Network Neutrality and Digital Inclusion
Just did a search using the most privacy respecting search service in the world: ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion Was quite disgusted to see a link to a sh.itjust.works thread in the results. It was rightfully low-ranking with a strike-through, which is how ombrelo treats Cloudflare sites. But still, ombrelo sources the results from the giants and that exclusive centralised shit is now polluting search results even more.
fedia.io
The linked “magazine” (community) is where Twitter & FB users can converge with non-Twitter & non-FB users to have their messages to their gov reps relayed. This is a hack to circumvent digital exclusion.
Folks just post whatever link they want to share without thinking. Then thousands of people have to grapple with some enshitified paywall or a shitty Cloudflare CAPTCHA. We need smarter users. It just takes one lazy/naive motherfucker to cause a lot of work for people collectively. This is inspired by archive.org going down. The sole digital public library we have in the world is a hack around shared links to shitty servers -- servers that expect US to serve THEM. Servers that piss on their role as a /server/ and fail to serve us. So here are some methods/rules that will make you a better contributor: ① Realize that the same story is often published by several sources. Whatever source you first encountered, it’s probably not decent. The web is designed to get the most enshitified page in front of you. Instead of spreading that garbage, go to Ombrelo: https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/ Search for the story there. Ombrelo will down-rank the exclusive Cloudflare garbage so the more inclusive links float to the top. ② Copy the whole text of the article into your post. This will become the most convenient and most accessible version of the article. Maybe not convenient for you but the reader’s convenience is more important (because there are thousands of them). ③ Don’t link archive.is. That’s just another shitty exclusive walled garden. Link to archive.org if it is online. ④ Don’t create an original thread on a Cloudflared community or you are just worsening the problem of jailing more content in an exclusive place. These are some of the mainstream shitty oppressive Cloudflare instances: * lemmy.world * lemm.ee * sh.itjust.works * lemmy.ca * lemmy.zip * aussie.zone * lemmy.one * lemdro.id * programming.dev * literature.cafe * beehaw.org ← not Cloudflare, but Tor-hostile thus exclusive Most people are ignorant and have no idea that by using those places they are jailing content in the worlds biggest centralized walled garden. Now that you know, you can choose more wisely. Use lemmyverse.net to find the community you’re after. And use the filter to nix the above nodes. If it does not show the community you need outside of the above giant walled garden, then create the community in the open free world. If you are desperate for visibility you can cross-post to those shitty places above. At least some of the subscribers in the walled garden will learn of your more free venue. Follow the [advice RMS gives](https://stallman.org/facebook-presence.html) to people who insist on feeding Facebook, but substitute the above Cloudflare list. Ensure everything you author is reachable somewhere in the open free world. Only show a minimal number of posts on Cloudflare-pawned or exclusive nodes. Keep in mind when you post to those places, you are feeding an oppressive corporation while blocking some demographics of your fellow human beings from access. That’s some fucked up boot licking when done knowingly. ⑤ If you want to link a **youtube** video, yikes. That sucks because (at least at the moment) the free world resources (Invideous) have been rendered dysfunctional by Google. But in the very least, you can copy the Youtube transcript into the body of your post. If you have the video up in Youtube, you can click into the transcript. I forgot how.. something like expanding the description then details, or some buried place. There is also https://www.tubetranscripts.com/ ⑥ If you want to link a NY Times article, we’re all fucked.. plz don’t do it. Look for the story elsewhere. NYtimes has this onion: https://www.nytimesn7cgmftshazwhfgzm37qxb44r64ytbb2dj3x62d2lljsciiyd.onion/ which used to give full access to content, but now it’s as enshitified as the clearnet site. For **BBC**, there is: https://www.bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh7745uqd.onion/ I don’t recall if BBC’s onion is free-er. For medium.com, there is https://scribe.rip/ (many instances thereof). I suggest also searching here: https://search.fabiomanganiello.com/search That guy has gone to some trouble to do link replacements with better versions. Though i’m confused because he is no longer replacing Reddit links with mirrors.. wtf.
fedia.io
What’s going to happen in the EU is public spaces like libraries which already have wi-fi service are going unplug their wi-fi service and take this free wifi4eu option. Then only people who can get the special Google/Apple-only app will have wi-fi access. So while the project falsely claims to favor digital inclusion, they will actually be making existing networks more exclusive.
When Google sabotages network neutrality by blocking Tor and Invidious instances, is it wise for the fedi to facilitate the sharing of #Youtube links? Fedi instance operators would probably not tolerate links into Facebook’s walled-garden if people were to start polluting an otherwise open community with them. So Youtube links should probably be treated with contempt during periods where Google’s DoS attack is underway.
ecfr.gov used to be a decent source for looking up laws. When looking up the anti spam laws, the linked page is littered with links to an access-restricted Cloudflare site (www.govinfo.gov). The important parts of the law are missing from ecfr.gov. It’s common for various states to have this mom-pop shop competency level, but tragic and embarrassing that the US feds lack competency to the point of Cloudflare-dependency. Often Cornell University publishes federal law and mitigates the embarrassment to some extent. But when looking up the CAN-SPAM law at Cornell, the Cornell law site redirects to another access-restricted Cloudflare site (www.gpo.gov). There needs to be a fundamental high-level that requires all laws to be accessible to all people, not just people who Cloudflare is willing to give access to.
Yikes. As some Tor users may know, the UN drafted the Unified Declaration of Human Rights, which in principle calls for privacy respect and inclusion. That same UN blocks the Tor community from their website. Indeed, being denied access to the text that embodies our human rights is rich in irony. Well that same UN plans to create a “Global Digital Compact” to protect digital human rights. It’s a good idea, but wow, they just don’t have their shit together. I have so little confidence that they can grasp the problems they are hoping to solve. Cloudflare probably isn’t the least bit worried. Competence prevailing, Cloudflare should be worried, theoretically, but the UN doesn’t have the competence to even know who Cloudflare is.
One quite annoying Lemmy behaviour is when you search for a community that has many results spanning multiple screens (e.g. query “software”), the list is largely clusterfucked with crappy centralised instances that go against the #fedi philosophy (e.g. #lemmyWorld, #ShItjustWorks, #lemmyCa, #LemmEE, #LemmyZip, #programmingDev, etc). I discovered a fix: ctrl-rt-click on every community in the list to open each in a tab. Then click “block community”, then repeat the search. It works the way it should: blocked communities are excluded from search results. Wish I realised that sooner.. would have saved me some effort and frustration in trying to search only for communities in the decentralised free world.
The problem: Most #fedi authors post links with no idea if the hosting server discriminates against people, or who. The consequence is that the fedi is muddied with references to exclusive venues that do not treat people equally, which wastes the time of readers who are impacted by discrimination. A variety of walled gardens pollute our threadiverse experience. So how can we remedy this? Proposed fix: Suppose we create a community and designate it as a testing area which welcomes bots. So e.g. I post something in the test community, and a bot that is paywall-aware replies yes or no whether the link is paywall-free. A bot that is Cloudflare-aware does the same. A regional bot, such as a bot in Poland can check that Polish IP addresses can reach the URL and make noise if the website blocks Poland. Etc. It need not be just bots.. someone in some oppressed region might manually attempt to visit links and report access problems. We would certainly like a bot in a GDPR region to test whether access is refused on the basis of a data controller’s unwillingness to respect GDPR rules. The OONI project could have a bot that reports anything interesting in their database. There could also be anti-enshitification bots, which point out things like cookie walls. There are bots that find better links to replace Cloudflare links. Those bots could help direct authors to better URLs to share. There could be a TL-DR bot that replies with a summary or even the full text, so an author can decide before posting in the target community whether to omit a shitty link and just post the content. --- (update) It’s worth noting that for Mastodon there an ad hoc tool. If you follow @mg@101010.pl, that bot will follow you back and analyze every URL you share for whether it is Cloudflared. If yes, it will DM you with alternative URLs. Note that the mitigator bot is quite loose it its judgement. If the host is not Cloudflared but another host on the same domain is Cloudflared, it is treated as a positive because it’s assumed that when you visit the host it will link to other hosts on the same domain.
The [linked¹ #gemini article](gemini://gemlog.blue/users/dataSubject/1717930491.gmi) is the political platform of the French green party in Belguim w.r.t. digital rights. It was translated from French. I’m overall impressed enough to vote for them. But I do have some concerns: > “At the Belgian level, we propose to establish a legal guarantee of **5 years** for new electronic devices.” Yikes, waaay too short. Needs to be at ***least*** 10 years. But it helps that they advocate FOSS: > “Generalize the ability to use free software on all devices to decrease software obsolescence.” Though this statement is far too vague. If a maker of hardware with proprietary non-free software only gives 5 years of support, there needs to be a legal obligation that they port FOSS to the device at the end of the warranty. This is missing in the green party’s plan. A lot of other things are missing in their plan, but generally their principles are sensible. ¹ (edit) actually it cannot be linked using the URL field due to a #LemmyBug. But at least it was linkable in the msg body.
Might be useful for some.. but note that it uses CF to get the CIDRs.
Mastodon used to show people the mirrored version of federated content which shielded users from Cloudflare’s discriminatory blockade. But something apparently changed. If I try to visit this mirror of a mastodonapp.uk status on layer8.space: https://layer8.space/@tmmj@mastodonapp.uk/112387605497275701 it redirects to: https://mastodonapp.uk/@tmmj/112387605489133663 which is apparently a shitty Cloudflare node that deceives us into thinking the account does not exist. If you are logged into the mirrored node, then it does not redirect and you can see the content. Of course, only if you have an account on the mirror which means anonymous viewing is no longer possible. If I want to share that layer8.space link with other people, it would be an injustice to share the mastodonapp.uk link because it’s in a walled garden that excludes people. It would be like sharing a Facebook link with an audience that includes people outside of Facebook. So naturally I would share the layer8.space version because layer8.space allows all people to visit. But now this is impossible. Cloudflare’s stranglehold of control has been increased by this Mastodon move. Worse, Cloudflare has started pushing error code **404**, not **403**. So CF is misrepresenting the error to suggest that the page does not exist. Cloudflare has carte blanche in fucking up the web. A 404 error is supposed to inform users that an object is not found, not that they are not authorised to access it. The attached image is what Cloudflare-excluded people see when trying to visit this image: https://files.mastodonapp.uk/media_attachments/files/112/387/580/865/787/635/original/f4442c8789ad52c2.png
When an image is posted by someone on a Cloudflared instance like the following: * #LemmyWorld * #ShitJustworks * #LemmyCA * #LemmyEE * #LemmyZip * #LemmyOne the image is inaccessible to all demographics of people [who Cloudflare discriminates against](https://thefreeworld.noblogs.org/post/2024/03/18/cloudflare-has-created-the-largest-most-rigidly-exclusive-walled-garden-in-the-world/) because images are not mirrored to federated nodes. We expect corporations to not give a shit about marginising people who are not profitable enough to care about. But when [naive asshole users](https://sopuli.xyz/comment/9614573) outnumber progressive egalitarians, it highlights a problem with the fedi, which still lacks the tooling needed to keep oppression at bay. The six listed nodes above effectively host the AOL users of our time. Lacking the sophistication needed to detect and grasp situations of eroded digital rights with a degree of blindness and lack of concern for centralised corporate control. Suggestions needed for Lemmy nodes that are defederated from the above listed six.
cross-posted from: https://sopuli.xyz/post/11709471 > Many political parties are allowing Cloudflare to block some demographics of voters from seeing election info on their own candidates. These political parties are running exclusive websites: > * PS/Vooruit (Socialist / Parti Socialiste [fr/nl]) > * Défi (previously part of the MR, now more at the center [fr]) > * CD & V (center / Christen Democratisch en Vlaams [nl]) > * Groen (Green Party [nl]) > * Open VLD (liberal [nl]) > > Effectively they are operating in an anti-democratic fashion. Open and inclusive access to election info is paramount to democracy. > > The political parties who are running inclusive websites are (quite ironically) the right-wing parties. And funnily enough, some of the right-wing parties actually have an English version of their website as well. This defies their historic reputation as being relatively xenophobic. If voting purely on the basis of digital rights and digital inclusion fostered by their website implementation, the right-wingers are the clear winners here. > > Voting left entails supporting parties that suppress election info from some demographics of people. Voting right is a non-starter on general principle (e.g. climate denial). Voting is mandatory but there is said to be a “none of the above” option. > > (edit) OTOH, the French green party (ecolo.be) has an open website. Perhaps that’s a decent way to vote.
IMO this is a #netneutrality issue due to lack of access equality. People with old phones are discriminated against. cross-posted from: https://infosec.pub/post/11021006 > … > TLS-encumbered captive portal (transit service) > --- > A transit service offered wi-fi but the network forcibly redirected me to a > captive portal that triggers this error: > ``` > net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH > ``` > I tried a couple browsers and tried rewriting the `https://` scheme as `http://` but SSL redirect was forced consistently. The error apparently [implies](https://web.archive.org/web/20240318220527/https://phoenixnap.com/kb/fix-err-ssl-version-or-cipher-mismatch) my phone’s browser can’t do TLS 1.3. > > It seems like a shitty move for a transit service to require passengers to use TLS 1.3 just to tick a fucking box that says “I agree” (to the terms no one reads anyway). Couple questions: > > * I’m generally in the /protect everything by default/ school of thought. But I cannot get my head around why a captive portal where people just tap “I agree” would warrant disclosure protection that could hinder availability. In reality, I don’t really know what the captive portal at hand requests.. maybe it demands people’s phone# or email, in which case it might make sense (though I would object to them collecting that info in a GDPR region in the 1st place). > > * Is there a good reason for a captive portal to require TLS 1.3? It seems either the network provider does not trust their own network, or they’re simply incompetent (assumes everyone runs the latest phones). But if I’m missing something I would like to understand it. > > I still have to investigate what limitation my browser has and whether I can update this whilst being trapped on an unrooted Android 5. > > Bypass methods > --- > I guess I need to study: > * ICMP tunnel (slow, but IIUC it’s the least commonly blocked) > * SSH tunnel > * others? > > Are there any decent FOSS tools that implement the client side of tunnels without needing root? I have openvpn but have not tested to see if that can circumvent captive portals. I’ve only found: > > * [MultiVNC](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/com.coboltforge.dontmind.multivnc/index.html.en) - VNC over SSH > * [AVNC](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/com.gaurav.avnc/index.html.en) - VNC over SSH > * [ConnectBot](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/org.connectbot/) - Can all traffic be routed over this SSH tunnel, or just a shell session? > * [VX ConnectBot](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/sk.vx.connectbot/index.html.en) - same as connectBot but expanded > > I’m curious if the VNC clients would work but at the same time I’m not keen to bring in the complexity of then having to find a VNC server. Running my own server at home is not an option. > > My to-do list of things to tinker with so far: > * [Captive Portal Controller](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/io.github.muntashirakon.captiveportalcontroller/) > * ~~[CaptivePortalLogin](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/com.juliansparber.captiveportallogin/)~~ (AOS 6+, and no Izzy archives on this) > * [Hotspot Login](http://fdroidorg6cooksyluodepej4erfctzk7rrjpjbbr6wx24jh3lqyfwyd.onion/en/packages/net.sf.andhsli.hotspotlogin/) > > Legal options > --- > If a supplier advertises Wi-Fi but then they render it dysfunctional by imposing arbitrary tech requirements after consumers have already bought the product/service it was included with (coffee, train/bus/plane fare, etc), then they neglect to support it, doesn’t that constitute false advertising? Guess this is out of scope for the community but I might be ½ tempted to file false advertising claims with consumer protection agencies in some cases. > > And when a captive portal demands email or phone number, it would seem to be a GDPR violation. Some public libraries make wi-fi access conditional on sharing a mobile phone number which then entails an SMS verification loop.
Some people think Cloudflare is not a “walled garden”. This article goes to a great extent to show not only that Cloudflare is a #walledGarden, but it’s actually more of a walled garden than the well known ones (Facebook & Google).
(⚠ Enshitification warning: The linked article has a cookie wall; just click “reject” and the article appears) Google is ending the public access to the cache of sites it indexes. AFAICT, these are the consequences: * People getting different treatment due to their geographic location will lose the cache they used as a remedy for access inclusion. * People getting different treatment due to having a defensive browser will lose access. * The 12ft.io service which serves those who suffer access inequality will be rendered useless. * Google will continue to include paywalls in search results, but now consumers of Google search results will be led to a dead-end. * The #InternetArchive #WaybackMachine will take on the full burden of global archival. * Consumers will lose a very useful tool for circumventing web enshitification. Websites treat the Google crawler like a 1st class citizen. Paywalls give Google unpaid junk-free access. Then Google search results direct people to a website that treats humans differently (worse). So Google users are led to sites they cannot access. The heart of the problem is access inequality. Google effectively serves to refer people to sites that are not publicly accessible. I do not want to see search results I cannot access. Google cache was the equalizer that neutralizes that problem. Now that problem is back in our face.
There is hardly any discussion on this trending variety of web enshitification where a website needs to give physical locations to people. Many web devs are starting to spotlight their profound incompetence in accomplishing this very simple task. They throw up an interactive map which requires the full utilization of fancy GUI browser frills that excludes all but those who “chase the shiny”. A 1990s high schooler to do this better in plain HTML. Doesn’t this screw over blind people? How does a screen reader handle a map? My hardened low-bandwidth browser can’t handle this absurd degree of putting fancy above access equality. When this shit happens on a vendor’s website and I’m trying to locate them to give them business, the answer is easy: they can fuck off and lose my business. But it’s sad when a [government does it](https://coronavirus.brussels/vaccination-covid-menu/ou-se-faire-vacciner-a-bruxelles/) and the information has medical relevance.
This is what it looks like when a Tor user attempts to fetch a file or even just obtain the size of a file from a Cloudflared resource like #LemmyWorld.
[TMC](https://en.wikipedia.org/wiki/Traffic_message_channel) is a broadcast of traffic information which usually uses an FM signal. These protectionist countries encrypt the data: * #Australia * #Finland * #Germany * #Italy * #Norway * #Sweden That’s fucked up, is it not? Shouldn’t publicly funded information be open to the public? These countries provide unencrypted #TMC data: * Estonia * France #openData
cross-posted from: https://lemmy.dbzer0.com/post/6251633 > LemmyWorld is a terrible place for communities to exist. Rationale: > > * Lemmy World is centralized by disproportionately high user count > * Lemmy World is centralized by #Cloudflare > * Lemmy World is exclusive because Cloudflare is exclusive > > It’s antithetical to the #decentralized #fediverse for one node to be positioned so centrally and revolting that it all happens on the network of a privacy-offender (CF). If #Lemmy World were to go down, a huge number of communities would go with it. > > So what’s the solution? > > Individual action protocol: > > 1. Never post an original thread to #LemmyWorld. Find a free world non-Cloudflare decentralized instance to start new threads. Create a new community if needed. > 2. Wait for some engagement, ideally responses. > 3. Cross-post to the relevant Lemmy World community (if user poaching is needed). > > This gets some exposure to the content while also tipping off readers of the LW community of alternative venues. LW readers are lazy pragmatists so they will naturally reply in the LW thread rather than the original thread. Hence step 2. If an LW user wants to interact with another responder they must do so on the more free venue. Step 3 can be omitted in situations where the free-world community is populated well enough. If /everything/ gets cross-posted to LW then there is no incentive for people to leave LW. > > Better ideas? Would this work as a collective movement?
Before sharing a link I would like to determine whether the website excludes people from access, and who is excluded. I can test for myself whether the Tor community is excluded but what about: * VPNs * i2p * public libraries * #cgNAT-issued IP addresses (often from impoverished regions) * various geographical regions * particular browsers (e.g. lynx, w3m, non-chrome-based…) for example? I cannot check all those means of access. If a website is implementing some form of digital exclusion, I would like to ensure that I am not helping the exclusive website gain visitors. #askFedi #netneutrality