The metadata in the headers can be avoided using Memoryhole and similar protocols which embed the headers inside the encrypted payload. The problem is again barrier to entry. Low-tech users generally can’t even handle app installs on desktops.

When you say “worry”, that’s not the right word for it. My boycott against Google is not fear-driven. I will not feed Google anything it can profit from as an ethical stance. Even if an expert linux tor user were on Google, I’m not sure we could exchange email in a way that ensures Google gets no profitable data. If we use PGP coupled with Memoryhole to strip out the headers, I’m not sure Google would accept a msg with a missing or bogus From: header. But if so, Google still possibly learns the user’s timezone. Though that may be useless if Google learns nothing else about that user. But we’re talking obscure corner cases at this point. Such an expert user would have no Google dependency anyway.

MS/google-dependent friends are generally extremely low-tech. They don’t know the difference between Firefox and the Internet. They don’t know the difference between Wi-Fi and Internet. Linux – what’s linux? They would say. At best, they just think of it as a mysterious nerd tool to be avoided. So what can I do wholly on my end to reach them via gmail without Google getting a shred of profitable data? Nothing really. So I just don’t connect directly with a large segment of friends and family. Some of them are probably no longer reachable. Some are in touch with people who connect to me via XMPP, so sometimes info/msgs get proxied through the few XMPP users. It’s still a shitshow because Google still gets fed through that proxied inner circle of friends and family. In the past when someone needed to reach me directly, they would create a Hushmail or Protonmail mail account for that temporary purpose (like coordinating a trip somewhere). But that option is mostly dead.

I just had to reach out to plumbers for quotes. All of them are gmail-served. All I could do is refuse to share my email address and push them to use analog mechanisms. They are not hungry enough for business to alter their online workflow or create protonmail accounts.

That’s exactly what I did with hushmail. I would tell low-tech folks to get a hushmail account then I would use hushtools.com to do all the key management, putting my key on the keyring and grabbing their key. So the other person did not need to know anything or take any special steps. That was best option of my time. But last time I checked hushmail was still entirely non-gratis.

Protonmail emerged when HM became non-gratis and messed with hushtools. But PM requires every one of their own users to do key management which creates a barrier to entry. I would have to walk a PM user through adding my key to my record in their address book and walk them through sending me their key. That effort is a show stopper for many. I might as well walk them through setting up a PGP-capable MUA. But then if they keep their gmail or MS acct the metadata still feeds those corps.

This simple answer is no doubt the most overlooked; probably as a consequence of the tyranny of convenience… people too lazy to go to the library.

I give out my XMPP address and offer Snikket accounts. Some go along with it and some do not. I lost touch with some friends. Some people are in contact via phone but that’s not ideal some connections are lost as phone numbers change.

I used to push some people toward Hushmail until they dropped the gratis plans. Then for a while I pressured people onto Protonmail but then distanced myself from PM when the brought in Google reCAPTCHAs and killed off Hydroxide. Tuta is a non-starter because Tuta’s variety of e2ee is incompatible with open standards, thus forcing me to periodically login to a web UI (also due to them sabotaging their Android app by way of forced obsolescence pushed in the most incompetent way).

So it’s a shitty state of affairs. 2024 and simply sending a msg to someone has become a total shitshow.

For what it’s worth, I didn’t mean take the sensor out of the wall, but just electrically unplug it from the controller to see what it does on its own when you turn on the water.

Yeah I figured that but the terminals on the sensor are hard to reach so I was figuring I would need to remove it. But then it occurred to me that I could leave the thing in place and do the isolated test by unplugging the X2 connector from the motherboard and easily access the pins through that connector. So that’s what I did. Results:

• at rest, the signal wire is 4.75 V
• water running, the signal wire is 2.3 V

So in isolation the sensor worked correctly. Then I plugged it back into the motherboard and retested to confirm again the bad voltages. But in fact the readings were correct. It’s unclear why it works now. I wonder if the unplugging and replugging of the x2 connector improved a connection that deteriorated somehow.

Thanks for saving me €36! However incidental. If I had not done the test in isolation, I probably would not have messed with the X2 connector. I would have normally just replaced the sensor as an experiment.

(edit) I can hear a ticking sound coming from the motherboard. I’m not sure how long it’s been doing that. It’s quite faint unless I put my ear close to the board. Maybe it’s normal.

It shows 5V on the diagram but I don’t think that’s precise. I measured the red wire at 4.68v which is around what the guy in the video got in his test. Since the board is part of the circuit I suppose I cannot rule out the board as a problem. Testing the sensor in isolation will be rough going because it’s a proprietary joint. So I would have to get a tight rubber hose and fit that onto a garden hose. For powering it I have a switchable ac adapter with a 4.5 V setting. Or I can maybe get 5V off a USB charger or ATX PSU from a PC. My multimeter does not have a frequency function but I can see from the video that it would be useful for this so I might look for 2nd hand multimeter at the next street market, though that will set me back a week (OTOH might be worth it if it helps diagnose this in a way that helps avoid buying the wrong part).

Whatever is broken here, it was something that gradually failed. For several months it was a gamble when turning on the hot tap whether the boiler would detect it and give hot water. It was like a 50/50 game of chance for a while then getting hot water became progressively less likely until it flatlined.

It shows 5V on the diagram but I don’t think that’s precise. I measured the red wire at 4.68v which is around what the guy in the video got in his test. Since the board is part of the circuit I suppose I cannot rule out the board as a problem. Testing the sensor in isolation will be rough going because it’s a proprietary joint. So I would have to get a tight rubber hose and fit that onto a garden hose. For powering it I have a switchable ac adapter with a 4.5 V setting. Or I can maybe get 5V off a USB charger or ATX PSU from a PC. My multimeter does not have a frequency function but I can see from the video that it would be useful for this so I might look for 2nd hand multimeter at the next street market, though that will set me back a week (OTOH might be worth it if it helps diagnose this in a way that helps avoid buying the wrong part).

Yeah, if by /in system/ you mean connected to the board. I didn’t mess with anything other than to stick my probes onto the wires. The boiler is not switching on to heat water and it acts just as if it is not detecting that water is running. So a broken flow sensor was one of the theories. And since the readings seem quite off from what’s expected I guess buying a new sensor is the right move.

Once I get it removed I’ll see if it looks like I can rebuild it but I don’t expect that to go well. I may not have to waste it though. Considering the at rest voltage is double the running water voltage, it’s still detecting water running. It’s just not giving the voltage the board expects. So one idea is maybe I can repurpose this to turn on a shower light when the shower water is running.

If I had an electronics background I would probably try to do a makeshift gadget that converts 0.66 V to 2V and 1.33 V to 0 V. Then I wouldn’t need a new sensor (which could cost €100… i’ve not checked locally yet but online prices are looking terrible).

Thanks for the feedback. I see that that’s indeed the case.

I refuse to fund my oppressors

Bingo. I live by this philosophy.

Although more precisely: I refuse to fund feed my oppressors. The reason for s/fund/feed/ swap is that our oppressors profit from our data too. So e.g. I won’t even email a gmail user because my data would then feed Google (an oppressor because of how they dictate e-mail terms among other oppressions).

The others are right. Trying to stream from a torrent seems wasteful and complex.

But if you must for some strange reason, perhaps it would work to use webtor.io to produce an http-reachable audio file which could be curl/wget-fetched and piped to an audio decoder/player. I doubt you could make webtor fetch pieces linearly from the beginning. You would likely have to wait until the last piece is fetched to start streaming.

I’ve not fetched subtitles in a while but back when I did, I recall all the websites hosting them were extremely protectionist… more so than any other category of content on the web.

Of course the fix is to have torrents for the subtitle collections, perhaps by language.

It basically is saying that if you have more money then you have more “votes”.

That’s simply true. It doesn’t do anyone any good to disregard the facts.

Or to put it in another way: If you have more money you matter more.

That abstraction doesn’t help much. And first of all, it’s more accurate to derive the statement “If you have more money then you have more influence”.

It’s still a shitty status quo, but it is what it is. The worse thing you can do is tell people not to boycott shit products on the basis of rejecting reality. It’d be like telling people not to vote in elections because their vote is a drop in the ocean.

Some people vote for democrats, then they cancel their own vote by getting their internet service from Spectrum, buying fuel from Chevron for their car, shipping their packages using FedEx, getting their phone service from AT&T, banking at PNC Bank, flying on Boeing planes, shopping on Amazon, doing their web searches on a Microsoft syndicate’s site (e.g. DDG), buying Sony devices… etc. They either have no clue that most of their voting is actually for the republicans, or they think that drop-in-the-ocean vote that comes once in 4 years somehow carries more weight than the daily votes they cast with reckless disregard.

Greg Abbott’s war chest is mostly fed by oil companies. If you buy fuel for a car, you help Greg Abbott and other republicans. And if you buy from Chevron, you give the greatest support to republicans (Chevron is an ALEC member).

You might let her know that she can borrow DVDs from the public library at no cost. Another little-known gratis option is freesat and terrestrial broadcast. I recently started using MythTV as a PVR to record broadcast TV and was pleasantly surprised to find no commercial interruptions (but if there are commercials in her region, MythTV can cut them out).

I didn’t see the OP’s pic but these groups generally work against enshitification of the world:

• !asshole_crappy_design@slrpnk.net
• !activist_investing@lemmy.whynotdrs.org
• !escapebigtech@lemmy.escapebigtech.info
• !cyber_activism@sopuli.xyz
• !netneutrality@sopuli.xyz
• !right_to_unplug@sopuli.xyz
• !buyitforlife@slrpnk.net
• !anticonsumption@sopuli.xyz
• !fightforprivacy@feddit.ch
• !offgrid@slrpnk.net
• !foss@beehaw.net
• !privacy@links.hackliberty.org
• !climate_action_individual@slrpnk.net

Notice that none of those communities are on Cloudflared instances (thus also avoid propagating the enshitified portion of the fedi).

Ending capitalism is not the /only/ way. Within a capitalistic system, you can boycott shit. Most consumers are pushovers but it doesn’t have to be that way. I’m boycotting hundreds of shitty companies. Off the top of my head:

• Amazon
• Cloudflare
• Microsoft
• Facebook
• Google
• Apple
• (surveillance advertisers in general)
• (all closed-source s/w)
• HP
• Proctor & Gamble
• Unilever
• all ALEC members (American Express, Anheuser Busch, Boeing, CenturyLink, Charter Communications, Chevron, FedEx, Motorola, PNC bank, Sony, TimeWarner)
• many shitty banks
• Paypal
• AT&T
• GMA members (Coke, Pepsi, Kraft - Heinz, Kellogg’s, General Mills, McCormick, Hormel, Smucker)
• BetterThanCashAlliance.org members (visa, mastercard, unilever) – war on cash
• Bayar-Monsanto
• Dupont
• Hershey
• Nestlé
• Exxon/Mobil
• Comcast
• Koch
• Home Depot
• Lowes
• …etc

Those are all shitty companies that significantly worsen the world. Giving money or data to any of them contributes to enshitification of the world.

Of course it’s an option to stop supporting assholes. Become ethical. Be the change you want to see.

I have several customers on CGNAT and they are not blocked from Cloudflare. Which puts the rest of your point on the back foot.

1. Your users don’t necessarily behave in a way that would earn a bad IP reputation
2. A bad IP reputation does not necessarily contaminate the whole IP pool.
3. Your users don’t necessarily know what CGNAT is, what an IP address is, or that they are exposed to CGNAT collective punishment
4. Your users don’t necessarily report blockades to you. Many non-tor users report hitting the CF blockade and they have no idea why. CF’s error messages are typically deceptively worded to deliberately mislead and point blame on the user themselves. If some sites are blocked but not others, the ISP is not going to be the focus of complaints - if any. They are more likely to complain in social media than they are to the ISP.
5. Most users have been conditioned to accept CAPTCHAs, not report them as abusive or malicious to anyone. But when they do, the website owner gets the complaint not the ISP.

Of course it does. You missed the distinction between excluding a person and a means.

The nuance is lost on your part. When you exclude a person’s only means of access, you exclude the person. When you make public service conditional on agreeing to the terms of a private corporation, you also exclude the people who disagree with the terms. Cloudflare is also non-transparent and never tells those they marginalize why they are being marginalized. The marginalized don’t even necessarily know there is an unblocked means of access or what that means of access entails.

If the user couldn’t access a site from their current location, they could use another one that isn’t blocked.

You don’t know what “block” means. A block is an obstruction. It’s not necessarily absolute. If the road is blocked by a fence, of course you can circumvent the block by climbing the fence. This does not mean the roadblock ceases to exist. Anyone who is either unfit to climb the fence or unwilling remains blocked. The discriminatory denial of access to a public service is a human rights violation. If a black person is denied access to a library, we don’t say: “well they can paint their skin white and then they can get access, thus there is no human rights violation here”.

No strawman rhetoric here, just calling it out to be a muted point.

It’s a strawman because you misrepresented the original claim by leaving out critical details. Had you quoted the claim it would not have been a strawman. Or if you had been wise enough to know which details are too critical in the thesis for omission, you would not have created a strawman. But it’s clear that your goal was simply to smear the article so the strawman was obviously intentional.

And on that point I think you are in the extreme.

When I load images it will sucks dry my limited monthly bandwidth credit. An unlimited connection would cost me more than triple the fees. And yet you call it “extremist” to be frugal & pro-environment/socially responsible rather than wastefully indulgent. This tendency to look to smear people who are either socially responsible or not corporate pushovers is apparently why you have this pro-repressive tech giant attitude that doesn’t mind marginalizing people.

Yes. It means you can’t access the resource using the technology you prefer (seriously, who use wget to browse the web?), but it doesn’t stop you from reaching the resource as a person. Hence human rights being the thing, not wget/tor rights.

(emphasis mine) This is not about preferences¹. If your ISP uses CGNAT because you’re too poor to afford a subscription that gives you a unique unshared IP address, you are blocked from Cloudflare sites regardless of which browser you use. It’s also not down to preference if you can’t afford to maintain a platform that supports the latest GUI browser. Libraries are also blocked and users of libraries have no control over the libraries IP or installed browser. The elitism you endorse is of course at the expense of excluding human beings.

1: what you perceive as a “preference” is perversely broad. I don’t use Chromium not because I have a persnickety problem with the UI or UX, but because it includes Google spyware. I object to privacy abuse. A vast majority of the population uses Chromium and so a vast majority of websites cater for Chromium & ultimately marginalizing non-Chromium users who object to the #privacy intrusion. It’s worth noting that privacy abuse is also a human rights issue in itself:

UDHR article 12: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence,…”

So when a public service imposes a means of access that arbitrarily abuses someone’s privacy, that is also a violation of human rights.

I don’t, for the same reason as I have to register at the library before taking a book.

This logic doesn’t follow. To recap with emphasis the paragraph that applies to public libraries:

Article 21 ¶2: “Everyone has the right of equal access to public service in his country.”

Library registration in Europe is inclusive does not exclude people who do not agree with the terms of service of a US corporation like Google. It ensures eligibility by verifying residency. If library reg were to exclude locals who Google excludes by requiring a Google login/interaction, it would indeed by a human rights violation for the same reason.

There’s no such distinction in the article between those types of images

You brought it up, it was your example.

That’s what I said. It’s my example, not the author’s. And it was an example that exposed your strawman attempt. The example did the job it was meant for.

The document says the fact CF use images, that they are a blight on the environment. Its like an onion article title.

CAPTCHA images are raster images. Did you follow the citation? The logic follows. Graphics are far heavier than text.

BTW, I personally disable images in my GUI browser. It makes me look more like a bot & get treated as such but I consume far less bandwidth - thus less energy.

I don’t buy the human rights thing at all, it’s incredibly far fetched, almost maniacal.

Again, it would do you some good to read the UN’s Universal Declaration of Human Rights (#UDHR).

Article 21 ¶2: “Everyone has the right of equal access to public service in his country.”

Article 26: “Everyone has the right to education. … higher education shall be equally accessible to all”

Do you understand what that means? Does it say “Everyone in Denmark except those who are excluded by the private US corporation Cloudflare or don’t agree with the terms of US corporation Proquest”?

What about public schools that force students to agree to Google’s terms of service and patronize Google Inc as a condition of class participation? Do you see a human rights problem there (assuming you’ve read and understand the above two UDHR paragraphs)?

the school decided to implement CF as a tool, why does it make CF to blame?

There’s enough blame to go around to the school and all entities involved. Cloudflare gets blame for their defaults. Do a search on the #powerOfDefaults if you don’t grasp the importance of defaults.

but plucking out things like “software freedom” for a commercial product?

This so-called “commercial” product is being used in the public sector, which means people who need public service are being forced to execute non-free software.

exaggerated?

Ctrl+F “tor”, highlight matches, wow thats a lot – could be summarised to a single paragraph of maybe 2 sentences. It repeats so often I started to roll my eyes. … its written in such an exaggerated fashion that there are repeated statements throughout,

This logic doesn’t follow. First of all, repetition and exaggeration are completely different attributes. You seem to be claiming both yet cannot pin down either. Which claim is redundant? Which claim is exaggerated? It’s better if you copy exact statements here if you want to make any sense. So far you’re just generalizing and hand-waving. When I search for “Tor” in that article, I see no false statements. Be specific.

case in point: vector vs bitmap images. It detracts from the real issues.

There’s no such distinction in the article between those types of images. The distinction was only made in this thread to illustrate the failure of your strawman by critical omission.

Dismissive because? Yes there are other tools, using similar technologies.

Not at all. infosec.pub is not using Cloudflare or anything like it. infosec.pub demonstrates how to avoid anything like CF.

There is no evidence yet that this has been exploited.

This is like saying I don’t need to lock my car/house door because the lack of security has not been exploited. Of course it’s foolish to extend needless trust. In security we act on potential not just react to what has occurred. We lock our door even if we’ve not witnessed an intrusion.

True. And indeed there are many ways to solve this in the code. The thread is more to focus on social solutions that can be taken within the confines of the software as it is.