• 10 Posts
  • 48 Comments
Joined 1 year ago
cake
Cake day: July 23rd, 2023

help-circle
  • The metadata in the headers can be avoided using Memoryhole and similar protocols which embed the headers inside the encrypted payload. The problem is again barrier to entry. Low-tech users generally can’t even handle app installs on desktops.

    When you say “worry”, that’s not the right word for it. My boycott against Google is not fear-driven. I will not feed Google anything it can profit from as an ethical stance. Even if an expert linux tor user were on Google, I’m not sure we could exchange email in a way that ensures Google gets no profitable data. If we use PGP coupled with Memoryhole to strip out the headers, I’m not sure Google would accept a msg with a missing or bogus From: header. But if so, Google still possibly learns the user’s timezone. Though that may be useless if Google learns nothing else about that user. But we’re talking obscure corner cases at this point. Such an expert user would have no Google dependency anyway.

    MS/google-dependent friends are generally extremely low-tech. They don’t know the difference between Firefox and the Internet. They don’t know the difference between Wi-Fi and Internet. Linux – what’s linux? They would say. At best, they just think of it as a mysterious nerd tool to be avoided. So what can I do wholly on my end to reach them via gmail without Google getting a shred of profitable data? Nothing really. So I just don’t connect directly with a large segment of friends and family. Some of them are probably no longer reachable. Some are in touch with people who connect to me via XMPP, so sometimes info/msgs get proxied through the few XMPP users. It’s still a shitshow because Google still gets fed through that proxied inner circle of friends and family. In the past when someone needed to reach me directly, they would create a Hushmail or Protonmail mail account for that temporary purpose (like coordinating a trip somewhere). But that option is mostly dead.

    I just had to reach out to plumbers for quotes. All of them are gmail-served. All I could do is refuse to share my email address and push them to use analog mechanisms. They are not hungry enough for business to alter their online workflow or create protonmail accounts.


  • That’s exactly what I did with hushmail. I would tell low-tech folks to get a hushmail account then I would use hushtools.com to do all the key management, putting my key on the keyring and grabbing their key. So the other person did not need to know anything or take any special steps. That was best option of my time. But last time I checked hushmail was still entirely non-gratis.

    Protonmail emerged when HM became non-gratis and messed with hushtools. But PM requires every one of their own users to do key management which creates a barrier to entry. I would have to walk a PM user through adding my key to my record in their address book and walk them through sending me their key. That effort is a show stopper for many. I might as well walk them through setting up a PGP-capable MUA. But then if they keep their gmail or MS acct the metadata still feeds those corps.



  • I give out my XMPP address and offer Snikket accounts. Some go along with it and some do not. I lost touch with some friends. Some people are in contact via phone but that’s not ideal some connections are lost as phone numbers change.

    I used to push some people toward Hushmail until they dropped the gratis plans. Then for a while I pressured people onto Protonmail but then distanced myself from PM when the brought in Google reCAPTCHAs and killed off Hydroxide. Tuta is a non-starter because Tuta’s variety of e2ee is incompatible with open standards, thus forcing me to periodically login to a web UI (also due to them sabotaging their Android app by way of forced obsolescence pushed in the most incompetent way).

    So it’s a shitty state of affairs. 2024 and simply sending a msg to someone has become a total shitshow.





  • It basically is saying that if you have more money then you have more “votes”.

    That’s simply true. It doesn’t do anyone any good to disregard the facts.

    Or to put it in another way: If you have more money you matter more.

    That abstraction doesn’t help much. And first of all, it’s more accurate to derive the statement “If you have more money then you have more influence”.

    It’s still a shitty status quo, but it is what it is. The worse thing you can do is tell people not to boycott shit products on the basis of rejecting reality. It’d be like telling people not to vote in elections because their vote is a drop in the ocean.

    Some people vote for democrats, then they cancel their own vote by getting their internet service from Spectrum, buying fuel from Chevron for their car, shipping their packages using FedEx, getting their phone service from AT&T, banking at PNC Bank, flying on Boeing planes, shopping on Amazon, doing their web searches on a Microsoft syndicate’s site (e.g. DDG), buying Sony devices… etc. They either have no clue that most of their voting is actually for the republicans, or they think that drop-in-the-ocean vote that comes once in 4 years somehow carries more weight than the daily votes they cast with reckless disregard.

    Greg Abbott’s war chest is mostly fed by oil companies. If you buy fuel for a car, you help Greg Abbott and other republicans. And if you buy from Chevron, you give the greatest support to republicans (Chevron is an ALEC member).




  • Ending capitalism is not the /only/ way. Within a capitalistic system, you can boycott shit. Most consumers are pushovers but it doesn’t have to be that way. I’m boycotting hundreds of shitty companies. Off the top of my head:

    • Amazon
    • Cloudflare
    • Microsoft
    • Facebook
    • Google
    • Apple
    • (surveillance advertisers in general)
    • (all closed-source s/w)
    • HP
    • Proctor & Gamble
    • Unilever
    • all ALEC members (American Express, Anheuser Busch, Boeing, CenturyLink, Charter Communications, Chevron, FedEx, Motorola, PNC bank, Sony, TimeWarner)
    • many shitty banks
    • Paypal
    • AT&T
    • GMA members (Coke, Pepsi, Kraft - Heinz, Kellogg’s, General Mills, McCormick, Hormel, Smucker)
    • BetterThanCashAlliance.org members (visa, mastercard, unilever) – war on cash
    • Bayar-Monsanto
    • Dupont
    • Hershey
    • Nestlé
    • Exxon/Mobil
    • Comcast
    • Koch
    • Home Depot
    • Lowes
    • …etc

    Those are all shitty companies that significantly worsen the world. Giving money or data to any of them contributes to enshitification of the world.

    Of course it’s an option to stop supporting assholes. Become ethical. Be the change you want to see.





  • Better or worse depends on who you ask.

    I boycott Cloudflare and I avoid it. Some CF hosts are configured to whitelist Tor so we don’t encounter a block screen or captcha. For me that is actually worse because I could inadvertently interact with a CF website without knowing about the CF MitM. I want to be blocked by Cloudflare because it helps me avoid those sites.

    The CF onion (IIUC) cuts out the exit node which is good. But CF is still a MitM so for me that’s useless.

    Some users might not care that CF has a view on all their packets - they just don’t want to be blocked. So for them the onion is a bonus.


  • W.r.t CSAM, CF is pro-CSAM. When a CF customer was hosting CSAM, a whistleblower informed Cloudflare. Instead of taking action against the CSAM host, CF doxxed the ID of the whistleblower to the CSAM host admin, who then published the ID details so the users would retaliate against the whistleblower. (more details)

    There is no way to “disable” cloudflare if an instance has chosen to use it. It will sit between you and the server for all traffic.

    Some people use CF DNS and keep the CF proxy disabled by default. They set it to only switch on the CF proxy if the load reaches an unmanageable level. This keeps the mitm off most of the time. But users who are wise to CF will still avoid the site because it still carries the risk of a spontaneous & unpredictable mitm.









  • If the message is edited for typos/grammatical errors, then there’s really no need for a notification as the message displays the posted time in italics (e.g., ✏ 9 hours ago).

    I’m not sure why the relevance of the posted time in this scenario, but indeed I agree simply that typos need not generate an update notice, in principle.

    If the message is so reworked as to say something else, “Bob” (your example) should do the right thing and post a new, separate reply to “Alice” in the same thread, donchathink?

    This requires Bob to care whether Alice gets the update. Bob might care more about the aesthetics, readability, and the risk that misinfo could be taken out of context if not corrected in the very same msg where the misinfo occurred. If I discover something I posted contained some misinfo, my top concern is propagation of the misinfo. If I post a reply below it saying “actually, i was wrong, … etc”, there are readers who would stop reading just short of the correction msg. Someone could also screenshot the misinfo & either deliberately or accidentally omit Bob’s correction. So it’s only sensible to correct misinfo directly where it occurred.

    I get what you’re saying though, that there should be some real integrity toward post/reply history, like diff maybe.

    It would be interesting to see exactly what Mastodon does… whether it has an algorithm that tries to separate typos/grammer from more substantive edits. I don’t frequently get notices on Mastodon when someone updates a status that mentions me, so I somewhat suspect it’s only for significant edits.

    (update) one simple approach would be to detect when a strikethrough is added. Though it wouldn’t catch all cases.


  • So let me get this straight… Bob does something no one else does

    Straight away you don’t have it straight. Edits happen. The mere possibility of edits in fact encourages authors to produce ½-baked drafts in the 1st place knowing that they can always edit.

    edit messages on somewhere no one else goes, adding significant content to something no one sees

    Not sure what drives this logic. If no one goes there, the post/comment is unlikely to happen in the 1st place. And with no interaction in the thread, refinements are even less likely. If you don’t have at least two people participating in a thread, there are no notifications to speak of.

    and then Bob wants to spam the world about the update with notification?

    Bob wants to take no action at all and let a smart system handle notifications as needed. So your attempt to “get this straight” got everything crooked. Furthermore, your proposed solution is moreso aligned with Bob pushing “spam”, as Bob’s new & separate msg forces a notification as the platform has no way of distinguishing an update from a new msg. Thus it would be treated like a new msg and a notice would be sent.

    Also, in this context, this wouldn’t be a bug, but rather a feature request

    One man’s bug is another man’s feature. Luckily bugs and feature requests are handled in the same venue so it’s a red herring.

    a feature that no one is asking for

    Certainly not true anymore.

    and doesn’t make the software better

    One man’s bug is another man’s feature.

    except to those that doesn’t follow social norms yet still demands to get into others’ inboxes.

    You’ve misunderstood where the demand is coming from. It’s not the author; it’s the recipient. Someone posted a useful reply to Alice, Alice read it, marked it as read, & then Bob made a useful update. Alice did not receive the notice of the update. This “demand” comes from the recipient (Alice), not Bob the author. The update was for the recipient’s benefit not the author’s. It’s purely incidental that Alice discovered that an update happened because #Lemmy was not smart enough to notify me of the update (unlike Mastodon which is quite a bit more mature).

    Instead, the appropriate behaviour is to not allow Bob to make edits after sometime (which many softwares have such feature for)

    That’d be fair enough, but it would not have helped in this case where the edit happened the same day.

    and/or make edit logs visible (also a common feature)

    You’re imposing too much manual labor on humans. Machines are here to work for us not the other way around.

    such that people who doesn’t follow expected norms

    The norms adapt to the software. When the software does an extra service for people, they abandon norms that attempt to compensate for a feature poor system. And rightly so.