I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor...
When I entered I spoke to a different librarian about the locked PC room (due to a holiday or something). They said I could use wifi but need to give a phone number to a captive portal, which I already knew. My phone was not on me so I said: is it okay if I plug in over there by the catalog PCs? They said yes. Revealing what I mean by "plugging in”, well, i was vague for a reason. I know the population has become ethernet-hostile¹ so indeed asking for forgiveness is better than asking for permission in this situation.
¹ Another library in the area has ethernet ports but they are just decoys (dead ports). I asked the librarian what the problem is, why they are disabled, and whether we can turn them on. Librarian was helpless, and said “use wifi”, which didn’t work for me for different reasons than the other library. But the librarian basically said in so many words “not our problem.. you can just use wifi.” At another library, I was able to connect but Tor was blocked. I tried to get support from the librarian. They had no clue but were also unwilling to lead me to someone who could give support. The way it works around here is the info systems are outsourced to some unreachable tech giant, and the librarians are rendered helpless. If the SSID does not appear, the librarian can send an email to someone to say it’s down, and that’s about the full extent of their tech capability.
I think they mean trust in the librarian to genuinely know the policy and what should work. They tend not to in this case because ethernet has become obscure enough to be an uncommon question, if ever.
Another library had ethernet ports all down the wall next to desks. They were dead and no one used them. It was obvious that the librarian had no clue about whether the ports were even supposed to function. When I said they are dead and asked to turn them on or find out what’s wrong, they then figured that if the ports don’t work, it must be intentional. So the librarian’s understanding of the policy was derived from the fact that they were dysfunctional. Of course if they were intended to work but needed service, ethernet users are hosed because the librarian’s understanding of policy is guesswork. There is no proper support mechanism.
I asked a librarian at another library: I need to use Tor. Is it blocked? I need to know before I buy a membership. Librarian had no idea. They just wing it. They said test it. Basically, if it works, then it’s acceptable. The functionality becomes the source of policy under the presumption that everything is functioning as it should.
Since ethernet has been phased out, modern devices no longer include an ethernet NIC, and there are places to plug into A/C with no ethernet nearby, the librarians and the public are both conditioned to be unaware of ethernet. So the answer will only be either: no or test and see.
I’ve asked librarians a full range of tech questions about what works, what’s blocked, what’s allowed.. they /never/ have a clue because of outsourcing. Their guess is as good as mine. In the 90s, I would say you are spot on. Librarians should have answers. Things have evolved to where the policy is decided non-transparently, it’s outsourced to an unreachable company, and librarians are simply as uninformed as the public. Trial and error. If you read the AUPs it never says Tor is banned at libraries, for example, but they simply block it. Experimentation is the way people get answers in my area.
So knowing that librarians don’t have deep tech info, or even basic tech info, and that they also cannot escalate questions, talking to them is really where time is wasted.
Private libraries are quite rare. I think only one employer I worked for had an on-site private library where the assets are not publicly owned. It’s rare. Most libraries are public.
My post is about public libraries, which were financed with public money. It’s worth noting the Universal Declaration of Human Rights:
Article 21
¶2) Everyone has the right of equal access to public service in his country.
That includes public libraries. It’s disgusting that you endorse discriminating against people without mobile phones and private subscriptions in the course of accessing public resources.
The librarian who said it was okay to plugin (which they likely understood to mean plugin an A/C power cord) was young, not as senior as the edgy librarian. I’m not going to take down a kid and get them in trouble for not picking apart what it means when someone asks if they can “plug-in”.
People like Trump will throw his supporters under the bus when self-defense calls for it. I will not.
What would the point be? I didn’t need a defense. I got scolded and was walking out. Since I was calm, the librarian became calm. Police were not called and I was not detained. And if that had happened, I would have exercised my right to remain silent anyway.
Someone should let the IT staff know so they can properly block those services on ethernet as well.
Someone should let the IT staff know that wi-fi does not work for everyone, including:
People running a free software platform that lacks support for a wifi NIC that needs a proprietary driver and firmware
People running free software who ethically object to running the proprietary non-free driver and firmware their wifi NIC requires
People without a mobile phone to perform the captive portal-mandated SMS verfication
People with a mobile phone but who want to exercise their GDPR right to data minimization
Climate activists who prefer not to spend 30 times more energy needed for wi-fi radios
People who want the security of other wi-fi users not eavesdropping on their traffic by simply pointing a yagi antenna from a block away (on a network that blocks the VPNs that would protect them from that on wi-fi)
(edit)
People who cannot get past the captive portal for other reasons, such as the captive portal imposing TLS 1.3 on older software (forced obsolescence), or anything else that fails technically, like DNS breakage preventing the captive portal’s hostname from resolving.
And because simply turning on Wi-Fi in public enables all iPhones in your range to automatically snoop, collect your wi-fi params including SSIDs your device looks for before sending it to Apple, along with GPS fix and timestamp (according to research), there are people who:
for privacy reasons object to being snooped on generally in this way
boycott Apple already for any number of reasons, and who have enough discipline and resolve to oppose feeding profitable data to Apple -- regardless of whether they actually care about the disclosure.
boycott the fossil fuel industry, including Google who supplies AI to Totaal Oil to find drilling locations, and thus oppose feeding Google by way of Androids in range doing the same collection as Apple. (note it’s disputed whether Google actually mirrors Apple on this to the extent of Apple)
Well, you were trying to bypass one of their security measures.
I was not carrying my phone. Thus bypassing the reckless policy of a tax-funded public resource to exclusively serve people who entered the private marketplace to obtain mobile phone service, in violation of article 21¶2 of the Universal Declaration of Human Rights:
“Everyone has the right of equal access to public service in his country.”
So the protected class they are discriminating against here is “doesn’t want to use wifi”?
The protected class is the poor. The UDHR specifically protects people from discrimination on the basis of property. You cannot treat someone different under the UDHR for owning less property than someone else with regard to all the rights enshrined in the UDHR. Only serving people who bought a mobile phone and paid for a subscription violates that provision.
You had the means to access the Internet, you chose not to use them.
I did not have a mobile phone on me. I could have gone home to fetch my phone because incidentally I happened to have a phone with service at home. But I would not have had time to return to the library and complete my task before it closed.
I’ve also gone over 6 months with no phone service at all sometimes. If I were in one of those time periods, connecting would have been impossible. My phone access is touch and go. I let my service die whenever nothing critical comes up that demands it for a period of time.
And I will do it again. Not having a phone is a goal I will continue to meet, off and on, because it’s important to periodically test whether we have a right to unplug. It’s especially important to test this if you live in a GSM registration part of the world.
Captive portal is likely making you agree to not abuse the service.
Have you forgotten that an agreement can be made on paper?
Nothing about a captive portal requires wifi. There are many ways to get that agreement. Neglecting to make the agreement part of the ToS when you become a member is just reckless.
You need to read Article 21. And as you read it, keep in mind it’s a public library.
(edit)
There was a day when black people were denied access to the library. I suppose you would have said “Bruh, denying books is not a human rights violation” without any kind of legal rationale that articulates the meaning of Article 21.
Bizarre that so many here think it’s human-rights compliant to block poor people (those without phones) from public internet; who are in fact the people who need it most as governments are abolishing analog mechanisms of public service. Would be interesting to survey that same crowd on how many of them find it okay to block black people from publicly owned books. People can’t be this obtuse. It’s likely a high density of right-wing conservatives here, who understand human rights law but simply condemn anything they regard as competing with
their privilege.
I guarantee that a librarian would have helped you if you told them you didn’t have your phone on you.
I did tell the 1st librarian I did not have a phone. It’s what led up to green lighting my request to plugin.
I’ve run into this at other libraries because I do not carry my phone. Whenever I ask how to get online without a phone, the answer is to use their PCs (if they exist, and if they are open [as they are closed part of the day]). That’s it. There is no upstream support call. They apparently don’t even give feedback to management that someone was denied access for not having a phone.
I merely tried to get online using an ethernet cable. I didn’t get hostile. I was calm. And because I was calm, the librarian became calm. The only hostility was in the librarian’s single opening comment to me, and what you see in this thread.
I answered this in another reply. The PC room was closed.
In my area the PCs are closed part of the day for some reason (in several libraries), when the library is open for books and wifi. There are two sets of opening hours.
The UDHR is not a treaty, so it does not create any direct legal bindings.
Sure, but where are you going with this? Legal binding only matters in situations of legal action and orthogonal to its application in a discussion in a forum. Human rights violations are rampant and they rarely go to The Hague (though that frequency is increasing). Human rights law is symbolic and carries weight in the court of public opinion. Human rights law and violations thereof get penalized to some extent simply by widespread condemnation by the public. So of course it’s useful to spotlight HR violations in a pubic forum. It doesn’t require a court’s involvement.
The judge who presided over the merits of the Israel genocide situation explained this quite well in a recent interview. If you expect an international court to single-handedly remedy cases before it, your expectations are off. The international court renders judgements that are mostly symbolic. But it’s not useless. It’s just a small part of the overall role of international law.
The article you quote may have been excluded, overwritten or rephrased in your jurisdiction.
I doubt it. It’s been a while since I read the exemptions of the various rights but I do not recall any mods to Article 21. The modifications do not generally wholly exclude an article outright. They typically make some slight modification, such as some signatories limiting free assembly (Art.20 IIRC) to /safe/ gatherings so unsafe gatherings can be broken up. I would not expect to see libraries excluded from the provision that people are entitled to equal access to public services considering there is also Article 27:
“Everyone has the right freely to participate in the cultural life of the community, to enjoy the arts and to share in scientific advancement and its benefits.”
The European HR convocations take that even further iirc.
After reading your post, I would say, no harm intended, just don’t do it again.
You may be misunderstanding the thesis. This is not really about staying out of trouble. Or more precisely, as an activist up to my neck in trouble it’s about getting into the right trouble. The thesis is about this trend of marginalising people with either no phone and/or shitty wifi gear/software and a dozen or so demographics of people therein who do not so easily give up their rights. It’s about exclusivity of public services funded with public money. Civil disobedience is an important tool for justice outside of courts.
The security matter is really about competency and cost. The main problem is likely in the requirements specification conveyed to the large tech firms that received the contract. From where I sit, it appears they were simply told “give people wifi”, probably by people who don’t know the difference between wifi and internet. In which case the tech supplier should have been diligent and competent enough to ask “do you want us to exclude segments of the public who have no wifi gear and those without phones?”
That’s not equal access. Everyone has equal access to the PCs running Firefox, but not everyone has equal access to BYoD internet service.
Is someone claiming we only need Firefox? If so, then you won’t mind if we scrap wifi altogether, right? BYoD internet service enables people to keep a data store with them which then connects periodically to operate on the persistent data in a collaborative way, which also empowers people to control the applications that are installed. That’s a different public service for difference purposes than a shared PC where your data does not persist and you cannot control the apps.
You can’t claim shit about equality for all and access without materials, when discussing byod. Make up your mind.
There is PC access, and then there is byod access. It’s a false dichotomy to demand choosing one or the other particularly when only one of the two is available to everyone, and harmful to people’s rights if you simultaneously design a system of workflow on the assumption that one replaces the other interchangeably.
They are different services for different purposes. Don’t let the fact that some tasks can be achieved with both services cloud the fact that some use-cases cannot.
Everyone has access
Everyone has access to a PC running Firefox. Not everyone has BYoD WAN service access.
byod is covered for 99% as extra convenience.
Firefox is not the internet.
It’s not just convenience. It’s the capability and empowerment of controlling your own applications. If the public PC doesn’t have a screen reader and you are blind, the public PC is no good to you and you are better served with BYoD service. If you need to reach someone on Briar, a Windows PC with only Firefox will not work.
You aren’t being treated poorly, instead, you have unreasonable expectations.
This remains to be supported. I do not believe it’s reasonable to only serve people with mobile phones. Thus I consider it a reasonable expectation that people without a subscribed mobile phone still get BYoD WAN service.
Data persists both in the cloud, or on a memory stick. Free options exist.
None of the PCs in any library I have used will execute apps that you bring on a USB stick (but even if they did, the app you need to run may not be compatible with Windows). Also some library branches disallow USB sticks entirely. So a restricted Windows PC cannot replace controlling your own platform, regardless of the convenience factor.
(edit)
But strictly about convenience, I also would not say it’s fair for a public service to offer extra convenience exclusively to people who have a subscribed mobile phone and not to those without one. That would still be unequal access even if you disregard the factors not related to convenience. It’s still discriminating against a protected class of people.
I have to say I didn’t downvote you as you’ve been civil and informative so far. But I’m not sure how to cite/quote from the UDHR as though it’s not law. I named the article and pasted the text. For me whether the enforcement machinery is in force doesn’t matter w.r.t to the merits of the discussion. From where I sit, many nations signed the UDHR because it has a baseline of principles worthy of being held in high regard. When the principles are violated outside the context of an enforcement body, the relevance of legal actionability is a separate matter. We are in a forum where we can say: here is a great idea for how to treat human beings with dignity and equality, and here that principle is being violated. There is no court in the loop. Finger wagging manifests from public support and that energy can make corrections in countless ways. Even direct consumer actions like boycotts. Israel is not being held to account for Gaza but people are boycotting Israel.
I guess I’m not grasping your thesis. Are you saying that if a solidly codified national law was not breached, then it’s not worthwhile to spotlight acts that undermine the UDHR principles we hold in high regard?
That’s a you and your hardware problem, not a public library IT problem. You need to purchase hardware that is adequately supported by your chosen Operating System.
Forcing people to buy more hardware is yet another variation of discrimination against the poor. Imposed needless consumerism is also reckless from an environmental standpoint. If you choose not to step your competency up to the level needed to serve the public without costing them more money, you’re only getting off the hook in the view of right-wing conservatives who are happy to have library service cheapened at the expense of equal rights.
Not being “your problem” is simply a problem of an ill-defined contract that allows irresponsible policy.
This is a you and your hardware problem. Buy hardware that is adequately supported by your chosen Operating System.
It’s not a hardware problem. It’s an ethics problem, and the problem is on your part whether you choose to acknowledge it or not. If you lack the higher level of competency needed to practice your trade ethically, you should try to gain the competency you need to be inclusive of people in different economic standings and diverse hardware.
This one is a semi-serious complaint however I’ve never seen a portal system where the Librarian’s didn’t have the ability to issue a day pass for use.
Not a single public library in my area has a day pass option as an alternative authentication. If the patron has no phone, the library helpless and the user is not getting online with their own device.
Aside from that you sound like someone who should be technically able to stand up an ephemeral phone number for the purpose of receiving SMS.
There is no way to get a phone or an active SIM chip gratis in my area. The only difference between a burner phone and a non-burner phone in my area is you quit using the burner phone early. It has all the same problems as a permanent phone. You can get a pinger number online, but it only works if you’re already online. Apart from that, your suggestion is absurd as an official policy in response to public complaint about phoneless people being officially excluded.
Same as above.
It fails here too, for the same reason.
What an absolutely petty complaint.
What an absolutely pathetic failure to support a claim to the contrary.
I’d bet that as soon as you enter a code your VPN stops being blocked. They’re not trying to block VPN they are preventing you from sidestepping their ToS.
This is not a /me/ problem. You are responding to a list of demographics of people who are excluded from a public service. If not every single person has a gratis VPN (and they don’t), this is a broken argument. To say every user must acquire a VPN because you cannot provide a means of access that thwarts the most trivial MitM possible is a reckless abandonment of duty.
I’ve dealt with Patrons like you before and the instant someone starts yammering at me about ClearNet / Tor I know exactly what kind of person I’m dealing with.
So your emotional bias adversely hinders your judgement and ability to service a diverse range of users. It shows.
You selected your path for whatever reasons you chose and the inconveniences that come with that path are yours to deal with. Suck it up buttercup, you weren’t promised that a privacy respecting internet lifestyle would be easy or convenient.
Inconveniences are borne out of the kind of incompetent infosec that you’re peddling. A competent tech firm can do this job without violating data minimisation principles and without violating Article 21 of the UDHR.
BTW if you’d plugged your laptop into one of my systems you’d have gotten vlan’d into the same Captive Portal System that the WiFi has which is precisely how any publicly available Ethernet port should function. Your little length of wires coated in vinyl with plastic shoved on the ends still wouldn’t have gotten you where you wanted to go.
And that would still be violating peoples’ Article 21 rights to equal access. Imposing a mobile phone is among the injustices I’ve mentioned. I would still favor the ethernet regardless of the captive portal for many of the reasons I’ve mentioned. In the very least it avoids discriminating against people without functioning wifi h/w.
You’ll have to quote me on that because I do not recall calling them baddies. I have spotlighted an irresponsible policy and flawed implementation. It’s more likely a competency issue and unlikely a case of malice (as it’s unclear whether the administration is even aware that they are excluding people).
If they are knowingly and willfully discriminating against people without mobile phones, then it could be malice. But we don’t know that so they of course have the benefit of any doubt. They likely operate on the erroneous assumption that every single patron has a mobile phone and functional wifi.
You have, throughout your comments, repeatedly spoken down toward librarians and libraries.
Again, you’re not quoting. You’ve already been told it’s not the case. You need to quote. You replied to the wrong message.
but you’re certainly not painting them as “trying their best”
There are many librarians with varying degrees of motivation. I spoke to one yesterday that genuinely made an effort to the best of their ability. I cannot say the same for all librarians. When I describe a problem of being unable to connect, some librarians cannot be bothered to reach out to tech support, or even so much as report upstream that someone was unable to connect.
“worth having an adult conversation with instead of misrepresenting my situation intentionally”
This is a matter of being able to read people. I don’t just bluntly blurt out a request. I start the conversation with baby steps (borderline small talk) describing the issue to assess from their words, mood, and body language the degree to which they are likely to be accommodating whatever request I am building up to. Different people get a different conversation depending on the vibe I get from them. Even the day of week is a factor. People tend to be in their best mood on Fridays and far from that on Mondays.
Their terms require a phone so yes, on their terms.
I keep a copy of everything I sign. The ToS I signed on one library do not require a mobile phone. It’s an ad hoc implementation that was certainly not thought out to the extent of mirroring the demand for a mobile phone number into the agreement. And since it’s not in the agreement, this unwritten policy likely evaded the lawyer’s eyes (who likely drafted or reviewed the ToS).
Why would they make an exception for anyone?
Because their charter is not: “to provide internet service exclusively for residents who have mobile phones”.
And why would they want to deal with paper agreements for WiFi?
Paper agreements:
do not discriminate (you cannot be a party to a captive portal agreement that you cannot reach)
are more likely to actually be read (almost no one reads a tickbox agreement)
inherently (or at least easily) give the non-drafting party a copy of the agreement for their records. A large volume of text on a tiny screen is unlikely to even be opened and even less likely to save it. Not having a personal copy reduces the chance of adherence to the terms.
provide a higher standard of evidence whenever the agreement is litigated over
You don’t have to be a member to use WiFi, someone else could have given you the password if there even is one
That’s not how it works. The captive portal demands a phone number. After supplying it, an SMS verification code is sent. It’s bizarre that you would suggest asking a stranger in a library for their login info. In the case at hand, someone would have to share their mobile number, and then worry that something naughty would be done under their phone number, and possibly also put that other person at risk for helping someone circumvent the authentication (which also could be easily detected when the same phone number is used for two parallel sessions).
If someone is doing something illegal it’s gonna involve the library if you get caught (that’s why the phone number but maybe they are just being shitty with it). Not worth the risk.
Exactly what makes it awkward to ask someone else to use their phone.
Time to wake up to reality. Everyone has access, the method of access isn’t discriminating, nor do you have any say in it.
That’s not reality. The reality is everyone has partial access (Firefox on a shared Windows PC only), while some people have full access via both public resources.
If you want to gain anything from this conversation, try to at least come to terms with the idea that Firefox is not the internet. The internet is so much more than that. Your experience and information is being limited by your perception that everything that happens in a browser encompasses the internet.
In other words, it’s public, free for all, and the way they set it up.
It’s not free. We paid tax to finance this. The moment you call it free you accept maladministration that you actually paid for.
If you don’t like the free service, don’t use it. It not being how you like it isn’t wrong in any way, that’s your problem.
You’re confusing the private sector with the public sector. In the private sector, indeed you simply don’t use the service and that’s a fair enough remedy. Financing public service is not optional. You still seem to not grasp how human rights works, who it protects, despite the simplicity of the language of Article 21.
The wifi is for public use. The Ethernet isn’t. How is that so hard to understand?
How is it hard to understand that those two undisputed facts are actually a crucial part of my thesis? Of course I understand it because it’s the cause for the problems I described and my premise. It’s why this thread exists.
If that weren’t the case, the only notable problem would be with the mobile phone precondition on captive portals.
Yeah I’ve done the same in one case. Librarian green lit me plugging into the rj45 but it turned out to be a dead port. I might have been able to get permission to hijack an occupied port to an unoccupied machine but just opted to bounce instead.
The proof is in the money trail. If the library’s funding traces to a tax-funded government, it is a public service that encompasses all services offered by that institution. It’s also in state or national law that legislates for libraries to exist, which differs from one state to another.
If you want to find a clause that says “only people with wifi hardware may access the internet, and only if they have a mobile phone”, I suspect you’ll have a hard time finding that. At best, I could imagine you might find a sloppily written law that says “libraries shall offer wifi” without specifying the exclusion of others. But if you could hypothetically find that, it would merely be an indication of a national or state law that contradicts that country’s signature on the UDHR. So it’s really a pointless exercise.
Calm down. It’s a new comment that just came in so of course I’m going to edit it a few times in the span of the first minute or two as I compose my answer. If you wait five or ten minutes you’ll get a more finished answer.
My client says it was created at 21:24:02 GMT and modified at 21:25:12. Instead of using a stopwatch which you somehow screwed up, just mouse over the time. The popup will show you a span of 1 minute and 10 seconds.
(edit) strange; after I refresh the screen the /create/ timestamp changed. Surely that’s a bug in Lemmy. The creation timestamp should never change. nvm.. just realized I was looking at the wrong msg.
I said “wait five or ten minutes”. I’m seeing a 9m1s span. I don’t really feel compelled to be more accommodating than that. Maybe you can write to Jerry and ask to configure it so edits are blocked after 1 minute if it really bothers you. Otherwise if you don’t like the policy of the node, you are free to leave.
Why are you even in the library to begin with if you’re so opposed to how they manage their network?
How does one know how they manage their network before entering the library? The libraries that have ethernet /never/ advertise it. Only wi-fi is ever advertised. I have never seen a library elaborate on their wifi preconditions (which periodically change). This info is also not in OSMand, so if you are on the move and look for the closest library on the map, the map won’t be much help apart from a possible boolean for wifi. Some libraries have a captive portal and some do not. Among those with captive portals, some require a mobile phone with SMS verification and some do not. But for all of them, the brochure only shows the wifi symbol. You might say “call and ask”, but there are two problems with that: you need a phone with credit loaded. But even if you have that, it’s useful to know whether ethernet is available and the receptionist is unlikely to reliably have that info. Much easier to walk in and see the situation. Then when you ask what will be blocked after you get connected, that’s another futile effort that wastes time on the phone. It really is easier and faster to pop in and scope out the situation. Your device will give more reliable answers than the staff. But I have to wonder, what is your objection to entering a library to reliably discover how it’s managed in person?
You edited in the “wait five or ten minutes” after I had already replied.
I know five min was in the original version. Not sure if I added the ten but certainly it was not after you posted this. You are seriously paranoid and should get help for that.
I see that the relevant websites (FCC and lifelinesupport.org) both block Tor so you can’t be poor in need of the Lifeline and simultaneously care about privacy. Many parts of the US have extremely expensive telecom costs. I think I heard an avg figure of like $300/month (for all info svcs [internet,phone,TV]), which I struggle to believe but I know it’s quite costly nonetheless. One source says $300/month is the high end figure, not an avg. Anyway, a national avg of $144/month just for a mobile phone plan is absurdly extortionate.
About Lifeline:
Lifeline provides subscribers a discount on qualifying monthly telephone service, broadband Internet service, or bundled voice-broadband packages purchased from participating wireline or wireless providers. The discount helps ensure that low-income consumers can afford 21st century connectivity services and the access they provide to jobs, healthcare, and educational resources.
So they get a discount. But you say free? Does the discount become free if income is below a threshold? Do they get a free/discounted hardware upgrade every 2-3 years as well, since everyone is okay with the chronic forced obsolescence in the duopoly of platforms to choose from? In any case, I’m sure the program gets more phones into more needy hands, which would shrink the population of marginalized people. That’s a double edged sword. Shrinking the size of a marginalized group without completely eliminating it means fewer people are harmed. But those in that group are further disempowered by their smaller numbers, easier to oppress, and less able to correct the core of the problem: not having a right to be analog and be unplugged (which is an important component of the right to boycott).
This topic could be a whole Lemmy community, not just a thread. In the US, you have only three carriers: AT&T, Verizon, and T-Mobile. I’ve seen enough wrongdoing by all 3 to boycott all 3. I would not finance any them no matter how much money I have. T-Mobile is the lesser of evils but it’s wrong to be forced to feed any of the three as an arbitrary needless precondition to using the library’s public wifi. It’s absolutely foolish that most people support that kind of bundling between public and private services.
US govs do not (AFAIK) yet impose tech on people. I think every gov service in the US has an analog option, including cash payment options. That’s not the case in many regions outside the US. There are already govs that now absolutely force you to complete some government transactions online, along with electronic payments which imposes bank patronisation, even if you boycott the banks for investing in fossil fuels and private prisons. And if you don’t like being forced to use their Google CAPTCHA (which supports Google, the surveillance advertiser who participates in fossil fuel extraction), that’s tough. Poor people are forced to use a PC (thus the library) to do public sector transactions with the gov, as are a segment of elderly people who struggle to use the technology. There is also a segment of tech people who rightfully object, precisely because they know enough about how info traverses information systems to see how privacy is undermined largely due to loss of control (control being in the wrong hands). It’s baffling how few people are in that tech segment.
So the pro-privacy tech activists are united with the low-tech elderly and the poor together fighting this oppression (called “digital transformation”) which effectively takes away our boycott power and right to choose who we do business with in the private sector. A divide and conquer approach is being used because we don’t have a well-organised coalition. Giving the poor cheaper tech and giving assistance to the elderly is a good thing but the side effect is enabling the oppression to go unchallenged. When really the right answer in the end is to not impose shitty options in the first place. It’s like the corp swindle of forced bundling (you can only get X if you also take Y). You should be able to get public wifi without a mobile phone subscription.
The UDHR prohibits discrimination on the basis of what property you have. The intent is to protect the poor, but the protection is actually rightfully bigger in scope because people who willfully opt not to have property are also in the protected class.
It’s all quite parallel to Snowden’s take. The masses don’t care about privacy due to not really understanding it.
“Ultimately, arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.” ― Edward Snowden
The idea that activists need both free speech and privacy in order to fight for everyone’s rights is lost on people making the /selfish/ choice to disregard privacy. All those mobile phone users who don’t give a shit about mobile phones being imposed on everyone are missing this concept. The choice to have a mobile phone is dying. It’s gradually and quietly becoming an unwritten mandate.
Banking is also becoming bound to having a mobile phone. There are already banks who will not open account for those without a mobile phone. So we are losing the option to have a bank account but not a mobile phone.
I see a lot of downvotes on your comments on this thread and I wonder if it’s due to differences in nationality/geography/jurisdiction.
Guess I should answer this. The enormous class of people with mobile phones (likely 100% of those in this channel) are happy to be in the included group and amid any chatter about expanding the included group to include those without a phone (a segment they do not care about), they think: “that extra degree of egalitarian policy to support a more diverse group will cost more and yield nothing extra to me; yet that extra cost will be passed on to me.”
Which is true. And very few people among them care about boycott power because it’s rarely used by willful consumerist consumers of tech and telecom svc. But the ignorance is widespread failure to realise that as mobile phones become effectively a basic requirement for everyone, the suppliers will have even less incentive to win your business. The duopolies and triopolies can (and will) increase prices and reduce service quality as a consequence of that stranglehold. Most people are too naïve to realise the hold-out non-mobile phone customers are benefiting them even from the selfish standpoint of the mobile phone customers. And the fact that they are paying an invisible price with their data doesn’t occur to most people either, or how that loss of privacy disempowers them.
They will pay more in the end than if they had supported diversity and egalitarian inclusion.
This is likely a Lemmy bug but infosec.pub is related because there are so many Android communities that are federated from bad places so I thought I would mention it here as well....
If bigger is better, why are you here instead of Facebook and Twitter? Fedi principles and philosophy have completely escaped you. In the fedi, we consider power imbalances, privacy abuses, and exclusivity resulting from centralization to not only worsen UX but to be an injustice. Encouraging disproportionate growth in the fedi is to advocate the destruction of what brings us here.
You might prefer smaller instances; … This part of it is clearly not a bug, however you put it. It is a difference of preference.
My personal preference happens to align with fedi principles. Don’t let that consistency fool you. I’m not advocating for what’s best for me. I am saying the list should be ordered in a way that’s healthy for the fedi based on the federation’s purpose and mission.
Showing the biggest communities on top may be your personal preference, but that is not healthy for the federation.
I myself am on an instance that’s almost identical in size to yours.
FYI, aussie.zone is centralized on a US tech giant (Cloudflare) and thus contrary to fedi principles. Though it’s not the worst manifestation of Cloudflare because they have whitelisted Tor. But there are still many other demographics of people likely being excluded from aussie.zone.
I do not see the value in smaller communities being prioritised when they each cover the same topic. If there’s !android with 10,000 subscribers and !android with me and my twelve mates, lemmy.world is the one the app should show people first. It wouldn’t matter to me whether that 10,000 is on lemmy.world or midwest.social, it makes sense to show users the place they’re likely to have the most interaction.
That is not healthy for the federation. That imbalance is a problem that Lemmy has failed to control. The disproportionately large communities need no promotion. Too many people know about them already. They should either not be listed at all or be pushed lower on the list. It’s an extra slap in the face and injustice that these are exclusive Cloudflare instances that are getting prioritized. These are instances without self-control on their growth and power.
It’s not instance-related at all.
It is instance related. If you search for Android on other instances you will get different lists. Users on infosec.pub have subscribed to every Android community in existence which makes the manifestation of the problem unique to infosec.pub. The !android community is also federated to infosec.pub by way of my subscription. It is true to fedi principles of inclusion and decentralization, unlike those that get listed on the top. So it’s an unhealthy sequence.
It could even be one user account that caused this. The activism.openworlds.info Mastodon instance was getting hammered with traffic. After investigation, they discovered that one user was following a shit ton of other accounts. All those follows were responsible for the admins struggling to cope with all the traffic. That instance eventually went under because it could not cope with the bandwidth demands.
This belongs in discussion around lemmy-ui, the various Lemmy apps & alternative front-ends, or in Lemmy itself with what gets returned by its search API.
The software part of the problem is specifically in the stock Lemmy web client. The bug tracker for the Lemmy web client is jailed in MS Github’s walled garden, hence why it was originally posted in !bugs. There may be a configuration element to this, which is why it’s posted in this infosec.pub community. If there is an inactive account with all these android subscriptions, that can be remedied on the instance.
Cloudflare is antithetical to every objective of the federation. Most importantly: decentralization. You don’t decentralize a platform by giving central access control and traffic visibility to a single tech giant in the US. It defeats the core purpose.
That website you linked clearly doesn’t use it, because it took about 5 seconds to load up despite being entirely text. That’s why it’s a good service.
Selling your soul for a slightly faster load time is your personal preference but arbitrarily trading off inclusion of marginalized groups of people so some people get a faster load time is not in line with the netneutrality principles that the fedi community values. Diversity and inclusion trumps faster load times of some dude in Australia.
Yes, you can in fact access content on the fediverse without Cloudflare if you really want to. You can choose to use a different instance, and it doesn’t matter where that data is hosted.
That’s not true specifically for Lemmy. Images do not get copied. If a LemmyWorld user posts an image in a federated community, everything except the image is accessible on other instances. So those of us in Cloudflare’s excluded groups get a broken threads (people talking about an image we cannot see - we just see the discussion because only text is mirrored).
Even if you are in CF’s included group of those permitted access, if you are on a measured rate uplink you would want to see the size of an image before downloading it. That is something else that Cloudflare breaks. There is no content-length HTTP header. So CF also discriminates against those on measured rate connections.
There are also various other circumstances requiring users to visit a thread’s copy on another host. If that other host is Cloudflare, CF’s access restrictions determine whether the user gets access. If bob@fedi-respecting.node needs to revisit an old thread to recall a link, and fedi-respecting.node had to delete the thread in a periodic cleanup to recover disk space, bob might need to access another node directly which hosted the same thread. Yes, I’ve been there. And if that other node is Cloudflared, bob will be blocked if he is in CF’s excluded groups.
Cloudflare’s wall breaks the fedi in so many bizarre ways I should probably start a log of the various circumstances that CF causes enshitification to manifest.
The fediverse is by design not a privacy-forward platform, so concerns about “content they expect to be private” don’t matter.
That’s not true either. Cloudflare gets a view on all traffic, both public and private including access credentials. Users are deceived because of the lack of disclosures about the CF MitM. E.g. users commonly expect a DM to be visible to the admins of both hosts with no idea the Cloudflare also has visibility as well. Most users don’t even know about the existence of CF. Aussie.zone, for example, is not responsible enough to disclose to users that CF has that visibility.
Of course it completely changes the equation when the same single corporation who has visibility on about half all web traffic in the world also has a view on people’s social media DMs and acct creds, it’s an all-eggs-in-one-basket kind of compromise. That abusive level of visibility increases in the extent of the compromise when all that data can be aggregated. So the centralised nature of just the data exposure alone makes it antithetical the fedi philosophy from a privacy standpoint, most particularly coupled with the masses being uninformed about it.
It’s still decentralised because each instance is run by its own instance administrators with their own rules and capable of maintaining its own culture.
Certainly not. It’s centralized by Cloudflare’s access controls on all Cloudflared nodes under a single corporate policy. What aussie.zone is doing is very rare. Cloudflared nodes run with CF’s default access controls, which blindly gives CF blanket centralized authority over who gets access. This goes directly against the purpose of federation philosophy.
Even when a node like aussie.zone whitelists Tor, there are still half a dozen other demographics of people who they uniformly and centrally discriminate against and this is strictly under Cloudflare’s control and beyond the control of aussie.zone.
Even if they were all hosted in the same data centre it would not be a large mark against the fediverse
Of course it would. You have something like 5 of the 7 biggest fedi instances dependent on Cloudflare. If there is CF-wide downtime (regardless of whether it’s all on one data center or more realistically broken logic that’s distributed like cloudbleed was), the benefits of decentralization fails to deliver. Lack of network diversity makes disproportionately large number of people vulnerable to a single point of failure.
wtf, why is this a graphical image instead of actual text? It’s like saying fuck the blind users and fuck those who are on measured rate internet connections. Lemmy is broken. Curl -LI falsely gives a content length of zero, so we must decide whether to download an image without knowing its size. Really fucking sucks when it’s a graphic of just text.
Your first priority should be to get on an android version from this decade. Lollipop came out in 2014 and went eos in 2016.
My first priority is to not financially support systems of premature forced obsolescence that has led to more smartphones in the world than people (despite ½ the world’s population having no smartphone at all). Buying a new phone just 6 years after another would make me part of the problem. I am writing this comment from a 16 year old machine that runs just fine. My AOS 5 device still uses the original battery. Only incompetence could explain inability of /software/ to outlive a /battery/.
I cannot think of a more absurd reason to upgrade a phone than to keep up with captive portals. Apart from that, I must say that I may have to argue in court soon that I no longer have access to my bank account because my bank closed their website and forced people to install their closed-source proprietary app from Google Playstore. It will be easier to argue in court that the bank’s software does not run on my phone than it will be to say I have philosophical and ethical objections to sharing my phone number with a surveillance advertiser just to open an account just to fetch software, of which the non-freeness I also object to. So I am trapped on this phone for higher legal endeavors.
When you say “this decade”, you’re disregarding the age and saying the line should be drawn at years that are multiples of 10. So a phone bought in 2019 would be “obsolete” in 2020 by your logic. Obviously that’s obtuse and reckless. I bought my AOS 5 phone new from the retail shop of a GSM carrier in 2018, 3rd quarter. It’s been in service less than 6 years.
Apple is borderline reckless and they officially support phones for 10 years IIRC. And that limitation is imposed by the business bottom line. Capitalism aside, engineers who can’t make a smartphone that lasts 20 years would be lacking in competency.
As for your liability comment. I highly doubt the vendor had any liability or or requirement to support such on old os.
Captive portals are a messy hack. You do not need a captive portal to supply Wi-Fi in the first place. The suppliers do not advertise “we have a captive portal”. They advertise “Wi-Fi”, which my oldest phone (AOS 2.3) and my Nokia n800 (pre-smartphone) supports out of the box. They still connect to wi-fi today. You might be right that a pusher of forced obsolescence by way of incompetently implemented captive portal can argue in court that their advertising has immunity to old devices, but this won’t fool engineers who know they’ve needlessly drawn an arbitrary line. If the truth-in-advertising outcome would be that their “Wi-Fi” sign has to become “Wi-Fi available only for new phones”, I would be fine with that.
Whenever you accept the TOS, your device is somehow registered/authenticated against their servers. Such a session establishment of course should be secured through TLS, just like all web traffic in general.
The MAC address and assigned IP address are both visible outside that TLS tunnel. What information are you protecting from what threat?
Btw, the complaint of you not being able to do banking through your browser anymore while it does not support TLS 1.3 really made me laugh, thank you!
You’re confusing different situations. The TLS 1.3 issue has nothing to do with the bank. Desktop computers are not trapped on old software. Androids are. The bank requires customers to:
buy a new recent smartphone, repeatedly (because the bank’s app detects when it is running on an Android emulator and denies service)
subscribe to mobile phone service (which also costs money and also requires supplying national ID to the mobile carrier to copy for their records which you then must trust them to secure)
share their mobile phone number with a power abusing surveillance capitalist who promotes the oil industry (Google / Totaal)
create a Google account and agree to their terms (which includes not sharing software that was fetched from the Playstore jail)
share their IMEI# with Google
share all their app versions with Google, thus keeping Google informed of known vulns for which they are vulnerable
share with Google where they bank
install proprietary non-free software and trust the security of non-reviewable code
share the mobile phone number with the bank
I am ethically opposed to every single one of those preconditions independently, not only because of sloppy infosec and reckless disclosure but being forced to support a surveillance advertiser and also the power imbalance implied by non-free software. But just from an infosec PoV, why would a reader of cybersecurity on infosec.pub agree to all that?
I don’t think you realize just how big the risk is that you are putting yourself in with such old software.
You don’t seem to realize Android phones are designed for obsolescence and desktop PCs are not. The elimination of web access ensures users will be accessing their bank accounts with older software. Why would you endorse that? Not sure you realize that using an Android emulator ensures the ability to constantly run bleeding edge updated software. But the bank won’t have it. You also overestimate the security of code you cannot see to satisfy your threat model. How do you know the bank itself does not have spyware in their app that’s contrary to your security posture? Of course they do. They want to KYC.
What if I am reporting a GDPR offender who (e.g.) neglected my article 15 request? If I make the assumption you are suggesting and add to my Article 77 complaint that the data controller also needlessly exposes passwords to Cloudflare and it turns out to be untrue for that particular service, then my report loses credibility and puts a DPA on a run around.
Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet
I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor...
(Lemmy bug) cannot cross-post to !android@hilariouschaos.com b/c the pull-down list is clusterfucked with Cloudflare sites
This is likely a Lemmy bug but infosec.pub is related because there are so many Android communities that are federated from bad places so I thought I would mention it here as well....
if something is a right, everybody gets it, including people you hate ( slrpnk.net )
Bypassing problematic captive portals. Cafe gives a red padlock; transit svc has broken TLS captive portal, etc…
The red padlock (at a cafe)...
knowing when to trust a login page on a Cloudflare site
Question for people willing to visit Cloudflare sites:...