoogleBop@lemmy.dbzer0.com’s mention¹ of casting a “spoiled” vote which gets counted, I thought I’ll do that.. but then realized I probably can’t even get my hands on a ballot if I am not registered to vote. So I guess the penis drawing spoiled vote option only makes a statement about the ballot options. It’s useless for those who want to register their protest against the voter registration disclosures.

Are there any states besides Alaska that at least give voters a way to keep their residential address out of publicly accessible records?

1. it was mentioned in this thread: https://lemmy.dbzer0.com/post/8502419

In the US banks are capturing the voices of their customers who contact their call centers for any reason. So if a USian vocally says something controversial they probably have no hope of anonymity if they called their bank in recent years.

Is the same thing not happening in Russia and Israel? An IDF soldier came on broadcast radio and criticized Israel, and a Russian citizen criticized Putin. Shouldn’t they be concerned about doxxing risks?

It would be reckless if the radio station did not disguise their voices, but I don’t get the impression their voices are being disguised. So I just wonder if voice disguising tech is so good at making the voice sound natural that it’s not detectable.

This is interesting but quite unfortunate. As individuals we often spot #GDPR infringements in situations where we are not a victim. The GDPR does not empower us to act with any slight expectation of getting results. There is no reporting mechanism and no remedial correction if the complainant’s own personal data was not mishandled. No Article 77 possibility.

Paragraph 2 page 3:

The GDPR does not explicitly define what constitutes a complaint but Article 77 gives a first understanding providing that “every data subject shall have the right to lodge a complaint (…) if the data subject considers that the processing of personal data relating to him or her infringes this Regulation”.

Page 4 examples of non-complaints:

• a suggestion made by a natural person that he or she thinks that a particular company is not compliant with the GDPR as long as he or she is not among the data subjects.

There is a hack but it’s purely the DPA’s discretion whether to act. From page 5:

The supervisory authority may act upon its own motion (ex officio), e.g., after being “informed otherwise of situations that entail possible infringements” 6 (e.g. by the press, another administration, a court, or another private company, a hint by a natural person which is however not a complaint within the meaning of Article 77).

So a natural person can tattle (tip off) the DPA but the DPA can simply ignore it. If the DPA feels like it, they can act on it as their own initiative (not under Art.77), which means the whistle blower can (and likely will) be kept out of the loop and in the dark. So such reports might as well be sent anonymously. And if it’s not a big interesting case (e.g. involving a tech giant), it’s probably unlikely a DPA will act.

Why this is a problem

I often want to engage with a data controller but their procedures demand irrelevant info in violation of data minimisation. In principle I should be able to use a corrective process to make the data controller compliant before I engage them. There is no useful mechanism unless a prospective data subject partakes in subjecting themself to a breach (self harm) before filing an Art.77 complaint.

I’m very grateful that #AnonymousOverflow exists and was already in place to give us refuge when #Stackexchange et al returned to #Cloudflare’s jail. I use this search service because it automatically integrates (SE→AO) replacement:

https://search.fabiomanganiello.com/search

A search led to this thread:

https://overflow.manganiello.tech/exchange/tex/questions/225027/how-to-create-new-font-which-is-thicker-version-of-computer-modern

The three links in the itemized links all point to Stackexchange, which puts the exclusion problem back in our face -- for those who are blocked from Cloudflare. Anonymous Overflow (AO) should eat its own #dogFood. Like the fabiomanganiello search service, AO should replace SE links with AO links within SE pages.

Yes, it may be a bit tricky because AO has a number of instances which go up and down. The onion ones are quite flaky. In principle, SE links should be replaced with the same instance the article is viewed on.

This #bug is posted here because the bug tracker is exclusively on MS #Github:

https://github.com/httpjamesm/AnonymousOverflow

Normally it’s possible to import comments into the Sopuli timeline by querying on URLs of external comments that are not yet local. Thereafter, it’s possible to interact with imported msgs.

But when I linked to an external comment (https://jlai.lu/comment/5309447) in this thread, and then later queried the URL of the comment, the search stops upon finding my own local mention of that comment. If the search feature is going to stop upon finding local results, then there needs to be a “go deeper” button, or an “import” button to give a means to import a comment.

As a consequence of this bug, I cannot reply to https://jlai.lu/comment/5309447 from Sopuli.

Also notable is if the search category is narrowed from “ALL” to “URL”, nothing results.

#LemmyBug

cross-posted from: https://sopuli.xyz/post/9076220

I posted this thread on jlai.lu. I got no replies as far as I could see from sopuli -- no notifications, and when I enter that thread there are still zero replies. But when I visit the thread on the hosting instance, I see a reply. This behavior is the same as if I were blocking that community -- but I am not.

When I search in sopuli for the direct link to the comment, the search finds it. And then I was able to forcibly interact with the comment.

I have to wonder how often someone replies to me and I have no idea because the response is hidden from me. This is a serious bug. Wholly unacceptable for a platform designed specifically for communication.

update 1 (another occurrence)

Here’s another thread with the same issue. Zero replies when I visit that thread mirror within sopuli, but 3 replies when visiting direct. I was disappointed that high-effort post got no replies. Now 2 months later I see there actually were replies. I will search those comment URLs perhaps in a couple days to interact. But I’ll hold off in case someone wants to investigate (because I think the act of searching those URLs results in copying the comments which could interfere with the investigation).

update 2 (subscription relevancy)

I was asked if I am subscribed to the community. Good question! The answer is no, so there’s a clue. Perhaps mentions do not trigger notifications if no one on the instance of the mentioned account is subscribed to the community. This could be the root cause of the bug.

I posted this thread on jlai.lu. I got no replies as far as I could see from sopuli -- no notifications, and when I enter that thread there are still zero replies. But when I visit the thread on the hosting instance, I see a reply. This behavior is the same as if I were blocking that community -- but I am not.

When I search in sopuli for the direct link to the comment, the search finds it. And then I was able to forcibly interact with the comment.

I have to wonder how often someone replies to me and I have no idea because the response is hidden from me. This is a serious bug. Wholly unacceptable for a platform designed specifically for communication.

update 1 (another occurrence)

Here’s another thread with the same issue. Zero replies when I visit that thread mirror within sopuli, but 3 replies when visiting direct. I was disappointed that high-effort post got no replies. Now 2 months later I see there actually were replies. I will search those comment URLs perhaps in a couple days to interact. But I’ll hold off in case someone wants to investigate (because I think the act of searching those URLs results in copying the comments which could interfere with the investigation).

update 2 (subscription relevancy)

I was asked if I am subscribed to the community. Good question! The answer is no, so there’s a clue. Perhaps mentions do not trigger notifications if no one on the instance of the mentioned account is subscribed to the community. This could be the root cause of the bug.

#LemmyBug

Kensanata’s mastodon-archive tool was originally working as expected to archive posts from eattherich.club. Then out of the blue one day it started printing this:

Loading existing archive: eattherich.club.user.bob.json
Get user info
Get new statusesTraceback (most recent call last):
00] STDIN                                           File "/usr/lib/python3/dist-packages/mastodon-archive/mastodon-archive.py", line 5, in <module>
▏
Seen 10 duplicates, stopping now.
Use --no-stopping to prevent this.
Added a total of 25 new items
Get new favourites    mastodon_archive.main()
                                               File "/usr/lib/python3/dist-packages/mastodon-archive/mastodon_archive/__init__.py", line 333, in main
             args.command(args)
                                 File "/usr/lib/python3/dist-packages/mastodon-archive/mastodon_archive/archive.py", line 148, in archive
▏
Seen 10 duplicates, stopping now.
Use --no-stopping to prevent this.
Added a total of 7 new items
Get bookmarks (this may take a while)    bookmarks = mastodon.bookmarks()
                                                                           File "<decorator-gen-59>", line 2, in bookmarks
                                                                                                                            File "/usr/lib/python3/dist-packages/mastodon/Mastodon.py", line 96, in wrapper
                                                                   raise MastodonVersionError("Version check failed (Need version " + version + ")")
        mastodon.Mastodon.MastodonVersionError: Version check failed (Need version 3.1.0)

The count of new items never resets to zero. It should go back to zero after every fetch, so this implies fetching no longer occurs (or at least it no longer finishes). The current version of eattherich.club is Mastdoon v4.2.5. Not sure if a version upgrade would be related. Other Mastodon instances do not have this issue.

The bug tracker is on MS Github, thus out of reach for me:

https://github.com/kensanata/mastodon-archive/issues

cross-posted from: https://sopuli.xyz/post/8936481

I would like to get to the bottom of what I am doing wrong that leads to black and white documents having a bigger filesize than color.

My process for a color TIFF is like this:

① tiff2pdf ② ocrmypdf ③ pdf2djvu

Resulting color DjVu file is ~56k. When pdfimages -all runs on the intermediate PDF file, it shows CCITT (fax) is inside.

My process for a black and white TIFF is the same:

① tiff2pdf ② ocrmypdf ③ pdf2djvu

Resulting black and white DjVu file is ~145k (almost 3× the color size). When pdfimages -all runs on the intermediate PDF file, it shows a PNG file is inside. If I replace step ① with ImageMagick’s convert, the first PDF is 10mb, but in the end the resulting djvu file is still ~145k. And PNG is still inside the intermediate PDF.

I can get the bitonal (bilevel) image smaller by using cjb2 -clean, which goes straight from TIFF to DjVu, but then I can’t OCR it due to the lack of PDF intermediate version. And the size is still bigger than the color doc (~68k).

#askFedi

update

I think I found the problem, which would not be evident from what I posted. I was passing the --force-ocr option to ocrmypdf. I did that just to push through errors like “this doc is already OCRd”. But that option does much more than you would expect: it transcodes the doc. Looks like my fix is to pass --redo-ocr instead. It’s not yet obvious to me why --force-ocr impacted bilevel images more.

I would like to get to the bottom of what I am doing wrong that leads to black and white documents having a bigger filesize than color.

My process for a color TIFF is like this:

① tiff2pdf ② ocrmypdf ③ pdf2djvu

Resulting color DjVu file is ~56k. When pdfimages -all runs on the intermediate PDF file, it shows CCITT (fax) is inside.

My process for a black and white TIFF is the same:

① tiff2pdf ② ocrmypdf ③ pdf2djvu

Resulting black and white DjVu file is ~145k (almost 3× the color size). When pdfimages -all runs on the intermediate PDF file, it shows a PNG file is inside. If I replace step ① with ImageMagick’s convert, the first PDF is 10mb, but in the end the resulting djvu file is still ~145k. And PNG is still inside the intermediate PDF.

I can get the bitonal (bilevel) image smaller by using cjb2 -clean, which goes straight from TIFF to DjVu, but then I can’t OCR it due to the lack of PDF intermediate version. And the size is still bigger than the color doc (~68k).

update

I think I found the problem, which would not be evident from what I posted. I was passing the --force-ocr option to ocrmypdf. I did that just to push through errors like “this doc is already OCRd”. But that option does much more than you would expect: it transcodes the doc. Looks like my fix is to pass --redo-ocr instead. It’s not yet obvious to me why --force-ocr impacted bilevel images more.

#askFedi

The flagship instance for Matrix demonstrates the use of Cloudflare, which was found to be necessary to defend against DoS attacks. This CaaC (Cloudflare-as-a-Crutch) design has many pitfalls & problems, including but not limited to:

• digital exclusion (Cloudflare is a walled garden that excludes some groups of people)
• supports a privacy hostile tech giant
• adds to growth and dominance of an oppressive force
• exposes metadata to a privacy offender without the knowledge and consent of participants
• reflects negatively on the competence, integrity, and digital rights values of Matrix creators
• creates a needless dependency on a tech giant

#CaaC needs to be replaced with a #securityByDesign approach. Countermeasures need to be baked into the system, not bolted on. The protocol should support mechanisms such as:

• rate limiting/tar pitting
• proof-of-work with variable levels of work and a prioritization of traffic that’s proportional to the level of work, which can be enabled on demand and generally upon crossing a load threshold.
• security cookie tokens to prioritize traffic of trusted participants

Sadly, #Matrix is aligned with another nefarious tech giant, and has jailed its project in Microsoft Github. And worse, they have a complex process for filing bugs/enhancements against the spec:

https://github.com/matrix-org/matrix-spec-proposals/blob/main/README.md

Hence why this bug report is posted here.