I doubt it. It will probably show the clearnet address. I just now logged in via the onion, so this reply will be a test.

Replacement link to a privacy-respecting host:

https://www.blankrome.com/publications/us-department-commerce-publishes-proposed-rule-imposing-know-your-customer-and

This article seems to suggest the KYC rules only apply to foreign customers:

https://www.bankinfosecurity.com/commerce-proposes-rule-to-fight-foreign-cloud-cyber-threats-a-24219

but then you have to wonder how they will know you’re domestic without a bit of KYC on Americans as well.

BTW, a good way to find privacy-respecting links is to search using this service:

https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

That search tool will not return Cloudflare MitMd links.

I’m not on a good enough connection to watch videos but when I read “How the Religion called Atheism…” I know it cannot be coming from any sort of credible source. Atheism is absence of religion, not a religion in itself. It includes both agnostics and gnostics (both those who are convinced there is no god and those who are unconvinced either way). So I don’t suppose it’s worth it to note the URL and try to fetch the video when I have a good connection.

Lawmakers have figured out they can circumvent 4A by forcing the private sector and external governments to do their surveillance. It worked for banking KYC and it worked for FATCA. The industry is apparently not worried at all about losing customers. And they won’t. To circumvent 4A, just outsource governance to a non-government entity.

Love the irony of being blocked from reading that article because I am anonymous and the #reclaimthenet hypocrits insist on using Cloudflare.

So I can only comment on the title and what the OP (apparently) copied. Judging by how the masses happily continue using banks who voluntarily abuse KYC by collecting more info than required, internet users will also be pushovers who give in to whatever KYC comes their way.

This policy will actually create victims. Just like GSM registration creates victims. In regions that require GSM registration phone theft goes up because criminals will steal a phone just for a live SIM chip. So KYC creates incentive for criminals to run their services from someone else’s PC.

FWIW, I started a thread about the B word in the slur filter here:

https://links.hackliberty.org/post/146478

Most importantly, I think authors should be notified when their message is edited by someone other than the author.

cc: @OneMansTrash@lemmy.ml

Are those heuristics low bandwidth or is audio involved?

I disable images because of bandwidth consumption. So I’m wondering if it makes sense to install a screen reader in my case.

Surely some of those captured faces are people in Europe, Brazil, and California, who would then be protected by GDPR, L…(something… forgot), and CCPA respectively.

Under the guise of reducing crime,

Woolworths has justified these measures as necessary for the purposes of security.

There is video surveillance, and then there is that extra intrusive step of facial recognition. They can have video without FR. They can submit video evidence to the police who can then use FR, if needed. They probably want to argue that they can block known shoplifters as they enter. But of course what they really want is to track who enters the shop, which products they look at, how long they gaze at promo ads, etc. Being able to preemptively strike without a crime, just a bad reputation, does not justify the intrusion to everyone else.

Food is essential. It’s not like some shitty smartphone shop or Amazon b&m store that people can boycott.

just someone with access to a transit network.

I think you’re saying this because I have no way as a sender or recipient to ensure or verify TLS is in play at every hop, correct? Otherwise, if TLS is in force by both providers then I would only expect the email providers (and their hosting providers) to have access.

Email providers are not equals. W.r.t the infosec nuts and bolts, sure it’s the same disclosure. But to say that the risk is the same for a giant surveillance advertiser who has mastered exploiting the data as the risk would be to a provider like Disroot is grasping. It neglects the trust factor. Both instances require trust, but in the case of MS that trust is unobtainable.

Threat models matter. Mass surveillance is in my threat model (and it should be in everyone’s). A small email provider looking to secretly target me is not in my threat model.

Microsoft profiting from my data (even if not sensitive) is also a problem for me. I do not email any MS user for any reason because I boycott MS. That’s not an infosec move but an activist move to not feed a pernicious giant.

I’m not sure you understand. When you say “O365”, that implies desktop apps. When I say I did an MX lookup, that means the MX server is (foo).mail.protection.outlook.com, which means the email traverses MS assets in the clear regardless of what software they use.

FWIW, unrelated, it’s notable that o365 was studied¹ by the Dutch gov and found² to violate GDPR due to telemetry data kept in the US.

1. https://www.rijksoverheid.nl/documenten/rapporten/2018/11/07/data-protection-impact-assessment-op-microsoft-office
2. https://www.zdnet.com/article/dutch-government-report-says-microsoft-office-telemetry-collection-breaks-gdpr

I’ve been out of the loop on games for a while but ReactOS may be worth a look.

The 1st ½ of your comment sounds accurate. But…

And also in Foss there are highly opinionated software where the devs completely ignore users, ban them from GitHub when they post issues,

Right, but to be clear non-free s/w is worse - you can’t even reach the devs, generally, and there is no public bug tracker. FOSS is an improvement in this regard because at least there is a reasonable nuclear option (forking). The nuclear option for non-free software is writing it yourself from scratch.

That all sounds accurate enough to me… but thought I should comment on this:

However - in larger enterprises there’s so much more, you get the whole SDL maturity thing going - money is invested into raising the quality of the whole development lifecycle and you get things like code reviews, architects, product planning, external security testing etc. Things that cost time, money and resources.

It should be mentioned that many see testing as a cost, but in fact testing is a cost savings. In most situations, you only spend some money on testing in order to dodge a bigger cost: customers getting burnt in a costly way that backfires on the supplier. Apart from safety-critical products, this is the only business justification to test. Yet when budgets get tightened, one of the first cuts many companies make is testing – which is foolish assuming they are doing testing right (in a way that saves money by catching bugs early).

Since the common/general case with FOSS projects is there is no income that’s attached to a quality expectation (thus testing generates no cost savings) - the users are part of the QA process as free labor, in effect :)

Linux won’t be viable for blind people unless major distros have full time accessibility folks, and refuse to accept inaccessible packages and patches.

Sure, but you need to read what I quoted. I purely addressed the flawed claim that better code comes from those paid to write it. The opposite is true. It’s unclear to what extent that bias has influenced @noahcarver@rblind.com’s thesis. Though I have no notable issues with anything else @noahcarver@rblind.com wrote (much of which is beyond my expertise w.r.t accessibility).

And to be clear, “better code” strictly refers to quality, not accessibility. Accessibility is a design factor.

But that code you write at home is probably not accessible.

That’s right. But then neither is the commercial code I worked on. That would be outside of my domain. I do backends for the most part. The rare UI work I did was for a tiny user base of internal developers within the org and accessibility was not part of the requirements. I worked on a UI for external users briefly but again no requirements for accessibility (which would be very unlikely for that particular product).

In any case, this sidetrack is irrelevant to what you replied to. It’s important to correct bogus claims that being paid to write code is conducive to quality. Some right-wingers I know never miss the opportunity to use the phrase “good enough for government work” because they want to push the mentality that capitalism promotes superior quality. It’s a widespread misconception that needs correction whenever it manifests.

Paying someone to write accessible code should theoretically work on both free software and non-free software. AFAICT the reason non-free software would accommodate blind users is that the market share is large enough to justify the profit-driven bottom line and those users are forced to pay for it (as all users are). In the FOSS domain, payments (“bounties”) are optional. Has this been tried? If not, then you’re relying on blind FOSS developers to suit their own needs in a way that benefits all blind users.

and that someone who is paid to write accessible software is generally going to produce and maintain better code.

In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.

Commercial software development

When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is very short-sighted. I was once back-roomed by a manager and lectured for “gold plating”. That means I was producing code that was higher quality than what management perceives as the economic sweet spot. I was also caught once fixing bugs as I spotted them when I happened to have a piece of code checked out in Clearcase. I was told I was “cheating the company out of profits” because they prefer if the bug goes through a documentation procedure so the customer can ultimately be made to pay separately for the bug fix. Nevermind the fact that my time was already compensated by the customer anyway - but they can get more money if there’s a bigger paper trail involving more staff. So when you say you get what you pay for, that’s what you pay for – busy work (aka working hard not smart). They also want “consistent quality”. So if one module is higher quality than another, there is pressure to lower the quality of the better module because improving the style or design pattern of the lower quality piece is “gold plating”. When I make full use of the language constructs (as intended by the language designers), I am often forced by an employer to use more basic constructs. Employers are worried that junior engineers or early senior engineers who might have to maintain my code will encounter language constructs that are less common and it will slow them down to have to look up the syntax they encounter. Employers under-estimate the value of developers learning on the job. So I am often forced avoid using the more advanced constructs to accommodate some subset of perceived lowest common denominator. E.g. if I were to use an array in bash, an employer might object because some bash maintainers may not be familiar with an array.

Non-commercial software development

Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet some deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline. #FOSS devs are free to gold plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work. I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.

Commercial software from a user PoV

Whenever I encounter a bug in commercial software, there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the bug I found, which is unlikely when there are complex circumstances.

Non-commercial software from a user PoV

Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.

I agree.

One of the reasons no one gives a shit is there is never news about CF making use of that MitM position. But I know they hire data scientists and what corp can resist the urge to monetize data they have access to? So I think it’s just a matter of time before they get caught abusing the vast amount of valuable data they have visibility on.

Sorry I do not know if BBC interviews are transcribed.

But FWIW it will air again on BBC World Service at 02:32 GMT tomorrow and the next day (which could be useful for those on limited internet connections)

Nobody is disagreeing with you or saying your wrong

At least 10 people here believe Google/MS avoidance is “tinfoil hat” paranoia. It’s a stark disagreement on infosec principles. All responders in this thread (apart from 3 exceptions) come from privacy-hostile #Cloudflare instances including yourself. This crowd has little hope of taking privacy seriously.

However, it’s not really realistic to expect everyone to abandon the easy and useful tools that they’re comfortable with just to match your views, regardless of the ethics or logic involved.

You’re probably not going to sell anyone on an idea that requires discarding ethics and logic. That’s actually the crux of the problem. The problem exists because people disregard ethics and logic in pursuit of pragmatism.

You seem to be overlooking the fact that Google and MS are inherently exclusive choices. That is, if I try to connect to gmail-smtp-in.l.google.com, the connection is refused, full stop. Google is blocking me before I send the first packet. So you’re implying that I must go through Google’s hoops in order to not be “extreme”. IMO, that’s an extreme position to take. To expect people to go beyond the norms of established open standards to cater for the extra requirements and special needs of a monopolistic corporation. I must either rent an IP address that’s to Google’s liking at my own expense, or I must establish a contract with another third-party who I must then trust with a centralized view on all my outbound traffic. I’m not supporting that abuse and loss of freedom.