Not sure if this is the right community to post this in, as we don't have any !main@feddit.ch or similar community, but it seemed the most relevant. Sorry if it doesn't belong.

I'm sure that at this point it has become common knowledge that , Meta's alternative to Twitter, is trying to implement ActivityPub into their site. If/when this goes through, this would make Threads an instance admin, giving then full access to all the data that is available to other instance admins. This would include all data that belongs to Lemmy/KBin/Mastodon/etc users.

My main question is, should we let them do this? Should we federate with them if/when they come online, or should we defederate? I know that does not usually defederate with others (we currently only have one instance blocked, bottom of ), but in this case, this is Meta we're dealing with. They aren't exactly a big fan of data privacy, which is the whole theme of this instance (our sidebar: "This instance is focused on providing security and privacy for its users").

It seems that most people on Lemmy/etc. seem to be in favour of pre-emptive defederation and that many other instances have already defederated (Lemmy.ca, dbzer0, Blahaj, Beehaw, Lemm.ee).

There may also be another solution, but I'm not sure whether this applies to Lemmy.

What does everyone else think? Should we stay federated with them? Should we defederate, like other instances have already done? Should we wait and see? I'd love to hear others' opinions on this.

cross-posted from: https://infosec.pub/post/9048075

I simply make a GDPR request. Write to a Tor-hostile data controller making an Article 15 request for a copy of all your data. Also ask for a list of all entities your data is shared with.

The idea is that if a website blocks Tor (or worse, uses Cloudflare to also share all traffic with a privacy offender), then they don’t give a shit about privacy. So you punish them with some busy work and that busy work might lead to interesting discoveries about data abuses.

Of course this only works in the EU and also only works with entities that have collected your personal data non-anonymously. After getting your data it generally makes sense to also file an Article 17 request to erase it and boycott that company.

Language is important. The corporate propagandists are winning the language branding battle. In fact there is no battle because the pushover public just accepts their terms. We need to organize and define their garbage with our terms. E.g.

• (smart → dependent) Homes and appliances dependent on a corporation and contract are perversely called smart. So we should refer to them as “contract-dependent” or simply “dependent”. It’s not a smart dryer or doorbell, it’s a dependent dryer or doorbell. Probably makes no progress to mess with “smartphone”, but anything that has an avoidable and needless dependency needs renaming. (smartphone is debatable.. maybe a degoogled or Postmarket OS phone is a smartphone while a stock Android is a dependent phone, but let’s not get too carried away). Initially it’s not effective to just start saying “dependent washer” because readers won’t understand. Say “‘smart’ (read: dependent) washer”. Credit for this terminology goes to @dannym@lemmy.escapebigtech.info for this post, which gives a bit more detail.

• (Meta→Facebook) Meta hi-jacks a common English word to benefit a surveillance advertiser. We can’t allow this. IMO Facebook is understood and clear enough, but note that it’s not technically accurate because Meta is a parent company which has Facebook and Threads as subsidiaries IIUC (just like Alphabet owns Google).

• (Threads→fbThreads™/®?) Since Threads is the original name of Facebook’s forum, there is no unambiguous past name to cling to. We must invent something here. Fuck those egocentric self-centered asshole fucks for hi-jacking a generic common word to describe their service. There are already confusing conversations where it’s unclear from context if someone means FB’s Threads or a generic forum (threads). It’s not just a confusion problem.. when you refer to a thread in the generic sense and it is understood, there is still a subconcious tie to that shitty company.. their brand benefits from conversation that does not even involve their brand.

• (X→Twitter) This is an easy one. Just keep with the old term.

• (Cloudflare→CF walled garden) I’ve not encountered a replacement term for Cloudflare that’s not overly hyperbolic. But we can often incorporate “walled garden” and “centralized” to stress the issues. Instead of just saying “it’s a Cloudflare site”, say some variant of “the site is jailed in Cloudflare’s exclusive centralized access-restricted discriminatory walled garden contrary to netneutrality principles of access equality”.

It’s worth nothing that hyperbole doesn’t help. E.g. we might want:

• Meta/Facebook→Fakebook
• Microsoft Windows→Microsnot Winblows

The problem is these terms are only accepted by fully committed digital rights folks. That’s not the crowd that needs to be swayed. Hyperbole does not catch on with moderates - the masses where it’s most important for rebranding to take hold. Good rebranding doesn’t deviate too much from neutrality.

• (user→pawn) Exceptionally, I refer to “users” of surveillance capitalists as “pawns”. It’s probably too edgy to catch on, but it is what it is. Users is neutral and understood so it can’t easily be rebranded anyway. I will just say pawns to stress the point: who is using who?

Anyway, this is just the start of a crowd-sourcing effort. Please contribute more rebrandings in this thread as well as improved alternatives to my effort above.

Hi all, a shy try to awake this community again :)

Whats your daily-routine for privacy, what are you using, what are you not doing?

Short summary of me:

• Phone -> LineageOS
• VPN -> Per perimeter (LAN, Mobile) -> different VPN providers
• Home network (More for security but also helps detecting privacy invasive applications) -> Firewall, IDS and ISP router is bridged
• Payment -> Cash where possible (Saved me some trouble when card machines were offline and most had to go somewhere else to have a meal)
• Browser -> Three to four different ones, per usage I use a different (Media, communication, bank etc)
• Browser extensions -> UblockOrigin, Decentraleyes, User-AGent-Switcher and NoScript
• Browser cache/history -> deleted once a month (I do not use credentials saved inside browsers)
• Online Calls -> Matrix
• OS -> Linux only household
• Mail -> Different providers and own domain with catch-all, so if a company sells my mail I will see it because it is COMPANYNAME@MYDOMAIN.COM

Thats on top of my head, what are your takes?

A public service started blocking access from Tor users. Blocks like this almost never have the courtesy to acknowledge why you are blocked (Tor) much less why they decided to exclude Tor users from public access. The blockades seem to always be implemented by an asshole.

So I play dumb: “your site is no longer working… here is my screenshot…('Unable to connect')”. I submit that as a complaint.

The response I would hope for: “Oh, we are sorry sir, we will send you a link to our bulletin page that publishes a chronology of all changes we make to the site and have a technician call you to troubleshoot the problem.”

My goal is to burden those behind unjustified/undocumented anti-Tor configs so they spend some time investigating as a consequence of their unannounced change and their useless error messages.

What really happens:

They reply saying: “the server works. No problems were reported. The problem is with your browser. Try another computer/browser”.

So indeed, they double-down on being assholes. They give this snap response having no idea what could have gone wrong. There is no escalation procedure in government when you reach an incompetent person. So what’s the counter-move?

Proposal: network with other Tor users in the region. When one user reports a tor-hostile, everyone else in the group should verify the block and complain at the same time; everyone taking care not to mention Tor. It should remove the the knee-jerk “there have been no complaints” response.

Has anyone tried this?

If you have a defensive browser that runs over Tor and blocks popups, CAPTCHAs, dark-pattern-loaded cookie walls, and various garbage, we still end up at the losing end of the arms race. The heart of the problem is that privacy enthusiasts are exposed to the same search engine rankings that serve the privacy-naïve/unconcerned masses.

Would it make sense for the browser to autodetect various kinds of enshitification, add the hostname to a local db for future use, then report the hostname anonymously over Tor to central db that serves as an enshitification tracker? The local and centralized DBs could be used to down-rank those sites in future results. And if a link to enshitified sites appears on a page unrelated to searches it could be cautioned with a “⚠”. Some forms of enshitification would probably need manual detection but I could see people being motivated to contribute.

The security and integrity of a centralized db would perhaps be the hardest part of the effort. But if that could be sorted out, we could get search results to prioritize (pro-user) resources. In principle the DB could also track access methods by which a website is garbage-free (e.g. if the garbage does not manifest when viewed in Lynx, then that should be captured in the DB as well).