Fight For Privacy

cross-posted from: https://infosec.pub/post/9048075

I simply make a GDPR request. Write to a Tor-hostile data controller making an Article 15 request for a copy of all your data. Also ask for a list of all entities your data is shared with.

The idea is that if a website blocks Tor (or worse, uses Cloudflare to also share all traffic with a privacy offender), then they don’t give a shit about privacy. So you punish them with some busy work and that busy work might lead to interesting discoveries about data abuses.

Of course this only works in the EU and also only works with entities that have collected your personal data non-anonymously. After getting your data it generally makes sense to also file an Article 17 request to erase it and boycott that company.

Language is important. The corporate propagandists are winning the language branding battle. In fact there is no battle because the pushover public just accepts their terms. We need to organize and define their garbage with our terms. E.g.

• (smart → dependent) Homes and appliances dependent on a corporation and contract are perversely called smart. So we should refer to them as “contract-dependent” or simply “dependent”. It’s not a smart dryer or doorbell, it’s a dependent dryer or doorbell. Probably makes no progress to mess with “smartphone”, but anything that has an avoidable and needless dependency needs renaming. (smartphone is debatable.. maybe a degoogled or Postmarket OS phone is a smartphone while a stock Android is a dependent phone, but let’s not get too carried away). Initially it’s not effective to just start saying “dependent washer” because readers won’t understand. Say “‘smart’ (read: dependent) washer”. Credit for this terminology goes to [@[email protected]

Suppose you’re fed up with being video surveilled in public and you object to your neighbor placing your home under 24/7 video surveillance which is fed to a surveillance advertiser (#Amazon). Or you want to kill the video surveillance in vending machines.

laser

Is it practical and affordable to buy laser that can reach across the street and still have enough focus and power to burn a CCD? Can it be done from different angles without the CCD capturing the source before the damage manifests? There is some chatter here on power levels.

Of course it must be precisely controllable as well; obviously no one wants to inadvertently hit an eyeball and blind someone. Which I suppose implies that the laser either needs a well calibrated scope or it needs to be in the visible spectrum so you can see where it lands.

I would really love it i

cross-posted from: https://lemmy.world/post/11992277

European Court of Human Rights declares backdoored encryption is illegal::Surprising third-act twist as Russian case means more freedom for all

cross-posted from: https://sopuli.xyz/post/8481789

#poll

Hi all, a shy try to awake this community again :)

Whats your daily-routine for privacy, what are you using, what are you not doing?

Short summary of me:

• Phone -> LineageOS
• VPN -> Per perimeter (LAN, Mobile) -> different VPN providers
• Home network (More for security but also helps detecting privacy invasive applications) -> Firewall, IDS and ISP router is bridged
• Payment -> Cash where possible (Saved me some trouble when card machines were offline and most had to go somewhere else to have a meal)
• Browser -> Three to four different ones, per usage I use a different (Media, communication, bank etc)
• Browser extensions -> UblockOrigin, Decentraleyes, User-AGent-Switcher and NoScript
• Browser cache/history -> deleted once a month (I do not use credentials saved inside browsers)
• Online Calls -> Matrix
• OS -> Linux only household
• Mail -> Different providers and own domain with catch-all, so if a company sells my mail I will see it because it is [email protected]

A public service started blocking access from Tor users. Blocks like this almost never have the courtesy to acknowledge why you are blocked (Tor) much less why they decided to exclude Tor users from public access. The blockades seem to always be implemented by an asshole.

So I play dumb: “your site is no longer working… here is my screenshot…('Unable to connect')”. I submit that as a complaint.

The response I would hope for: “Oh, we are sorry sir, we will send you a link to our bulletin page that publishes a chronology of all changes we make to the site and have a technician call you to troubleshoot the problem.”

My goal is to burden those behind unjustified/undocumented anti-Tor configs so they spend some time investigating as a consequence of their unannounced change and their useless error messages.

What really happens:

They reply saying: “the server works. No problems were reported. The problem is with your browser. Try another computer/browser”.

So indeed, they double-

If you have a defensive browser that runs over Tor and blocks popups, CAPTCHAs, dark-pattern-loaded cookie walls, and various garbage, we still end up at the losing end of the arms race. The heart of the problem is that privacy enthusiasts are exposed to the same search engine rankings that serve the privacy-naïve/unconcerned masses.

Would it make sense for the browser to autodetect various kinds of enshitification, add the hostname to a local db for future use, then report the hostname anonymously over Tor to central db that serves as an enshitification tracker? The local and centralized DBs could be used to down-rank those sites in future results. And if a link to enshitified sites appears on a page unrelated to searches it could be cautioned with a “⚠”. Some forms of enshitification would probably need manual detection but I could see people being motivated to contribute.

The security and integrity of a centralized db would perhaps be the hardest part of the effort. But if that c

cross-posted from: https://links.hackliberty.org/post/435505

A data controller responded to a #GDPR request under art.15 & 17 (thus, an access request coupled with erasure request). They responded with a refusal, demanding ID card. They probably demanded it be in color, but I responded with a black and white copy of my ID. They refused again, affirming that the ID card must be in color. So then I sent them a color copy, but I used black boxes to redact my facial image and all personal text except my name. They again refused to honor my request, saying “zonder vlekken en met een goede resolutie om te worden geaccepteerd”. That translates into “without spots or stains”, correct? I don’t think that means without redactions.

Anyway, I would like a GDPR expert to confirm or deny whether the controller’s refusal and demands are lawful.

The relevant GDPR text is:

• https://gdpr-text.com/read/recital-64/
• https://gdpr-text.com/read/article-12/#para_gdpr-a-12_6

M

cross-posted from: https://sopuli.xyz/post/5888507

Cloudflare blocking medical information

I was having some medical problems involving increasing pain coupled with a somewhat terrifying symptom. I did a web search to work out what I might be dealing with & whether going to the ER was essential or whether it was just a matter of pain tolerance. I use Tor for everything -- but especially for healthcare matters. It would be foolish to step outside of Tor and compromise sensitive medical data. Most of the search hits that looked useful were sites giving medical information from behind anti-tor firewalls, many of which are Cloudflare. My usual circumvention of using archive.org was broken. For some reason archive.org simply gives a “cannot connect” msg, lately. I get the impression archive.org has started blacklisting fingerprints of frequent users because changing browsers and window geometry often solves the problem.

I found one article saying the need for ER is re

In future, it will be easier to trace anonymous bomb threat calls in Switzerland and locate people at risk more quickly during emergency searches.

The Federal Council has introduced changes to the monitoring of telephone and internet data with effect from 1 January 2024.

The aim of the amendment is to enable more precise positioning of telephone and internet data and to continue to ensure effective criminal prosecution, the Federal Council announced on Wednesday.

During the consultation process, however, digital-savvy and left-wing circles criticised the fact that the amendment to the Act on the Surveillance of Postal and Telecommunications Traffic would lead to an expansion of surveillance.

Due to the criticism, the Federal Council has now decided not to force providers of services such as Whatsapp, Threema or Signal to remove the encryption from their chats when surveillance is ordered. ...

These are the steps I take against companies who block Tor (e.g. a grocery store, bank, DNS provider.. whoever you do business with who have started using Cloudflare):

1. GDPR art.17 request to delete my email address & any other electronic means to reach me, but nothing else.
2. Wait 30 days for them to comply.
3. GDPR art.13 & 14 request to disclose all entities personal data was shared with + art.15 request for all my data (if I am interested) + art.17 request to erase all records. These requests are sent together along with criticisms for their lack of respect for privacy and human rights and shaming for treating humans like robots (if that’s the case).

The reason for step 1 & 2 is to neuter the data controller’s option to respond electronically so they are forced to pay postage. It’s a good idea as well because they would otherwise likely use Microsoft for email and you obviously don’t want to feed MS. It may be feasible to skip steps 1 & 2 by withdrawing consent

cross-posted from: https://links.hackliberty.org/post/285435

When a private sector company blocks Tor, I simply boycott. No private entity is so important that I cannot live well enough without them. But when a public service blocks Tor, that’s a problem because we are increasingly forced to use the online services of the public sector who have gone down the path of assuming offline people do not exist.

They simply block Tor without discussion. It’s not even clear who at what level makes these decisions.. could even be an IT admin at the bottom of the org chart. They don’t even say they’re blocking Tor. They don’t even give Tor users a block message that admits that they block Tor. They don’t disclose in their privacy policies that they exclude Tor.

Just a 403 error. That’s all we get. As if it needs no justification. Why is the Tor community so readily willing to play the pushover? Even the Tor project itself will not stand up for their own supporters.

The lack o

Dozens of cross-party MPs and peers have joined a campaign for an “immediate stop” to the use of live facial recognition surveillance by police and private companies.

The statement said: “We hold differing views about live facial recognition surveillance, ranging from serious concerns about its incompatibility with human rights, to the potential for discriminatory impact, the lack of safeguards, the lack of an evidence base, an unproven case of necessity or proportionality, the lack of a sufficient legal basis, the lack of parliamentary consideration, and the lack of a democratic mandate.