evenwicht

joined 7 months ago
MODERATOR OF
law_us
text_ui
opendata
smartphone_required
email_required
beneficial_bots
email
digi_fiefdom_required
boycott
exclusive_public_resources
sorted by: new top controversial old
US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) in c/[email protected]
[–] [email protected] 2 points 1 hour ago (1 children)

Does your block screen look different than the attached snapshot?

CVS Is Turning Locked Shelves Into an Excuse to Make You Download Its App in c/[email protected]
[–] [email protected] 1 points 1 hour ago* (last edited 1 hour ago)

The article is jailed in Cloudflare’s walled garden, so for the excluded, this is the full text:

CVS Is Turning Locked Shelves Into an Excuse to Make You Download Its AppThe store is trialing a feature to let customers unlock cabinets with their phone. By AJ Dellinger Published January 28, 2025 | Comments (29)

CVS is finally willing to unlock the treasures that they have placed behind lock and key—so long as you’re willing to give the company an additional peak into your personal information. According to a report from the Wall Street Journal, the pharmacy giant is trying out a pilot program that will allow customers to unlock cabinets and shelves via the CVS app.

The program is currently being piloted in three stores as an attempt to ease some of the pain points that customers continue to experience in convenience stores that have grown increasingly inconvenient, requiring people to stand around waiting for an overworked staff member can come open up the deodorant lock box for them. If the trial proves successful, the company is planning on rolling the program out to 10-15 stores, with the ultimate goal of full-scale deployment across the country.

CVS’s new system for allowing customers to unlock common goods that have been put behind plexiglass will operate primarily through the company’s app. People hoping to actually be able to take things off the shelves like they would do in a normal store will have to download the CVS app and sign up for the company’s loyalty program. You’ll have to be logged into the app and connect to the store’s Wi-Fi, then enable Bluetooth connectivity on your device in order to activate the feature that allows you to unlock the cabinets. Shockingly, this is an improvement in convenience.

The introduction of the ability to unlock products in stores, in addition to being the solution to a problem that CVS caused all on its own, is part of a broader effort to shift more people into the CVS app ecosystem, where the company can farm data. The company has been trying to position itself at the center of peoples’ health, and last year it tapped Deloitte Digital to reimagine its mobile app in a way that more efficiently leverages user health information to serve them ads, offers, and just generally keep them locked into CVS.

Per The Journal, the company soon plans to load up the app with AI features, including “a search feature powered by generative AI.” Which is great, surely nothing bad will happen by allowing people to have their health questions answered by a machine known for hallucinating information.

US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) in c/[email protected]
[–] [email protected] 1 points 3 days ago* (last edited 3 days ago) (1 children)

That’s fair. I don’t really think it’s cloudflares fault though.

First of all you have to separate Cloudflare’s pre-emptive attack on Tor from that of other targets (VPN, CGNAT). The difference is that the Cloudflare patron is given control over whether to block Tor but not the others.

Non-Tor blocksCloudflare is of course at fault. CF made the decision to recklessly block whole groups of people based on the crude criteria of IP reputation associated to a member of the whole group. It would be like if someone was spotted shoplifting as they were running out the door, and security only got a glimpse of red hair. And then the store would refuse service to all people with red hair to make sure the one baddy gets blocked. It’s discriminatory collective punishment as a consequence of sloppy analysis.

Since it’s a feature that websites use to protect against bad actors and robots.

It’s an anti-feature because it’s blunt tool cheaply created by a clumbsy tech giant who has the power to bully and write-off the disempowered who they marginalize as acceptible collateral damage.

Tor blocksCloudflare defaults to harrassing Tor visitors with CAPTCHAs which are usually broken (because the CAPTCHA service CF hires is itself tor-hostile, but CF is happy because CF profits from the uncompensated labor from the captcha solutions). The CF patron can whitelist Tor or blacklist Tor (in addition to default shit show). DOGE proactively chose to blacklist the Tor community.

Defaults are important. Read about “the power of defaults” and how Google paid billions to Mozilla just to be a default search engine in the browser. The money speaks to that importance. CF is 100% responsible for the default state of their sites. Cloudflare (and CF alone) decide what the default setting is.

No one forces anyone to use cloudflare.

Exactly why someone using Cloudflare rightfully gets the blame for their shitty choice to use CF. Most particularly when it is a tax-funded service. At least in the private sector we have the option of walking. I will not use a CF website (even if Tor is whitelisted) - so they lose my business. But when public money is spent on CF who denies demographics of people who are entitled to the gov service, it’s an injustice because you cannot boycott gov services (you cannot get a tax refund if you are excluded).

US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) in c/[email protected]
[–] [email protected] 1 points 4 days ago* (last edited 3 days ago)

I wonder how that can best be expressed without overly cluttering the forum. The purpose of the forum is to track that, so it would be useful if someone would post lists of signficant or essential public resources that are in walled gardens. Maybe one thread for all of North Korea and a thread for Russia, .. Venezuala, etc. But note as well if Tor is blocked but not in a fiefdom (walled garden), then [email protected] is the best place to post them.

US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) in c/[email protected]
[–] [email protected] 0 points 4 days ago* (last edited 4 days ago) (2 children)

You confuse bandwidth and resources.

Bandwidth is a resource. Citations needed for claims to the contrary.

Bots are often the most impactful clients of any site, because serving an image costs virtually nothing.

Nonsense. Text compresses extremely well. Images and media do not in the slightest approach the leanness of text.

Try using the web through a 2400 baud modem. Or try using a mobile connection with a small monthly quota of like 3gb and no other access. You will disable images your browser settings in no time.

Generating a dynamic page is WAY more resource intensive.

Bots and humans both trigger dynamic processing, but bots and humans of text-based clients to a lesser extent because the bandwidth-heavy media is usually not fetched as a consequence and JavaScript is not typically fetched and executed in the first place.

US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) in c/[email protected]
[–] [email protected] 4 points 4 days ago* (last edited 4 days ago)

Should be” embarrassed and “caring” are two different things. Indeed they do not care about the embarrassment as this shitshow rolls out. If they cared, they would make corrections.

Just like Trump is an embarrassment to the country. He is too oblivious and cannot step outside himself to even know of the embarrassment he brings to the country.

In the case of DOGE, the embarrassment is only visible to the small segment of informed digital rights proponents. We should of course express the embarrassment to spread awareness.

US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) in c/[email protected]
[–] [email protected] 3 points 4 days ago* (last edited 4 days ago) (3 children)

I’m behind a CGNAT and I have never encountered any issues? And when I think about it I don’t believe I have noticed any issues with using VPN either.

All shared IPs have a propensity to face Cloudflare’s preemptive attack on them. Some people on VPNs and CGNAT face chronic CAPTCHAs and hostile treatment just like Tor users do. And some get lucky and escape the collective punishment. It’s a game of chance. If you happen to be on a subnet or IP range without any significant or notable bad actors, it’s quite possible that you don’t get targeted by Cloudflare. I’ve even seen public libraries that get harsh treatment by Cloudflare, likely because a bad actor used the library and ruined the library’s IP reputation.

Someone in this thread reports hostile treatment when they use Opera GX, which is a VPN service.

This article covers some of the groups of people excluded by Cloudflare.

18
(USA) Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL, but sad) (cyberplace.social)
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
0 comments fedilink
 

cross-posted from: https://lemmy.sdf.org/post/28580567

Love the irony and simultaneous foreshadowed embarrassment of Elon denying availability and service as a way to be more efficient.

The irony

Cloudflare enables web admins to be extremely bloated. Admins of Cloudflared websites have no incentive to produce lean or efficient websites because Cloudflare does the heavy lifting for free (but at the cost of reduced availability to marginalized communities like Tor, VPNs, CGNAT, etc). So they litter their website with images and take little care to choose lean file formats or appropriate resolutions. Cloudflare is the #1 cause of web inefficiency.

Cloudflare also pushes countless graphical CAPTCHAs with reckless disregard which needlessly wastes resources and substantially increases traffic bloat -- all to attack bots (and by side-effect text-based users) who do not fetch images and thus are the most lean consumers of web content.

The embarrassment

This is a perfect foreshadowing of what we will see from this department. “Efficiency” will be achieved by killing off service and reducing availability. Certain demographics of people will lose service in the name of “efficiency”.

It’s worth noting that DOGE is not using Cloudflare’s default configuration. They have outright proactively blacklisted Tor IPs to ensure hard-and-fast fully denied service to that demographic of people. Perhaps their PR person would try to claim CAPTCHA avoidance is efficient :)

The other embarrassment is that they are using Cloudflare for just a single tiny image. They don’t even have enough competency to avoid CF in the normal state & switch it on demand at peak traffic moments.

The discussion

More chatter here.

200
US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) (cyberplace.social)
submitted 4 days ago* (last edited 4 days ago) by [email protected] to c/[email protected]
23 comments fedilink
 

Love the irony and simultaneous foreshadowed embarrassment of Elon denying availability and service as a way to be more efficient.

The irony

Cloudflare enables web admins to be extremely bloated. Admins of Cloudflared websites have no incentive to produce lean or efficient websites because Cloudflare does the heavy lifting for free (but at the cost of reduced availability to marginalized communities like Tor, VPNs, CGNAT, etc). So they litter their website with images and take little care to choose lean file formats or appropriate resolutions. Cloudflare is the #1 cause of web inefficiency.

Cloudflare also pushes countless graphical CAPTCHAs with reckless disregard which needlessly wastes resources and substantially increases traffic bloat -- all to attack bots (and by side-effect text-based users) who do not fetch images and thus are the most lean consumers of web content.

The embarrassment

This is a perfect foreshadowing of what we will see from this department. “Efficiency” will be achieved by killing off service and reducing availability. Certain demographics of people will lose service in the name of “efficiency”.

It’s worth noting that DOGE is not using Cloudflare’s default configuration. They have outright proactively blacklisted Tor IPs to ensure hard-and-fast fully denied service to that demographic of people. Perhaps their PR person would try to spin this as CAPTCHA avoidance is efficient :)

The other embarrassment is that they are using Cloudflare for just a single tiny image. They don’t even have enough competency to avoid CF in the normal state & switch it on demand at peak traffic moments.

The microblog discussion

Microblog chatter here.

(USA) IRS website blocks tor users in c/[email protected]
[–] [email protected] 1 points 5 days ago* (last edited 5 days ago) (1 children)

Your continued failure to grasp the fact that the Tor community does not need server-side support is the main reason you have failed to understand why your main thesis has been defeated. Not understanding how Tor works to at least the most basic extent has ensured you’ve based everything in your position on misinformation (which most certainly comes from poor assumptions). Then you wonder why you think you see repititon as you repeat defeated claims because you don’t understand the facts that make your claims indefensible. Until you learn enough about To to realise there is no need for server-side support, you have no hope of even understanding the silly absurdity of your thesis.

(USA) IRS website blocks tor users in c/[email protected]
[–] [email protected] 1 points 6 days ago* (last edited 6 days ago) (3 children)

You’re just recycling defeated drivel. There are no new arguments here and unless you figure out how to attack the arguments that defeated yours, using sound logic, this drivel of personal attacks only exposes the weakness of your indefensible position further. Relying on rudimentary information sources like a general purpose dictionary is consistent with the lack of English nuance from which your misuse of terms and obtuse language manifests.

Your fixation on insults indicates no formal background in debate. You’ve used the most common logical fallacy (among others) while naming it to call out multiple situations where it did not apply. This shows you’ve picked up common buzz phrases without grasping them (implying ad hoc hot-headed cloud fights without basic formal debate training). In the very least you could benefit from studying logical fallacies and taking a debate class. But to be clear that will only improve the quality of your dialog, it won’t compensate for the infosec deficit. In any case, none of that is going to happen in time for you to dig yourself out of your embarrassing position in this thread.

US FCC exposes the public to several walled-gardens (FB, MS Github, Instagram, MS LinkedIn, Twitter, Google Youtube) -- Want a gov job? First you must register for a Microsoft account. in c/[email protected]
[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

Not sure what you mean by token agency. I know there was a tug-of-war under the various POTUS w.r.t netneutrality, and recall that a flood of letters under fake identites of individuals was sent to Congress opposing netneutrality (paid for by a coporate lobby who masqueraded as natural people to fool Congress).

Amid all those shenanigans, the FCC’s OIAC (Open Internet Advisory Committee) has always had a Comcast rep and a Cloudflare rep taking seats in discussions that should be against them. That stark corruption persisted through all administrations going at least 15 years back AFAIK.

Trump certainly opposed netneutrality and neutered the FCC the first time he was in office. And it’s important to notice that a huge shitshow is rolling out at the FCC as we speak. Trump is restructuring it to be weaponized against media outlets that criticize Trump -- when in fact it’s the purpose of the news media to criticize the gov.

9
US FCC exposes the public to several walled-gardens (FB, MS Github, Instagram, MS LinkedIn, Twitter, Google Youtube) -- Want a gov job? First you must register for a Microsoft account. (web.archive.org)
submitted 1 week ago* (last edited 6 days ago) by [email protected] to c/[email protected]
3 comments fedilink
 

A lot of gov services use the same shitty social networks. But it’s just a bit extra disgusting when the FCC uses them along with the not-so social platforms. It’s an embarrassment.

The FCC privacy policy starts with:

“The FCC is committed to protecting the privacy of its visitors.”

Fuck no they aren’t. And we expect the FCC in particular to be well aware of the platforms that would make their privacy claim a true statement.

In particular:

  • MS Github (98 repositories and maybe a bit strange that they are hosting UK stuff there.

  • MS LinkedIn: “Visit our LinkedIn profile for information on job openings, internships, upcoming events, consumer advice, and news about telecommunications.” ← At least it’s openly readable to non-members. But I clicked APPLY on an arbitrary job listing (which had no contact info) and I was ignored, probably for not having a LinkedIn account. Which is obviously an injustice. Anyone should be able to access government job listings without licking Microsoft’s boots.

  • Facebook: “Keep informed and engaged about consumer alerts, Commission actions and events.” ←Non-Facebook members cannot even view their page. And they are relying on it for engagement and consumer alerts.

  • Twitter: “Follow @FCC for updates on upcoming meetings, helpful consumer information, Commission blog postings, and breaking FCC and telecommunications news with links to in-depth coverage.” ← At least it’s openly readable to non-members. But despicable that non-Twitter users cannot engage with the FCC. It’s an assult on free speech in the microblogging context. If you don’t lick Elon’s boots and give Twitter a mobile phone number (which they have been caught abusing before twtr contractors were caught spying on old accts, which came before Twitter was breached [twice in fact]), you cannot microblog to your government.

  • YouTube: “Playback recorded webcasts of FCC events and view tutorials, press conferences, speeches and public service announcements on the FCC's YouTube channel.” ← One of the most atrocious abuses of public resources because Youtube is no longer open access. You cannot be on Tor, you cannot use Invideous. Due to recent extreme protectionism by Google, you are subject to surveillance advertising tied to your personal IP address.

Public money finances the FCC to make whatever videos the FCC produces. Since we already paid for the videos, they should be self-hosted by the FCC, not conditional upon entry into an paid-for-by-advertising walled garden with Google as a gatekeeper. It should be illegal to do that -- and we would expect the FCC to drive a just law in that regard. We would also expect the FCC to have the competency to either stand up their own peertube instance or simply put the videos on their website. People should be fighting that shit for sure.

What a shitty example they set for how government agencies should implement comms.

15
(USA) FCC main website blocks Tor users (but complaints site is open to all) (lemmy.sdf.org)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
0 comments fedilink
 

The main landing site for the FCC blocks Tor users with a 403. This means their contact page is also exclusive access, along with a number of otherwise pubilc access databases.

At least their consumer complaints site open to all, including those with a privacy complaint:

https://consumercomplaints.fcc.gov/hc/en-us

(metapost) Just created this group 1hr ago and already have 35 subscribers in c/[email protected]
[–] [email protected] 1 points 1 week ago

I am just now seeing your image because I normally have images disabled. So when I 1st saw your msg, I only saw “you are here” and didn’t understand what you were conveying. Colon needed! Thought you were saying i would be a human subscriber.

Wow, that’s a clean inbox you keep!

Github isn't a fully walled garden though in c/[email protected]
[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

It’s worth noting that this forum is an attempt to collect cases where essential public interaction is forced into a walled garden. It’s perhaps rare that a government would force the general public to connect to MS Github. I should probably clarify that on the sidebar.

It’s also worth noting that the EU has a public git instance which they self-host. So it implies that there is a reasonable chance that a gov would push Github onto people.

(update: just noticed the FCC exposes the public to Github)

46
11 US states now have laws comparable to the GDPR: California, Utah, Colorado, Connecticut, Virginia, Iowa, Indiana, Tennessee, Montana, Texas and Florida (www.whitecase.com)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
1 comments fedilink
 

But note from the article that Florida’s law is almost useless due to being exteremly narrow in the scope of who must comply. It only applies to tech giants, generally. E.g., generally must “Derive 50 percent of its global gross annual revenue from the sale of advertisements online”. That gets a lot of data abusers off the hook. It is said to be modeled after Virginia.

This Florida rule might be interesting:

Mandatory Disclosures for Search Engines. The FDBR requires search engines to provide easily accessible descriptions of the main parameters used to determine the rankings of search results, "including the prioritization or deprioritization of political partisanship or political ideology in search results." In addition, search engines must disclose the relative importance and influence of the main parameters on the search results.

So I wonder if you VPN tunnel to Florida to perform a search, how many search engines give this info which they perhaps withhold outside FL?

15
fun: you can shape text using the cutwin package. So e.g. you can write a complaint letter such that the outline of the text is a middle finger. (lemmy.sdf.org)
 

It’s a slightly labor intensive because for each line of text you have to specify an endpoint.. but it’s managable enough. Also worth considering is Inkscape, which has a function to flow text into a shape.

It would be fun to collect some templates for re-use. E.g. if someone wants to complain about the corrupt tyrant who just took power (the most powerful office in the world) a couple days ago, a middle finger would be appropriate for that sort of thing.

50
(FL) Florida state blocks Tor users from access to legal statutes (lemmy.sdf.org)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
12 comments fedilink
 

It’s one of the ugliest most undignified forms of service refusal. They just simply drop packets from Tor. Not even enough courtesy to send a 403 forbidden. So visitors are left guessing whether the website is down, slow, or giving deliberate mistreatment. People then have to try different browsers with different timeout thresholds to investigate.

There is no apparent mirror or alternative site hosting Florida statutes. Archive.org has a cache of some laws but FL state gets zero credit for that.

(update) in fact there are two state sites for legal statutes and both block tor:

I would love it if someone would successfully argue in court “sorry I broke that law but I could not inform myself of the law because every time I tried to reach the state’s website for statutes it just timed out” -- and get away with it.

49
(USA) IRS website blocks tor users (lemmy.sdf.org)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
32 comments fedilink
 

Indeed the IRS website blocks Tor users from accessing tax information, as if tor users don’t need tax information. Important legal guidance exists on irs.gov, so it’s obviously an injustice to block people from becoming informed about their rights and obligations.

(edit)
What’s the fix? Would it be effective to make a FOIA request on paper so the IRS must send the info on paper via USPS? Or would that require compensation to offset their burden?

26
boycott the GOP and Trump by boycotting ALEC members (AmEx, Anheuser Busch, Boeing, Bose, Chevron, FedEx, Motorola, Sony, … etc) (lemmy.sdf.org)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
3 comments fedilink
 

Inspired by acquisition of power yesterday by a corrupt tyrant and his possie of xenophobic chronies, people should be reminded that the voting is not over because you can vote in the consumer market every day for the next 4 years. Everyone in the world can participate in this voting process (despite ALEC’s effort to reduce democracy).

ALEC¹ is the extreme right lobby and bill mill. This org writes bills for Congress conservatives to:

  • reduce environmental protection and neuter the EPA
  • fight immigration, push xenophobia
  • proliferate and privatize prisons
  • privatize education
  • reduce public healthcare
  • reduce tax regs (individual & corp)
  • neuter the CFPB
  • suppress voting (e.g. tightening id rules)
  • weaken labor unions
  • reduce gun control
  • mask corporate tampering in politics

They have a close hand-in-hand relationship with the NRA and they finance republican war chests.

These are some of the well-known ALEC members, all of whome I boycott:

  • AmEx (American Express)
  • Anheuser Busch
  • Boeing ← also rampant safety scandals
  • Bose
  • Century Link
  • Charter Communications
  • Chevron ← also caught financing the cloakroom project to hide meetings between republican politicians and corporations; also uses AI from Microsoft to find oil
  • Farmers/Foremost
  • FedEx ← also known to ship shark fins, hunting trophies, and slave dolphins
  • Geico
  • LMG (Liberty Mutual/Safeco)
  • Marlboro (Philip Morris)
  • Motorola ← also equips the Israeli Defense Forces
  • Nationwide Insurance
  • PNC bank
  • Sony ← also caught using GPL code in their DRM code
  • State Farm
  • Texaco
  • TimeWarner (Spectrum)
  • UPS

Most of these ALEC members finance ALEC particularly for its anti-union lobby. But it’s a package deal. They finance thw whole of ALEC and all its activity.

There was also a “grab your wallet” project to track all Trump’s assets for boycotting Trump directly, but I don’t know if that’s being updated anymore. There is a link to a google docs spreadsheet (yikes!) but I think it’s a decade old by now.

¹American Legislative Exchange Council

64
(history) Google removes app that helps people boycott pro-Israel companies (edit: Google is said to have reversed their action) (www.newsweek.com)
submitted 2 weeks ago* (last edited 1 week ago) by [email protected] to c/[email protected]
8 comments fedilink
11
To give a sense of how integrated the Israeli lobby is into US law and society, two of my friends have an anti-BDS clause baked into their lease. They could legally be evicted for boycotting Israel (lemmy.sdf.org)
 

cross-posted from: https://hexbear.net/post/880059

And I can’t even imagine it’s an intentional addition, it’s just become part of boiler plate legal documents here in the deep south.

The wiki on anti-BDS laws

171
(Canada) An M&M vending machine error revealed facial recognition was used to illegally snoop on students (boycott Mars if you aren’t already!) (infosec.pub)
 

cross-posted from: https://infosec.pub/post/8862635

“Only because of that official investigation did Canadians learn that ‘over 5 million nonconsenting Canadians’ were scanned into Cadillac Fairview's database”. Wow.

This Wired article is contradictory. The spokesperson says:

“an individual person cannot be identified using the technology in the machines. The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface”

I suppose it’s possible that a sloppy developer would name an executable Invenda.Vending.FacialRecognitionApp.exe which merely senses the presence of a face. But it seems like a baldfaced lie when you consider that:

“Invenda sales brochures that promised ‘the machines are capable of sending estimated ages and genders’ of every person who used the machines—without ever requesting consent.”

Boycott Mars

I already boycott Mars because they are a GMA member and they spent ~$500k lobbying against #GMO labeling -- and they have been blackballed for using child slave labor -- and Mars supports Russia. This is another good reason to #boycottMars.

Update

Apparently a LemmyBug replaced the article URL with a picture URL. The article is here:

https://www.wired.com/story/facial-recognition-vending-machine-error-investigation/

The vending machine pic is here:

https://infosec.pub/pictrs/image/2041d717-7cd7-4393-94f3-96aa87817aa7.jpeg

view more: next ›