It’s not spontaneous shopping. People don’t walk around with dirty clothes either. A laundromat inside an apartment building for the residents living therein is not in the market for people walking around. Customers do not need to carry around cash and need not buy a special wallet because they are walking directly from their apartment to the basement on a planned basis. They can put the cash in a sandwich bag and set it on top of their clothes.
Cash is inherently ***inclusive***.
Cash accepts all people without exception. So cash just works from all standpoints: socioeconomic, legal, and from an engineering point of view. If someone does not like to touch money, that’s not cash failing to work; that’s a manifestation of Tyranny of Convenience (as described by Tim Wu) by someone choosing not to touch money. Such consumers are their own problem. Laughable to call that preference an engineering failure.
Banking is inherently ***exclusive***.
Many demographics of people are involuntarily excluded. Banks have refused to open accounts for me. Banks are in the private sector and have a right to refuse service to people. European banks cannot refuse someone a “basic” account, but those basic accounts are not required to be free of charge and they cannot accept cash deposits so if you’re starting with cash such accounts are broken from the start. For people who banks accept there are countless disempowering circumstances consumers are forced to accept in return. Unlike those who don’t like to touch cash, people voluntarily objecting to banking have countless good compelling reasons for not pawning themselves.
Banks violate human rights when they treat people differently based on their national origin. The privacy abuses actually also undermines human rights, as well as environmental harm inherent in forced periodic phone upgrades and in the banking industry’s fossil fuel investments. So when a consumer demands #forcedBanking because they don’t personally like the burden of carrying cash, it’s rather selfish that they prioritize some trivially esoteric convenience/novelty above human rights and also above people’s need to be free from nannies. So there is a very strong case for people to not bank by choice even if the bank accepts them. By comparison, it’s fair to dismiss anyone who supports forced banking simply on the basis of not liking the inconvenience of cash.
A forced banking design violates several rules of the IEEE Code of Ethics
“1. to hold paramount the safety, health, and welfare of the public, to strive to comply with ethical design and sustainable development practices, to protect the privacy of others, and to disclose promptly factors that might endanger the public or the environment;”
“II. To treat all persons fairly and with respect, to not engage in harassment or discrimination, and to avoid injuring others.”
…
“7. to treat all persons fairly and with respect, and to not engage in discrimination based on characteristics such as race, religion, gender, disability, age, national origin, sexual orientation, gender identity, or gender expression;”
The banking sector discriminates against people on the basis of national origin. So when an engineer designs as cashless system, they violate ¶7 of the IEEE code of ethics.
A lot of wallets are also badly designed because they lack a means to secure coins. Look for a wallet that has a zipper compartment on the side and you’ll be less annoyed with coins.
Just you wait for AI powered laundromats.
Can’t wait for that.. “you paid with an American credit card but the last time you used the laundromat you did not use the tumble dryer which is not American-like. And these are not American clothes; we detect as many scarves as a European would have, and those low crotch pants look Nepalese or African. Please contact our fraud office if you think we have made an error.”
(edit) …15 min later…
“We see that you removed the scarves and low-crotch pants from your load and that you attempted to order tumble dry service in advance. This conformist behavior is inconsistent with your KYC profile. We have therefore suspended your account for your security until you conduct a 30 minute interview with our automated KYC specialists.”
(edit) …2 min later…
“You have just been instantly validated based on personality traits due to the article you just deposited into the washing machine. Unfortunately we do not yet have a cleaning program in the database for human excrement. Please subscribe to our newsletter so you can monitor new developments and new cleaning programs.”
Your CC got blocked, call your bank and solve it.
The account was in good standing worked daily, before and after the laundry attempt. When an online merchant blocks me my bank often tells me “it’s not coming from us; your account is fine on our side”.
I was never given the answer. How can you solve a problem when merchants will not tell you what the problem is? They think they are dealing with fraud so they are afraid to inform (who they regard as) a criminal. Getting information out of a merchant about a failed transaction is a social engineering effort on par with what hackers do.
It’s legal to reject foreign cards
One thing I’ve noticed is that some merchants refuse cards on the basis of being foreign issued. It may have been what my issue was with the laundromat, but I can only guess. Rejecting a card on the basis of being foreign violates the merchant agreement with visa and mastercard, but it is not law and merchants often violate the merchant agreement because Visa and MC do not enforce the contract. I have in fact reported instances of merchants violating the merchant agreement and the credit card networks ignore these complaints.
When everyone else goes to the laundry and doesn’t have the right coins they should do exactly what? Take a trip downtown to the bank?
You can, and it would be a good exercise for you to see first hand how banks treat consumers when they tell you GTFO for asking for a small amount of coins. You will see for yourself that banks are unworthy of the power you give them.
Your local cigarettes shop isn’t obligated to break you a 20.
Fuck that shop then. They don’t want your business and have failed to earn it. It’s a worthy exercise just to know where you stand.
I barely use cash and my payments always work. … What am I doing wrong that digital payments always work for me?
You’re living a boxed in life just the way they want you to.
how to live a conventional boxed-in life
You’re not traveling internationally and using a foreign cards, you’re not using Tor, you’re not blocking untrustworthy JavaScript, you solve every CAPTCHA, you’re happy to subscribe to mobile phone service and to share that phone number willy nilly with anyone who asks, you’re willing to transact with Google to install whatever closed-source apps banks and merchants want you to, you’re giving merchants and banks a permanent email address (as opposed to using an @spamgourmet.com address), you’re diligently keeping track of your ID expiry and automatically running the new card over to the bank as soon as you get a new ID card to make sure in advance the bank always has a current copy, you never move without telling the bank your new address which would cause the bank’s annual postal check on your address to fail, you’re not American (which triggers extra poor treatment by banks), you never tried to pay a recipient who the bank politically objects to (Wikileaks), you do not buy cryptocurrency, and you must be using Paypal exactly the way Paypal expects (which means no purchases in certain categories and using the account just often enough to not look suspicious but not so often that you trigger one of their countless fraud false flags). If you’ve failed any of that criteria, you’ve merely been strangely lucky.
Much less frequently I cannot pay for digital reasons than for “oh fk, I forgot to withdraw cash again”. I remember that being a weekly problem.
So the one variable that is easily in your own control and you manage to fuck it up. You got issues. But certainly whatever puts you in a situation where an ATM is far from where you need one, you can fairly blame that on the banks who are the proactive cause for ATM sparsity.
Bill Gates and the https://betterthancash.org alliance loves you.
I used to be that way. Used a card to pay for everything; even just a candybar. Then I noticed the banks abusing their power, rampant data breaches because banks and credit bureaus don’t give a shit about data protection, large banks financing private prisons and fossil fuels, small banks investing with large banks, banks abusing KYC to collect far more than legally required, banks taking extortionate fees from merchants, banks nannying consumers by blocking wikileaks, banks forcing people to contract with Google to get their app then forcing people to upgrade their phone hardware (creating more e-waste), etc.
At one point I came to realise I’ve recklessly made myself part of those problems by using banks more than necessary. Banks need a shorter leash and consumers should be holding that leash.
Those engineers took simple design to the fullest extent. But then the landlord dropped the ball or cheaped out by not offering a change machine which could easily be fed when emptying the other machines.
I must say I like the side-effect. It pressures people to use cash in shops. This is a good thing because the #warOnCash is going the way Bill Gates wants it to, which gives more power to the banks and corporations at the expense of disempowering the people. The funny thing about your interaction with the bank is that it serves as yet another instance of banks not using their position ethically. Banks love the war on cash, so making it hard to withdraw or deposit serves as more proof that giving banks exclusive control is a bad idea.
Have you tried this hack? → Buy groceries and intentionally overpay with your card and ask for the difference as cash back in the form of as many as 50¢ coins as the cashier is willing to give?
It is very inclusive
Not in the slightest. Here’s what’s inclusive: cash. Cash does not discriminate against anyone. Banks are a shit show. It was hard to get a Danish account open and funded, and then once it was funded the money was trapped - could not be transferred out internationally.
backup solutions for people who want to top up in cash
They told me to pound sand. And they could not tell me why my bank card was refused despite the account being in good standing.
solutions for when the internet is down.
How so? There is no full-time on-site custodian who can override anything. There is no way to insert cash. The system is outsourced and the apartment managers only work during business hours. Once they had me locked into a lease agreement, they had no motivation to accommodate. Imagine if they did have to dispatch someone to run the machine for me, and then add it to my bill if the system allows it. The human effort every time I need to wash clothes would have made them quickly realise the foolishness of this system.
There is no culture of inclusion with Danish businesses. There are cashless retailers on university campuses. If you want a sandwich at 2pm and you only have cash, you’re stuffed. If you don’t have Facebook, you are excluded from some university announcements. If you do not have a mobile phone service to do the required 2FA for some university resources, they tell you to pound sand. Then if you cheat and use a free pinger number, they take action against you. You cannot even make a photocopy in some places without a CPR number. Denmark is a society that pushes digital exclusion to the greatest extent I have ever experienced.
It’s not a fear problem. It’s an engineering competency problem. They designed something more poorly engineered than the technology it replaced, so it never should have been rolled out. It’s a shitshow of failures and it excludes people, by design. Everyone should be able to clean their clothes, not just a select group who have the right combination of hardware, software, banking service, and unhealthy disregard for privacy and infosec.
Having dirty clothes because your bank card with matching logo was mysteriously refused for unspecified reasons and having to walk 1km to find a machine that works is a far cry from improving quality of life. Compare that to the quality of life someone feels is hindered when they have to carry coins from their apartment to the laundry room.
Lucky people in the included group should also be wise to realise there are excluded people and refuse to use it on that ethical basis.
Fear it when jerks abuse it to gain power
Misappropriation of power is inherently central to this design. Cash gives you freedom. Electronic payments give banks power over you. And they abuse it, like when they blocked donations to Wikileaks. They abuse it when they block you from using Tor. They abuse it when they lock your account because a document on file expired. Or when they require you to form an info-sharing relationship with Google and agree to Google’s terms just to download an app exclusively distributed by Google. It’s important to always have a bank-free option.
It really seems to showcase that schools have lost some competency with engineering. It’s a fundamental failure of basic principles when an engineer introduces a fuck ton of factors that can go wrong in place of something simple that just works. It’s an embarrassment to the engineering discipline.
German engineering used to be held in high regard¹.
It’s like the irrational drive to make everything as electronic as possible is somehow causing engineers to miss the KISS² principle.
Consider why cars do not add a supplemental steam engine.
Superficially, you see how much heat energy a fuel combustion engine wastes and might reasonably think: why not use that heat to make steam that powers a steam engine that adds power to the drivetrain? Engineers decades ago figured out that the complexity that adds to the overall system has too much of a diminishing return. Today’s engineers are a regression in their inability to avoid excessive complexity.
¹ To be fair, I don’t know if the machines were designed in Germany.. just that they are used in Germany and Denmark. Nonetheless Germans would have an expectation of high engineering standards to be deployed.
² KISS: Keep It Simple, Stupid.
My thoughts exactly!
Is it that you prefer not to insert coins, or that you prefer not to end up with coins? In principle a machine could take bills, but then you’d be getting coins back if you need change.
I’ve seen a laundromat with a centralized cash machine. You can insert as much in bills and coins as you want, then you tap the numbers of the machines you want to send the credit to. This single transaction made it easy if you needed to start ~3+ washing machines. If you plan diligently, you can ensure you don’t end up with coins, but then you need to bring coins.
I prefer coins because the rejection rate seems to be far lower than banknotes. But euro coins are probably more sensibly denominated than other countries. The US is a bit of an embarrassment in this regard because the $1 liberty coins never caught on, so people need a ton of quaters or small banknotes would can get quite ratty.
cross-posted from: https://sopuli.xyz/post/13133455
> It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room. > > Is this wise? > > Points of failure with traditional coin-fed systems: > > 1. your coin gets stuck > 1. you don’t have the right denomination of coins > > Points of failure with this KYC cashless gung-ho digital transformation system: > > 1. your internet service goes down > 1. the internet service of the laundry room goes down > 1. the website is incompatible with your browser > 1. the website forces 3rd party JavaScript that’s either broken or you don’t trust it > 1. you cannot (or will not) solve CAPTCHA > 1. the website rejects your IP address because it is a shared IP > 1. the payment processor rejects your IP address because it is a shared IP > 1. the bank rejects your IP address because it is a shared IP > 1. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations > 1. the accepted payment forms do not match your payment cards > 1. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons: > * your card is on the same network but foreign cards are refused > * the payment processor does not like your IP address > * the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card > * it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure) > 1. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate > 1. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month). > 1. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about > 1. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit. > 1. (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates. > > In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed. > > Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away. > > Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?
It would be wise to ban Danish universities from using Facebook. Students who do not use Facebook by choice are excluded from receiving some university announcements and information. It’s quite despicable that universities pressure students onto FB.
BTW, I could not read the article because it’s also exclusive.. jailed in Cloudflare. The tl;dr bot was useful.
It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.
Is this wise?
Points of failure with traditional coin-fed systems:
- your coin gets stuck
- you don’t have the right denomination of coins
Points of failure with this KYC cashless gung-ho digital transformation system:
- your internet service goes down
- the internet service of the laundry room goes down
- the website is incompatible with your browser
- the website forces 3rd party JavaScript that’s either broken or you don’t trust it
- you cannot (or will not) solve CAPTCHA
- the website rejects your IP address because it is a shared IP
- the payment processor rejects your IP address because it is a shared IP
- the bank rejects your IP address because it is a shared IP
- the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
- the accepted payment forms do not match your payment cards
- the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
- your card is on the same network but foreign cards are refused
- the payment processor does not like your IP address
- the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
- it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
- your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
- you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
- you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
- the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.
- (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates.
In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.
Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.
Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?
I’ve noticed that if you try to contact corp or gov offices the old fashioned way, they simply ignore you. They want to force you to use email or solve a CAPTCHA. The fix I have in mind is a tweak on this idea:
https://sopuli.xyz/post/12919557
but the first contact you make with an office need not even be GDPR¹ related. If you contact a gov or corp for any purpose and they ignore it, your next request can and should include an access request for records on how they handled your initial correspondence.
¹ GDPR isn’t the only game in town. Brazil and California supposedly have some privacy law similar to the GDPR which I assume includes a right of access. Hence why they were also mentioned in the title.
#fuckEmail
I just had to send a msg to a gov office.
Email has been generally broken¹ the past couple decades. I prefer fax. It’s more reliable and I choose what I want to disclose to the recipient. Even in cases where part of the fax transmission routes over email, it’s still more reliable than pure email because those fax→email gateways are managed by recipients to ensure all-or-nothing (all faxes are delivered or none of them). Fax is immune to shenanigans like “mail server X accepts mail from Y but not Z”.
When I tried to send the fax, the fax machine did not answer. So I voice called the office. They said “we unplugged our fax machine”. WTF! So I said please plug it back in because I’m trying to send a fax. So a bit later I tried again and it worked.
Folks, we are losing fax because most of the population does not grasp the privacy compromise with email, and the compromise of netneutrality and reliability. If I am the only person in the world who keeps fax in use, fax will die fast because it’s easy to marginalise 1 person.
Footnote 1: Email is shit--
Even if the gov office mail server were to accept my msg, I face the problem of not wanting an email reply and not trusting them not to abuse whatever address I reveal to them. I don’t want to be forced to put Google and Microsoft in the loop on my conversations, to go through their hoops, solve their dkim CAPTCHA, and ultimately I don’t want to be forced to feed profitable data to those surveillance advertisers who have partnered with the oil industry. Google and SpamHaus broke email and the population accepted it. So email can fuck right off.
Gmail doesn’t care what the FROM field address is. It can be entirely unrelated to the sending server and can be complete gibberish nonsense. MS did not care either back when MS did not consider dynamic IPs blacklisted. Now that MS wholly rejects dynamic IPs I’m not interested in retesting that anyway.
Even from a narrow purely infosec-privacy PoV, how can people be so clueless this day in age with the fully enshitified web?
It’s not going to be a simple text email with your receipt attached. The email will be HTML with a tracker pixel (text MIME part broken or generally non-existent), so the seller can log the fact that you read the receipt, when, and with what IP address. Then when you get the email open, it won’t even contain the receipt because it will be used as an opportunity to get you on their website where they can get more sales. It will say “come to our website and pick up your receipt”. When you try to visit the site with the unique URL they send, Tor will be blocked (under the guise of “security” but in reality they want your browser print and IP again in case you used a text-only MUA). This will give them what makes it trivial to link your online identity to your offline purchase (cha-ching.. mo money). Then a Google Plastore-only non-FOSS app will be shoved in your face as a more convenient way to fetch your receipts in the future. You will have to solve a CAPTCHA to reach your receipt, which generates more profit for them while steering people toward a shitty app.
It will be like London Heathrow or JFK airport, where you cannot simply walk to your gate without being long-hauled through a series of marketing opportunities.
And before you irrationally call this “paranoia” as well, I will preempt that by saying no, it’s capitalism. Which brings us the enshitified web.
NFC would encourage phone upgrading which is worse for the environment than the problem they think they are solving. Paper is biodegradable. Phones are not.
Android 2.3+¹ supports bluetooth file transfers. This would avoid both the problem of using cloud energy and privacy problem (but only for smartphone owners who carry their smartphones). The article mentioned PDF being rejected. PNG could work, though it’d be a missed opportunity to get a digitally signed receipt. In any case, the paper receipt cannot be wholly replaced if it requires consumers to have a phone and to carry it, or if it requires sharing email addresses.
¹ maybe even AOS 1.8.. didn’t check
Privacy is about control.
You don’t understand privacy given your conflation with paranoia and oversight of my mention of a boycott. Privacy is not just about non-disclosure of sensitive information. It’s much more than infosec.
When you mislabel privacy as “paranoia”, you become part of the problem of advocating disempowerment of people in favor of control misappropriation.
If you don’t want to receive emails from servers belonging to Microsoft, Google, or Amazon, you better delete your mail account and ask them to mail you the receipt.
This absurd attempt at a false dichotomy showcases contempt for individuals having power to boycott selectively. What you suggest is wholly disempowering to people -- to claim this all or nothing narrative.. that people should either not have email access at all, or they should have zero control over who they connect with over email. Your stance represents a boot-licking wet dream for corporations and governments. It has no place in any privacy community.
In several European countries, retailers are no longer obliged to provide a paper receipt. France goes further by prohibiting its systematic printing.
cross-posted from: https://sopuli.xyz/post/12558862
> So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending. > > It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article: > > > In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it. > > What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost. > > It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register). > > But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor. > > Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce. > > It’s obviously an encroachment of the data minimisation principle under the #GDPR. More data is being collected than necessary. > > ¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.
In several European countries, retailers are no longer obliged to provide a paper receipt. France goes further by prohibiting its systematic printing.
So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.
It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:
> In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.
What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.
It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).
But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.
Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.
It’s obviously an encroachment of the data minimisation principle under the GDPR. More data is being collected than necessary.
¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.
I’m fine with all that. I’ve mostly abandoned #email anyway because I do not accept the terms Google has imposed on the world. I send most messages by postal mail when recipients have only exclusive and restrictive receiving options.
The inability of the recipient to reply to an onion address using their normal service is actually part of the idea. I would not want a gmail user to be able to use gmail to reply, for example. While Google drags people into their walled garden, I’m happy to exert pressure in the opposite direction.
(edit)
If I were to send a msg to gmail user in a way that they could simply reply from Google, then I become part of the problem by reinforcing the use of Gmail and helping Google get fed. That’s not going to happen. It’s a non-starter.
That is 100% what im saying, yes.
Okay, so AFAICT you’ve not said anything that prevents individual users from using an onion FROM address, so long as the sending server is authorized via all the shitty spf, dkim, dmarc, dane hoops. This is what I’m after. In fact, I’m even less demanding. I don’t care if a service provider doesn’t bother with dkim and gets rejected by some servers. Email is in such a broken state anyway.. I just need the option to set the FROM field to an onion address. The reason my own server is insufficient is the residential IP is very widely rejected.
I’m not surprised. Google took an anti-RFC posture when they broke email and brought in their own rules under the guise of anti-spam (the real reason is domination). The whole point of RFCs existence is interoperability. That was broken when servers reject RFC-compliant messages.
I’m not interested in bending over backwards to accommodate. Satisfying Google’s dkim reqs requires the server admin to solve a CAPTCHA. That’s a line I personally will not cross. So at the moment I simply do not email gmail users (or MS Outlook users, same problem).
The server is checking that the EHLO domain matches that of the IP of the sending server. Whatever is in the FROM: field is entirely irrelevant to that. The RFC even allows multiple email addresses in the FROM field. It’s rarely practiced, but it’s compliant. So if you have FROM: bob@abc.com, bob@xyz.onion, bob@xyz.org, are you saying the receiving server would expect the domain of all FROM addresses to match that of the sending server? What happens when a sender has a gmail account but uses a vanity address? Instead of bob@gmail.com, he has bobswidgets@expertcorp.com. Are you saying expertcorp.com ≠ gmail.com, so the receiving server will reject it? I think not. Google offers the ability of their users to use an external address last time I checked.
cross-posted from: https://sopuli.xyz/post/12515826
> I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:
> > From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion > To: someoneElse@clearnet_addy.com >
> I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?
I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:
From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion To: someoneElse@clearnet_addy.com
I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?
cross-posted from: https://sopuli.xyz/post/10440580
> The source of this article is in a walled garden that disrespects our privacy so I will not cite it. But here’s the text, posted here in the free world for all people to access: > > --- > > The menace of “the War on Cash” is making steady headway across the board. > > And that’s whether it concerns big-time international policy-makers pushing for total digitization of financial assets – or individual examples that showcase just how serious this threat is. > > Here’s one such case: Elizabeth Dasburg and two others were denied the right to use cash to pay entry fee to the Fort Pulaski National Monument in Georgia, managed by the National Park Service. > > It’s turned into, “parks, but no recreation” – because the victims of this violation of US law regulating the use of domestic currency have now opted for litigation. > > Plain and simple, Dasburg and the two others believe it is still illegal in the US to refuse to accept the country’s legal tender. Or is it? That’s the question the US District Court for the District of Columbia will have to spell out. > > Judging by the filing, the Fort Pulaski employees were equally indoctrinated against accepting cash, as they were trying to be helpful. The visitors were first told in no uncertain terms that only cards are accepted. > > We obtained a copy of the complaint for you here. > > And then, if – say they had no cards (that they might not want to use them doesn’t seem to have been a consideration) – they were instructed to go to a grocery chain like Walmart and buy a gift card. > > However bizarrely and unnecessarily complicated this might sound – all the more ironic, because it appears the “explanation” for this policy is that cards are more “convenient” – that’s what Fort Pulaski wanted. > > Cards. Of any sort. Things that can be tracked and tied to a person, in other words. > > “By forcing people to use credit cards or digital wallets, under the guise of convenience, the National Park Service becomes a player in the surveillance state, undermining park visitors’ privacy right,” Children’s Health Defense (CHD) General Counsel Mack Rosenberg commented on the case – and the state of affairs. > > CDH has decided to put its money where its mouth is and support the defendants’ case financially. > > The National Park Service is said to have been working on cashless-only payment options for some years, the scheme now in effect in to close to 30 national parks, historic sites and monuments. > > While those behind such things are always happy to present themselves as champions of “equality and diversity,” the reality looks quite different. > > “Only half of low-income households have access to a credit card, according to a March 2022 Federal Reserve Bank of New York report,” CHD President Laura Bono said in a letter to the Park and Service CEO.
cross-posted from: https://sopuli.xyz/post/10336994
> I often give fake info as an extra measure of data protection. If I don’t need the data controller to have my date of birth, I give a fake one. > > Well this just screwed me because I made an access request and the data controller said: to verify your identity, tell us your date of birth. Fuck me. I didn’t keep track of which fake date I gave them. I didn’t even keep track of whether I gave fake info. So they could treat my otherwise legit request as a breach attempt. > > I should have kept track of the birth date I supplied. I will; from now on.
cross-posted from: https://sopuli.xyz/post/9861733
> I would cast my drop-in-the-ocean vote if it didn’t require needlessly reckless disclosures. The question is- which states offer more privacy than others? These are some of the issues: > > publication of residential address > --- > It’s obviously fair enough that you must disclose your residential address to the election authority so you get the correct ballot. But then the address is public. WTF? I’m baffled that the voter turnout isn’t lower. > > Exceptionally, Alaska enables voters to also supply a mailing address along with their residential address. In those cases, the residential address is not made public. But still an injustice as PO Boxes are not gratis so privacy has a needless cost. > > Some states give the mailing address option exclusively to battered spouses. So if you are a victim of domestic abuse, you can go through a process by which you receive an address for the public voting records that differs from your residential address. Only victims of domestic abuse get privacy that should be given to everyone. > > publication of political party affiliation > --- > You are blocked from voting in primary elections unless you register a party affiliation, in which case you can only vote in the primary election of that party. A green party voter cannot vote in the democrat primary despite the parties being similar. The party you register in is public. So e.g. your neighbors, your boss, and your prospective future boss can snoop into your political leanings. > > AFAIK, this is the same for all states. > > publication of your voting activity (which is used for shaming) > --- > Whether you voted or not is public. If you register to vote but do not vote, it’s noticed. There is a shaming tactic whereby postcards are sent saying “your neighbors the Johnsons at 123 Main St. voted early -- will you do your civic duty too? Note that the McKinneys at 125 Main St. have not voted; perhaps you can remind them?” They of course do this in an automated way, so non-voters know their neighbors are receiving postcards that say they did not partake in their civic duty. > > forced disclosure to Cloudflare > --- > These states force all voter registrations through Cloudflare: > > * Arizona > * Florida > * Georgia > * Hawaii > * Idaho > * New York > * Ohio > * Rhode Island > * Washington > > That’s not just public info, but everything you submit with your registration including sensitive info like DL# and/or SSN goes to Cloudflare Inc. Cloudflare is not only a privacy offender but they also operate a walled garden that excludes some demographics of people from access. Voters can always register on paper, but whoever the state hires to do the data entry will likely use the Cloudflare website anyway. So the only way to escape Cloudflare getting your sensitive info in the above-mentioned states is to not vote. > > To add to the embarrassment, the “US Election Assistance Commission” (#USEAC) has jailed their website in Cloudflare’s walled garden. Access is exclusive and yet they proudly advertise: “Advancing Safe, Secure, Accessible Elections”. > > solutions > --- > What can a self-respecting privacy seeker do? When I read @BirdyBoogleBop@lemmy.dbzer0.com’s mention¹ of casting a “spoiled” vote which gets counted, I thought I’ll do that.. but then realized I probably can’t even get my hands on a ballot if I am not registered to vote. So I guess the penis drawing spoiled vote option only makes a statement about the ballot options. It’s useless for those who want to register their protest against the voter registration disclosures. > > Are there any states besides Alaska that at least give voters a way to keep their residential address out of publicly accessible records? > > 1) it was mentioned in this thread: https://lemmy.dbzer0.com/post/8502419
In the US banks are capturing the voices of their customers who contact their call centers for any reason. So if a USian vocally says something controversial they probably have no hope of anonymity if they called their bank in recent years.
Is the same thing not happening in Russia and Israel? An IDF soldier came on broadcast radio and criticized Israel, and a Russian citizen criticized Putin. Shouldn’t they be concerned about doxxing risks?
It would be reckless if the radio station did not disguise their voices, but I don’t get the impression their voices are being disguised. So I just wonder if voice disguising tech is so good at making the voice sound natural that it’s not detectable.
One of Google Search's oldest and best-known features, cache links (aka "cached"), are being retired.
cross-posted from: https://sopuli.xyz/post/8702045
> (⚠ Enshitification warning: The linked article has a cookie wall; just click “reject” and the article appears) > > Google is ending the public access to the cache of sites it indexes. AFAICT, these are the consequences: > > * People getting different treatment due to their geographic location will lose the cache they used as a remedy for access inclusion. > * People getting different treatment due to having a defensive browser will lose access. > * The 12ft.io service which serves those who suffer access inequality will be rendered useless. > * Google will continue to include paywalls in search results, but now consumers of Google search results will be led to a dead-end. > * The #InternetArchive #WaybackMachine will take on the full burden of global archival. > * Consumers will lose a very useful tool for circumventing web enshitification. > > Websites treat the Google crawler like a 1st class citizen. Paywalls give Google unpaid junk-free access. Then Google search results direct people to a website that treats humans differently (worse). So Google users are led to sites they cannot access. The heart of the problem is access inequality. Google effectively serves to refer people to sites that are not publicly accessible. > > I do not want to see search results I cannot access. Google cache was the equalizer that neutralizes that problem. Now that problem is back in our face.
(cross-posting to privacy forums because cache access enables privacy seekers to reach content that otherwise requires them to step outside of Tor)
cross-posted from: https://sopuli.xyz/post/8557194
> This is a FOSS tool that enables people to check a website for #GDPR compliance.
Some people use https://libretranslate.com/ thinking they are gaining some privacy by avoiding Google Translate. This web service is proxied through Cloudflare, thus exposing potentially sensitive text to a privacy-hostile US tech giant. #Libretranslate uses words like “libre”, “free” and “open” to gain people’s trust. No mention of Cloudflare, so quite deceiving.
A CTO in Czech Republic was considering using Libretranslate on sensitive medical and personal data of people. Yikes! His only concern was whether the Libretranslate admin kept logs of the translations.
Czech is an EU member, thus subject to the GDPR. But I actually cannot think of a GDPR violation here in the general case. Everyone is free to outsource. And Europeans would likely be routed to a CF server in Europe.
Banks use your deposits to make loans to carbon-intensive industries. A new analysis finds that $1,000 in your account creates emissions equal to a flight from NYC to Seattle.
cross-posted from: https://sopuli.xyz/post/7212221
> Keeping $1k in a bank for 1 year is equal to the CO₂ emissions of flying New York to Seattle. Because banks invest in fossil fuels.
I’m considering building a directional FM antenna for an FM station that has almost no signal in most of the house. Otherwise I must put the receiver near the window and put the antenna in a specific position. (related thread)
At the same time I am also tempted to build a omni-directional FM antenna that would also suit DAB frequencies (if possible). Since I would prefer to only run one coax cable throughout the house I guess I need to know if the directional and omni-directional antennas can simply be spliced together to share the same coax.
Is that feasible?
Why is there no respect for privacy by the Mint project? When documentation was jailed in Cloudflare’s walled-garden, I took people off Mint. Today I tried to visit the mint website to see if the Tor community is still being discriminated against. Things have worsened. Now the Mint landing page is i...
When I tried to attach a jpg image to this post:
https://sopuli.xyz/post/6943637
I got:
SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data
These are the image details:
$ identify image.jpg image.jpg JPEG 970x308 970x308+0+0 8-bit sRGB 17005B 0.000u 0:00.000
cross-posted from: https://sopuli.xyz/post/6076984
> Belgian municipalities have started forcing people to use web browsers to interact with public services. That’s right. It’s no longer possible to reach a variety of public services in an analog way in some Belgian regions. And for people willing to wrestle with the information systems being imposed, it also means cash payment is now impossible when a service requires a fee. The government is steam-rolling over elderly people who struggle with how to use technology along with those who only embrace inclusive privacy-respecting technology. These groups are apparently small enough to be marginalized without government reps worrying about lost votes. > > Hypothetically, what would happen if some Amish villages existed in Belgium? I ask because what’s being imposed would strongly go against their religion. Would the right to practice religion carry enough weight to compel the government to maintain an offline option even if it’s a small group of Amish? If yes, would that option likely be extended to everyone, or exclusive to the Amish?
Cloudflare blocking medical information
I was having some medical problems involving increasing pain coupled with a somewhat terrifying symptom. I did a web search to work out what I might be dealing with & whether going to the ER was essential or whether it was just a matter of pain tolerance. I use Tor for everything -- but especially for healthcare matters. It would be foolish to step outside of Tor and compromise sensitive medical data. Most of the search hits that looked useful were sites giving medical information from behind anti-tor firewalls, many of which are Cloudflare. My usual circumvention of using archive.org was broken. For some reason archive.org simply gives a “cannot connect” msg, lately. I get the impression archive.org has started blacklisting fingerprints of frequent users because changing browsers and window geometry often solves the problem.
I found one article saying the need for ER is really just a matter of pain but I would have liked to see more articles saying the same thing. During my search which was mostly thwarted by an enshitified tor-hostile web, the pain intensified to a point where I simply had to go to the ER.
Security nannying interferes with family comms
I’m only connected to my family over Wire & XMPP. The iPhone version of the xmpp app my family uses drops the ball on notifications, so #XMPP was effectively a black hole. (This is possibly a defect in the iPhone system and may not even be an app-specific issue.. an honest bug regardless)
The #Wire app developers decided at some point that my AOS version was unacceptable so they coded a self-destruction mechanism in the app. The incompetence of their nannying manifested into a mostly broken app. If someone msgs me on Wire, the app shows just as much text of each msg that fits on the notifications screen in one line. Effectively, the first 5 or so words on inbound msgs and no way to see the whole msg and no way to send an outbound msg of any kind.
So I could not notify my family due to #securityNannying. There are often cases where a developer appoints themselves as an authority on security and decides for everyone (who they effectively perceive as children) whether the user’s unknown security model is compatible with the level of security the app gives. E.g. a typical manifestation of security nannying is when a project removes an encryption algorithm because they arbitrarily think it’s too old. Too weak for what use-case? They cannot know all the ways the tool is used. Sometimes the two endpoints are both on the LAN (or potentially over a sufficiently secure VPN tunnel), in which case app-level encryption is often not even needed. Yet a project will decide to nix an algo and two differing implementations lose interoperability. Why not have a popup warning and allow adults to make an adult decision as to whether the security circumstances are suitable for the situation?
Hospital staff insist on using Google
Anyway, in ER I’m asked for my email address by someone who handles finances. I supplied it without thinking (mind was elsewhere). When I got out of the hospital I did an MX lookup on her address before she could send a msg. Google! WTF… no, I do not consent to Google having a view of my health records. So before she sent anything I requested erasure of my email address and supplied my snail mail address (which she likely already had). She was supposed to followup with financial aid information. But she never did. I can only guess that her take was apparently that if I’m unwilling to make it easy on her by allowing her to use Gmail, then she’s not willing to cooperate on the financing situation.
Human rights
Healthcare and privacy (esp. privacy OF heath data) are both human rights. When we are forced to choose between two obviously human rights are not being protected.