Lemmy version 0.19.4 introduces ~~3~~ 4 relatively intolerable bugs, and 0.19.5 only fixes one of them.

• cannot post, risk of data loss
• cannot cross-post, but no data loss.
• can only visit the default timeline view
• (update) cannot search

In the US, consumers can freeze their credit worthiness records and receive a code. When the records are frozen, the only orgs that can access the records are those already doing business with the consumer. If a consumer wants to open up a new account, they share the code with the prospective creditor who uses it to see the credit report.

So the question is, how are access controls on credit histories done in various EU nations? Do any use unlock codes like the US, or is it all trust based?

cross-posted from: https://sopuli.xyz/post/13155149

other people’s iPhones more intrusive than other people’s droids

According to the linked research, all iPhones are spying on everyone within Wi-Fi range. If your phone of any kind is squawking wi-fi, all in-range iPhones are grabbing various bits of data like your MAC address and the SSIDs your phone normally looks for (e.g. your home SSID) and reports that back to Apple along with time and location data. The same study could not say the same for Google. So other people’s iPhones are more of a privacy intrusion to you than other people’s droids.

your own iPhone is less intrusive than your own droid when navigating

However, another study shows an inversion between Apple and Google when it comes to what you own and use for navigation. If you use an iPhone for navigation, the iPhone will only send one or two BSSIDs near you to Apple’s server, and the server then floods you with detailed information about other possible BSSIDs around you and their position, so your own device computes your precise location, not Apple’s servers.

Whereas if you navigate using Google’s location services, your device feeds everything to Google and Google’s server does all the work, computes your precise location, and tells you. This is of course more intrusive because Google learns your precise location and time, and (IMO) is likely interested in whatever shop you might be in.

These two studies actually seem superficially contradictory. But there is a difference between ratting out other portable devices and reporting stationary devices.

free-world proponents might be able to exploit Apple for better nav

In any case, the take-away for people living in the free world: forget about using Google Location Services to improve your navigation if you do not want to feed Google your precise location. OTOH, there seems to at least be a theoretical possibility for people not pawned by tech giants to use Apple’s API to get better-than-GPS navigation. Though I suspect it would mean many people would have to share someone’s sacrificial Apple account or get burner accounts.

I’m always on the look out for ways to improve my shitty navigation on a deGoogled phone that’s limited to a slow energy hungry GPS receiver -- without feeding the baddies.

cross-posted from: https://sopuli.xyz/post/13133455

It used to be that you could insert a coin into a washing machine and it would simply work. Now some Danish and German apartment owners have decided it’s a good idea to remove the cash payment option. So you have to visit a website and top-up your laundry account before using the laundry room.

Is this wise?

Points of failure with traditional coin-fed systems:

1. your coin gets stuck
2. you don’t have the right denomination of coins

Points of failure with this KYC cashless gung-ho digital transformation system:

1. your internet service goes down
2. the internet service of the laundry room goes down
3. the website is incompatible with your browser
4. the website forces 3rd party JavaScript that’s either broken or you don’t trust it
5. you cannot (or will not) solve CAPTCHA
6. the website rejects your IP address because it is a shared IP
7. the payment processor rejects your IP address because it is a shared IP
8. the bank rejects your IP address because it is a shared IP
9. the payment processor is Paypal and you do not want to share sensitive financial data with 600 corporations
10. the accepted payment forms do not match your payment cards
11. the accepted payment form matches, but your card is still rejected anyway for one of many undisclosed reasons:
    • your card is on the same network but foreign cards are refused
    • the payment processor does not like your IP address
    • the copy of your ID doc on file with the bank expired, and the bank’s way of telling you is to freeze your card
    • it’s one of these new online-only bank cards with no CVV code printed on the card so to get your CVV code you must install their app from Google’s Playstore (this expands into 20+ more points of failure)
12. your bank account is literally below the top-up minimum because you only have cash and your cashless bank does not accept cash deposits; so you cannot do laundry until you get a paycheck or arrange for an electronic transfer from a foreign bank at the cost of an extortionate exchange rate
13. you cannot open a bank account because Danish banks refuse to serve people who do not yet have their CPR number (a process that takes at least 1 month).
14. you are unbanked because of one of 24 reasons that Bruce Schneier does not know about
15. the internet works when you start the wash load, but fails sometime during the program so you cannot use the dryers; in which case you suddenly have to run out and buy hanging mechanisms as your wet clothes sit.
16. (edit) the app of your bank and/or the laundry service demands a newer phone OS than you have, and your phone maker quit offering updates.

In my case, I was hit with point of failure number 11. Payment processors never tell you why your payment is refused. They either give a uselessly vague error, or the web UI just refuses to move forward with no error, or the error is an intentional lie. Because e.g. if your payment is refused you are presumed to be a criminal unworthy of being informed.

Danish apartment management’s response to complaints: We are not obligated to serve you. Read the terms of your lease. There is a coin-operated laundromat 1km away.

Question: are we all being forced into this shitty cashless situation in order to ease the hunt for criminals?

cross-posted from: https://sopuli.xyz/post/9076220

I posted this thread on jlai.lu. I got no replies as far as I could see from sopuli -- no notifications, and when I enter that thread there are still zero replies. But when I visit the thread on the hosting instance, I see a reply. This behavior is the same as if I were blocking that community -- but I am not.

When I search in sopuli for the direct link to the comment, the search finds it. And then I was able to forcibly interact with the comment.

I have to wonder how often someone replies to me and I have no idea because the response is hidden from me. This is a serious bug. Wholly unacceptable for a platform designed specifically for communication.

update 1 (another occurrence)

Here’s another thread with the same issue. Zero replies when I visit that thread mirror within sopuli, but 3 replies when visiting direct. I was disappointed that high-effort post got no replies. Now 2 months later I see there actually were replies. I will search those comment URLs perhaps in a couple days to interact. But I’ll hold off in case someone wants to investigate (because I think the act of searching those URLs results in copying the comments which could interfere with the investigation).

update 2 (subscription relevancy)

I was asked if I am subscribed to the community. Good question! The answer is no, so there’s a clue. Perhaps mentions do not trigger notifications if no one on the instance of the mentioned account is subscribed to the community. This could be the root cause of the bug.

I noticed a library that has ethernet ports, which I must say is quite impressive. So many libraries strictly expect people to use wifi which has downsides:

• many (most?) wifi NICs have no FOSS drivers (ethernet is actually the only way I can get my FOSS laptop online)
• ethernet is faster and consumes less energy
• wifi radiation harms bees and other insects according to ~72 studies (update: separate discussion thread here which shows the research is heavily contested)
• apparently due to risk of surrounding households consuming bandwidth, 2FA is used (which is inadvertently exclusive at some libraries)
• enabling wifi on your device exposes you to snooping by other people’s iPhones and Androids according to research at University of Hamburg. Every iPhone in range of your device is collecting data about you and sending it to Apple (e.g. SSIDs your device previously connected to). From what I recall about this study, it does not happen at the network level, so ethernet devices attached to the same network would not be snooped on (and certainly SSID searches would not be in play).
• (edit) users at risk to AP spoofing (thanks @NoneYa@lemm.ee for pointing this out)

I don’t know when (if ever) I encountered a library with ethernet. Is this a dying practice and I found an old library, or a trending practice by well informed forward-thinking libraries?

BTW, the library that excludes some people from wifi by imposing mobile phone 2FA is not the same library that has ethernet ports, unfortunately. If you can’t use the wifi of the SMS 2FA library then your only option is to use their Windows PCs.

cross-posted from: https://sopuli.xyz/post/7147508

case 1 (buying a cheap gadget from outside Europe):

I ordered a rare gadget from the US which could not be obtained locally. It was only $10. It was inspected by customs (which IIUC is a random selection process). Customs deemed it worthless, likely because the low value was not worth the paperwork. But then Belgian post demanded a flat “clearance fee” of €10. The rationale is that #bPost wants extra compensation for their effort in managing customs on behalf of the recipient. If I were to refuse payment, bPost would have a right to keep the gadget or destroy it, and had no obligation to return it.

IIUC, I also had the option to fetch the package from the customs office myself and pay nothing. This was an undisclosed option - I only later learned about it via rumor. In hind sight, it would not have made a difference anyway because the customs warehouse is quite far from Brussels. So I paid the €10.

case 2 (a customs mess and lost gift):

In part because of case 1, I tell family outside of Europe to never send me gifts. I generally tell everyone not to send me gifts anyway because of my general objection consumerism. But mom would not hear it; sent me a gift anyway. She wanted it to be a surprise but of course that doesn’t fly with customs. So she did everything right as far as she knows - declared a value and listed the contents.

Normally I would expect to receive a pick-up slip from bPost. But this time customs sent a form asking me for a copy of the invoice and to list the contents and value. I replied saying it’s a gift, thus I have no invoice. I said for the same reason I don’t know the contents or value but that I was told that info was already disclosed on the package by the shipper. I supplied a phone number so they could reach me quicker.

Customs apparently simply ignored my response. I received no further correspondence and no pickup slip. Mom never received the package back either. It just disappeared. I told my mom she should at least demand a refund from USPS on the shipping costs, but she could not be bothered. I’m not sure if customs tried to call me (it was years ago). It’s quite possible that they called and did not speak English which would have effectively been a dead-end because I was not fluent in local languages.

case 3 (future gift):

Another family member really wants to send me a gift for some exceptional reason. I have no idea what it is but I plan to stand my ground and insist that it will be a disaster.

I’m posting this to ask if my facts are correct, or whether things have changed. So specifically:

1. Is shipping into Europe still a random game of chance, whereby some packages simply get a pass and avoid both VAT and clearance fees?
2. Is it possible for a sender to pay the VAT at the same time as paying for shipping and ensure there is no further VAT fees or clearance fees? (I heard that’s possible although I don’t think this was ever offered to people shipping things)
3. Is the clearance fee from bPost still a flat €10?
4. Is the clearance fee from UPS and/or FedEx still €13 plus a percentage of the value?
5. Is it legal for customs to ignore correspondence? I would expect a developed system would require customs to respond one way or another to state what demands are unmet, and to give some kind of notice before or after taking some adverse action. If a response to them is lost, I would also expect customs to send a reminder saying they received no reply (in a civilized region).
6. (amend) I heard a rumor that often if a VAT charge is levied, then the courier will often waive their clearance fee but if customs opts not to charge VAT then couriers are encouraged to impose their clearance fee to ensure that recipients have to pay something. Is this generally true? If yes, is it actually written policy?

cross-posted from: https://sopuli.xyz/post/6076984

Belgian municipalities have started forcing people to use web browsers to interact with public services. That’s right. It’s no longer possible to reach a variety of public services in an analog way in some Belgian regions. And for people willing to wrestle with the information systems being imposed, it also means cash payment is now impossible when a service requires a fee. The government is steam-rolling over elderly people who struggle with how to use technology along with those who only embrace inclusive privacy-respecting technology. These groups are apparently small enough to be marginalized without government reps worrying about lost votes.

Hypothetically, what would happen if some Amish villages existed in Belgium? I ask because what’s being imposed would strongly go against their religion. Would the right to practice religion carry enough weight to compel the government to maintain an offline option even if it’s a small group of Amish? If yes, would that option likely be extended to everyone, or exclusive to the Amish?

Gov-issued banknotes used to be based on gold, so IIUC that theoretically meant you could always trade your cash for gold. And IIUC, that was also a control on inflation.

Then at some point the currency (guess I’m assuming USD but perhaps it applies to all currencies?) was no longer based on gold. People just simply trust the currency just because there are anti-counterfeit features, and perhaps because everyone else trusts it. Is that it? Is there nothing else to establish confidence in the value?

I ask because I saw a clever anti-cryptocurrency post saying something like:

1 coin of crypto = ½ unicorn horn = 1 faun hoof = ¼ vial of potion from an oni = 50 grams of fairie dust = ⅛ dragon egg = 1 Klingon tooth

Funny, but okay, he hopes to convince people that #cryptocurrency not being based on anything means it’s worthless. Couldn’t we just as well add USD to that equation, since US dollars are also not based on anything now that gold is out of the picture?

All libraries in #Brussels are closed on holidays and most of them closed on Sunday. Exceptionally, a few open on Sunday for just a 2 hour window so you can get a book and get out.

Even more exceptional is one branch in the city that is officially closed on Sunday but you can sign up for access all day. It’s not staffed but you can badge in and surveillance cameras record everything throughout. You cannot bring friends and have a duty to prevent tail-gating through the door. But it’s good to at least have the option. Otherwise it’d be quite annoying to have no access on Sunday. Most people get Sunday off so of course it’s the most interesting day to use the library.

Anyway, it’s cool that the Swedish library in that article was respected apparently despite no surveillance (I assume). If that were a regular thing I guess there would eventually be a bad apple.

cross-posted from: https://sopuli.xyz/post/5730013

Before sharing a link I would like to determine whether the website excludes people from access, and who is excluded. I can test for myself whether the Tor community is excluded, but what about:

• VPNs
• i2p
• public libraries
• #cgNAT issued IP addresses
• various regions
• particular browsers (e.g. lynx, w3m)

for example? I cannot check all those means of access. If a website is implementing some form of digital exclusion, I would like to ensure that I am not helping the exclusive website gain visitors.

#askFedi #netneutrality