What is he doing in Youtube? No peertube? I actually cannot reach his video due to anti-Invidious enshitification.

IIRC, someone posted a link to his book here recently and there was some enshitification in the way.

If someone is offering a public wifi, there is a reasonable expectation that other people sitting in the same cafe for example can’t listen in on what you are doing on your device. As older wifi encyption standards are easily compromised, this requires enforcing a semi-recent wifi-standard. You can of course make your own judgement in your own home, but in a public space it is different.

I think WEP is pretty much dead. Even my first Android (2.2) supported WPA. WPA can still be snooped on with some effort when the attacker has the PW. Apart from that, you’re still trusting whoever supplies the uplink. I do not think people have an expectation of privacy on public networks. There are far too many compromises, the most trivial being an imposter AP. I always tunnel in some way over public wifi by using either Tor or a VPN. So even WEP or fully open is still secure enough for my use.

I would not want user nannying to get in the way of someone who knows how to secure themself. I’m also not quick to support the idea of dumbing down the community so people don’t develop self-defense skills and take personal responsibility. If someone cannot be bothered to tunnel, then hopefully they would buy a device that is configured to insist on WPA3. But in the end this is the user’s responsibility one way or another while nannying is a kind of tyranny.

As for SSL certificates… this isn’t only a captive portal issue. If your device has such outdated root certificates that you run into issues already at the captive portal, you will have also issues with each and every website that uses https.

They are completely independent. I can do what I need so long as the captive portal doesn’t fuck with me. Captive portals can be broken in more ways than the web generally is. And when a captive portal is shit, it’s a disaster across the board… It breaks all apps that need the net.

Root certificates are only cycled out of use for good reasons, such as them becoming compromised, so by using an super old root certificate on your device you are wide open to MITM attacks on supposedly secure connections.

I don’t recall if the sparse cert errors I had were due to root certs or normal certs, but I should indeed pay close attention. My only persistent problem was getting OSMand maps, which I solved by side-loading the maps from a PC.

But enforcing certain security standards on public wifi so that random people can not see everything you are doing online is good.

There is a blind “for security reasons” excuse the industry likes to use to force people to chronically upgrade their hardware… to boost sales. I try to stay immune to that bait.

The access point needs to protect itself – full stop. An access point that oversteps their authority and becomes a nanny that dictates security practices on others without knowing their security posture and threat model to protect people from themselves can bounce. We don’t want their “help”.

In any case, the DB I am proposing is factual. Whether a fact in the DB is “good” or “bad” is for the users of the DB to decide. And either way, it’s useful.

And I would advise against going online with a device so old and unmaintained that it has issues with its SSL root certificate.

Can you give more details? If the certs have not expired, the device is able and willing to make a connection. If the certs fail due to age, the app makes the user aware of the problem (and in the case of OSMand it refuses to use the connection regardless of the user’s wishes). So what’s the issue?

Note the context is with captive portals. If someone thinks it’s a good idea to force a captive portal on a public LAN to get a simple “I agree” signal, why might that be sensible? AFAICT, it’s down to a clumbsy admin who did not think through the consequences of SSL on a captive portal. The captive portal is not in itself a useful resource for the user. It’s just an obsticle with the sole purpose of getting a signal that someone agrees to the text of a policy that is public anyway. Once the obsticle is out of the way, it’s the independent job of every resource to implement appropriate security for the task at hand, which in come cases may not involve SSL at all (e.g. accessing an onion server). But when the captive portal blocks someone due to (what I regard as clumbsyness), the apps the user would use are blocked regardless of how well they are secured.

(edit) Some captive portals collect personal info, where you must submit an email or phone number. SSL is probably unavoidable in those cases, but ideally the app would collect that info as well. We would want the DB to indicate that sharing personal data is a precondition to access.

I wonder if a good pushback is to lodge open data requests. Of course, only if the website is government run and the gov has a usable open data law.

Some “accessibility” policies are popping up in the US and EU which are intended to ensure blind people can still function. I’m not blind but I’m tempted to file accessibility complaints whenever they push a GUI CAPTCHA.

When email is withheld, I’ll do an MX lookup on their domain and see that it points to Microsoft or Google, in which case I refuse to use the contact form because I believe those traverse their email. Sometimes the MX lookup reveals barracuda or some email firewall which masks what they use. So having transparency in the shitter exacerbates the need for snail mail.

why would they need to send you an email if they are providing you with an email.

The msg portal uses 2FA to access. People do not likely want to go through that login process on a daily basis to just to check for new msgs, so there is an /optional/ e-mail notification feature. The notifications can be disabled but then you are legally responsible for having read msgs that arrive even if you did not login to see them.

That is where the communication should be.

If you mean that conventional email (SMTP) is where the sensitive payloads are sent, very few people can handle PGP, sadly enough. I would sign up for PGP over conventional email if, and only if, the gov would also guarantee that surveillance advertisers like MS and Google are not used on the gov end (I don’t even want them to have metadata).

The problem here is it needs to have all the legal protections of regular mail. It should be illegal to monitor someones activity like that without a judicial warrant just like opening mail or putting a tracker on a car.

Yes, I would insist on that, but I would still distrust legal protections on their own in this post-Snowden era.

Should be able to be done in person at an office without any need for any technology. Thats a big problem to. There should be a right to not use technology.

Europe assumes the only reason not to use tech is incompetence. So they provide the elderly with “digital buddies” who do the tech work for them. For me that’s insufficient because it’s my opposition to the tech that stops me using it, not competency. I would not want a “digital buddy” solving Google recaptchas on my behalf either.

So indeed a !right_to_unplug@sopuli.xyz (right to be analog) is paramount. I believe it’s the most important right we could have w.r.t. digital rights. It’s the only nuclear option we can trust.

One EU member state implements their own msging system which uses 2fa by requiring people to insert their ID card into an EMV chip reader and enter a PIN. Despite that quite good security, they started block Tor. That way they can track your approximate location by IP address. Then to notify you that you have a msg waiting, they send an email with a surreptitious tracker dot, so they can track whether you opened the email and your approximate location at that moment. If you decide the bounce upon discovering the shit-show, then you would have unread msgs on the server which are deemed to have registered letter status and considered to have been read (even though all their tracking theoretically ensures that they know what is unread).

FOSS should certainly be on the client side. But on the server side FOSS doesn’t help. FOSS rules: only ppl who receive the binary are entitled to the code. FOSS does not require distribution… just that binaries must come with source. What you’re perhaps really after is Italy’s “public money → public code” rule. You couldn’t know for certain what is running on the server or with what configuration, but at least in Italy the code is available for reuse.

Anyway, there are a minefield of problems. A public option is good to have and it’s likely inevitably coming to a gov near you. The dire need is retaining snail mail as an alternative. That’s where the good fight will be. In the US you already have gov agencies that ignore postal mail. For example, go to a secretary of state website to lookup a business. You might be blocked by Cloudflare (esp. if on Tor). And if access is granted, you could be forced to solve a Google reCAPTCHA. When you quite reasonably say “fuck this, I’m sending a postal letter to request the records”, you will find that they will just ignore it.

℻ is a quite useful alternative because you can send it electronically without revealing your email address, thus preventing the recipient from responding with personal data in an email. But we’ve mostly lost fax. Many gov offices have dispensed with it.

The digital transformation shit-show is in full swing in Europe. It’s a little slower to impact public services in the US, but it’s coming.

Some European governments already do what you describe. Of course it’s only acceptable to the extent that it is voluntary. It’s becoming decreasingly voluntary which creates a bigger shit-show than you had before. Denmark has gone to the extreme of ditching snail mail. So Danes are trapped in whatever comms system is imposed.

Big govs like to outsource to big corporations. Some govs use Microsoft for email by every agency. There is no way to correspond electronically with that gov without having a surveillance advertiser with shitty ethics in the loop.

I think the problem is that it would be impossible to stop a gov from marginalising those who object to using such a platform. I would welcome the platform only if I could be absolutely guaranteed that it would not be imposed on me. But no gov can resist the urge to save money and steem roll over the minority of hold outs. The minority of hold outs is important for everyone because that group ensures competition of options.

BTW, I should say this thread branch is not really on topic because personal communication is very different than distribution of public docs. E.g. if the gov produces crime statistics for a region, your personal inbox is not the proper place to publish that.

By paying requirements I mean, that at least the German government sometimes still provides documents in Microsoft formats using macros, templates and design features, that are not supported by open source, or free alternatives.

That’s already illegal. Directive 2019/1024 Art.5¶1 states:

Without prejudice to Chapter V, public sector bodies and public undertakings shall make their documents available in any pre-existing format or language and, where possible and appropriate, by electronic means, in formats that are open, machine-readable, accessible, findable and re-usable, together with their metadata. Both the format and the metadata shall, where possible, comply with formal open standards.

So when you encounter a gov agency who distributes public docs exclusively in MS Word, in principle it’s just a matter of filing a complaint that they are required to act on. But I suppose there could be a snag because MS published an open spec for the Word format. It was likely just a symbolic gesture because I heard MS Word implementations do not comply with MS’s own spec. But then that works to your advantage because it could be argued that a non-conformant doc fails to be “re-usable” and fails to comply with the open standard.

In my opinion, every document provided by a city, a state, a country, should be available in the least expensive way and it is really no big hustle to turn MS stuff into open formats.

I agree but there need not be a law about cost because using an open standard generally and typically implies that some FOSS will exist for it, and most FOSS is incidentally gratis.

Regarding the HTML problem, I think everything can suck hard, if someone wants it to or doesn’t care.

Not with FTP. FTP greatly limits the ways and degree by which the deployment can suck. Someone who doesn’t care in the very worst would choose a non-intuitive file structure. Someone who wants to be malicious doesn’t have many ways to do so. And their act in FTP would stand out and be difficult to explain.

With HTML there are infinite ways to make it suck. Most web devs abuse their freedom in countless ways to make it suck. It’s actually very difficult to find well designed websites. FTP is the inverse of that. It would be difficult to find a poorly designed FTP host.

I don’t know about FTP, a useful and crawlable website is fine for me.

The problem with HTML is it gives too much freedom to the web developer who can enshitify it with proprietary JavaScript, CAPTCHAs, etc. Sure it is possible to implement interoperable non-enshitified HTML like this example:

http://bettermotherfuckingwebsite.com/

But you cannot trust web devs to be responsible. And you cannot trust lawmakers to have the competency required to ban all the shitty things that can be done using HTML and JS. FTP is inherently limited so a bad admin cannot screw it up too much. It technologically protects us from enshitification.

public access should be access without any redundant payment requirements.

Not sure what you mean by payment requirements. Govs distributing docs usually does not involve payment. Nonetheless, I want as many payment options as possible because even payment systems are enshitified. E.g. PayPal is a shit show by a controversial company with a long list of wrong doing.

If you go to lemmyverse.net and click TAGS next to a funnel icon, you can then select to /hide/ Cloudflare tags (in which case it’s not hiding the tags but actually hiding nodes that have the CF tag). That is one way to find a Cloudflare-free Lemmy instance.

I personally fetched the dataset, imported it into a DB, then I had the freedom to specify all the criteria I want in my searches.

Strange to read your comment then notice that you are writing that from Cloudflare’s centralised walled garden. Not supporting corporate technofeudal shitholes entails staying outside of Cloudflare.

Complaining is part of contributing ideas. You can contribute code, or ideas, or both. Have a look at !foss_requests@libretechni.ca.

One good principle that’s aligned with what you’re saying is that every FOSS contributor desides for themself what work to do. It’s uncivil to try to task someone in partcular with work. No one should be personally pushed to do work. Avoid that, and there is nothing wrong with reporting bugs and making suggestions generally to the commons.

Not over Tor. It has the same problem as newpipe over tor.

We need a more advanced tool, like this:

https://libretechni.ca/post/420147

I must say I am not the least bit surprised that Tor users get a 403 error when trying to fetch a book whereby Cory Doctorow attempts to redefine “enshittification” in a narrow context that’s less useful to consumers:

I thought piHole blocked Cloudflare, but then I see you are using Cloudflare (lemmy.world). Did you configure it to not block Cloudflare?

When Google started its attack on Invidious, I was forced to try direct YT access. The ads were so frequent and intrusive that I had to walk. It’s intolerable.

Google has mostly killed off the piracy option. Any Invidious instance that gets traction gets cut off by Google.

The FOSS option is newpipe, but if you use that over Tor (for privacy from Google), Google blocks connections.

Its shockingly easy to unplug from the majority of platforms.

FYI, you’re using the most abusive privacy abusing platform in silicon valley: Cloudflare. I suggest leaving lemmy.world.

It would still be useful to have a text blurb or a transcript since Google YT has become Invidious-hostile. And in my case I don’t have the bandwidth for video.

This would be more fitting in !zerowaste@slrpnk.net.

I will be keeping an eye out for curbsides of dumped PCs. I have not bought a PC in decades because of MS forced obsolescence.