There is a new law that allows merchants to stop giving paper receipts.
The forced use of e-receipts in Europe (France, Belgium, Netherlands, Denmark, England, & Italy)
One of the big problems social and collaboration platforms is people go to where the people are, like Lemmings, with disregard to principles and ethics. I go to the ethical venues regardless of where the people are. Instead of feeding a harmful network effect, I would rather feed free and open spaces. If I were to contribute to MS Github, I would have to consider myself part of the problem.
Did you report the bugs on the Lemmy github?
No, and I wouldn’t. I created this community specifically for reporting bugs when bug trackers are in bad places like Github:
Most people are indeed probably using Firefox
The cross-posting problem is specific to Tor Browser, which is Firefox based. But that one was fixed in 0.19.5.
I was actually shocked to recently learn many are using their phones, which often means 3rd party apps (and which would not have any of the stock UI bugs).
0.19.5 only fixes one of the 4 bugs (cross-posting). None of them seem to be mentioned in the change notes.
141 servers are already running 0.19.5
Ungoogled Chromium and Tor Browser are perhaps less popular than they should be.
(Lemmy regression!) search function broken in Ungoogled Chromium (Lemmy ver ≥0.19.4)
In both Lemmy 0.19.4 and Lemmy 0.19.5, you click the magnifying glass to open the search dialog. If you enter a search query and tab out of the field, whatever you typed is cleared. Even if you simply hit <enter>
without tabbing out of the query field, the search form is refreshed and it tells you enter a query, as if you had not done so already.
Both versions have this problem with Ungoogled Chromium. The problem does not manifest on Tor Browser.
cross-posted from: https://sopuli.xyz/post/14184367
> Lemmy version 0.19.4 introduces 3 relatively intolerable bugs, and 0.19.5 only fixes one of them. > > * cannot post, risk of data loss > * cannot cross-post, but no data loss. > * can only visit the default timeline view >
Lemmy version 0.19.4 introduces 3 4 relatively intolerable bugs, and 0.19.5 only fixes one of them.
- cannot post, risk of data loss
- cannot cross-post, but no data loss.
- can only visit the default timeline view
- (update) cannot search
(Lemmy regression!) cannot select timeline view in Ungoogled Chromium (Lemmy ver ≥0.19.4)
This bug was introduced with version 0.19.4 and still persists in 0.19.5: There are four possible timeline views:
- subscribed
- local
- all
- moderator view
That selector is broken in Ungoogled Chromium 112.0 but not in Firefox-based browsers. In UC, clicking “moderator view” highlights the button, the page refreshes, but the selector does not stick. It snaps back to whatever view is the default and remains trapped on that timeline.
This problem is replicated in both 0.19.4 and 0.19.5 instances.
(Lemmy regression!) cannot cross-post using Tor Browser (Lemmy ver 0.19.4)
If I use the cross-post feature to copy the post elsewhere, the form is populated just fine but then I have to search for the target community at the bottom of the form. As soon as I select the target community, the whole rest of the form clears. If another field is re-populated, the target community field clears. So only one field at a time can be populated.
Tested with Tor Browser.
Untested in Lemmy 0.19.5.
(Lemmy regression!) cannot post new threads using Ungoogled Chromium (Lemmy ver ≥0.19.4)
Lemmy 0.19.4 introduced a quite serious defect whereby if you are using Ungoogled Chromium (and perhaps stock Chromium), the form to create a new post accepts input but then the instant you tab out of the field, the whole field is cleared. Poof… just like that, all your work vanishes and no way to get it back.
Firefox-based browsers have no issue.
Lemmy 0.19.5 seems to have fixed it. But there are other problems with both 0.19.4 and 0.19.5, so I suggest not upgrading past 0.19.3.
(edit) actually the problem manifests differently in 0.19.5. The form can be filled out and there is no data loss, but the “create” button is insensitive. It remains gray and behaves as if the form is still empty.
FCC blocks Tor so I can’t see the page, but I just wanted to mention a hack if number porting is refused for some reason (based on @Yeno@lemmy.world’s hint that it could be): downgrade the vz contract to the full extent possible (ideally make it a prepaid acct if that’s possible, so you can nix the monthly fee). Then dial whatever magic code forwards your vz number to your new number.
cross-posted from: https://sopuli.xyz/post/14087065
> One quite annoying Lemmy behaviour is when you search for a community that has many results spanning multiple screens (e.g. query “software”), the list is largely clusterfucked with crappy centralised instances that go against the #fedi philosophy (e.g. #lemmyWorld, #ShItjustWorks, #lemmyCa, #LemmyZip, #programmingDev, etc). > > I discovered a fix: ctrl-rt-click on every community in the list to open each in a tab. Then click “block community”, then repeat the search. It works the way it should: blocked communities are excluded from search results. > > Wish I realised that sooner.. would have saved me some effort and frustration in trying to search only for communities in the decentralised free world.
One quite annoying Lemmy behaviour is when you search for a community that has many results spanning multiple screens (e.g. query “software”), the list is largely clusterfucked with crappy centralised instances that go against the #fedi philosophy (e.g. #lemmyWorld, #ShItjustWorks, #lemmyCa, #LemmEE, #LemmyZip, #programmingDev, etc).
I discovered a fix: ctrl-rt-click on every community in the list to open each in a tab. Then click “block community”, then repeat the search. It works the way it should: blocked communities are excluded from search results.
Wish I realised that sooner.. would have saved me some effort and frustration in trying to search only for communities in the decentralised free world.
So not what their running debt is but only whether they can take on a new, specific one.
I knew the criteria was out of the hands of EU-based lenders, but didn’t realise the data is also out of reach to the lender. I suppose it makes sense that the lender would get no info other than a yes or no, if lenders have no discretion.
I noticed A shop had a rediculously priced phone (like €800+, something I would never buy) but advertised something like €9 if you take a contract. So it’s effectively a loan factored into a locked-in phone service plan. IIUC, the phone shop must arrange that with a bank and does not have the option of taking on risk, and then the bank asks the central bank if customer X can handle that loan, correct?
You can reverse payments through the bank in the EU as well but it’s seldom necessary, since the companies tend to revert the charge willingly when confronted by the consumer protection bureaus.
I’ve only had to resort to bank reverse a couple if times.
One was when I ordered a pair of shoes of what appeared to be an Italian website. It later turned out it was a scam site that listed popular models that were not made anymore and then sent you a ridiculously poorly made knock-off copy from China. I explained the issue to my bank and showed the knockoffs I got and a week or so later the charge was reversed.
That’s quite a surprise. I heard SWIFT/IBAN transfers were permanent and irreversable. I heard of mistakes being corrected but it required the two banks to collude and the bank of the recipient to do a money grab on their account, which I suppose would be impossible if a criminal closes their account. I wonder if your bank took a loss or if they colluded with the other bank. IIRC, banks have a minimum “investigation” fee of like €25 plus an hourly rate to pay bankers to deal with bad transactions. Did your bank offer that service for free?
The only similar things I know is the central bank keeping a listing of “unpaid credit” which make ban you from getting any new credit for a certain time.
Indeed that’s what I’m talking about. In Belgium it seems consumers have no control over whether a creditor can access the central bank’s records. Apparently the central bank simply trusts that creditors are checking records in response to an application for credit. I would like to know if any EU countries make use of an access code so consumers can control which creditors can see their records.
I don’t mean to imply anything about scoring, but certainly there must be some kind of mechanism to expose bad debtors to lenders.
In Belgium, there are no private credit bureaus but there is a central bank. Belgian banks are obligated to report loan defaults and cash transactions to the central bank, and creditors are obligated to check the central bank’s records. Consumers have no way to control creditors access to their records in the central bank. It seems to be trust based. The central bank apparently trusts that a creditor is checking a consumer’s file in connection with an application for credit by the consumer.
In the US, consumers can freeze their credit worthiness records and receive a code. When the records are frozen, the only orgs that can access the records are those already doing business with the consumer. If a consumer wants to open up a new account, they share the code with the prospective creditor who uses it to see the credit report.
So the question is, how are access controls on credit histories done in various EU nations? Do any use unlock codes like the US, or is it all trust based?
The European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework on 10 July 2023. Many have...
Yikes.
> “In the adequacy decision, the European Commission estimated that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union.” (emphasis added)
Does the EU disregard the Snowden revelations?
And what a missed opportunity. California state specifically has some kind of GDPR analogue, so it might be reasonable if CA specifically were to satisfy an adequacy decision, (still a stretch) but certainly not the rest of the country. Such a move could have motivated more US states to do the necessary.
I must say I’ve lost some confidence and respect for the #GDPR.
cross-posted from: https://sopuli.xyz/post/13985430
> The problem: > > Most #fedi authors post links with no idea if the hosting server discriminates against people, or who. The consequence is that the fedi is muddied with references to exclusive venues that do not treat people equally, which wastes the time of readers who are impacted by discrimination. A variety of walled gardens pollute our threadiverse experience. So how can we remedy this? > > Proposed fix: > > Suppose we create a community and designate it as a testing area which welcomes bots. So e.g. I post something in the test community, and a bot that is paywall-aware replies yes or no whether the link is paywall-free. A bot that is Cloudflare-aware does the same. A regional bot, such as a bot in Poland can check that Polish IP addresses can reach the URL and make noise if the website blocks Poland. Etc. It need not be just bots.. someone in some oppressed region might manually attempt to visit links and report access problems. We would certainly like a bot in a GDPR region to test whether access is refused on the basis of a data controller’s unwillingness to respect GDPR rules. The OONI project could have a bot that reports anything interesting in their database. > > There could also be anti-enshitification bots, which point out things like cookie walls. > > There are bots that find better links to replace Cloudflare links. Those bots could help direct authors to better URLs to share. > > There could be a TL-DR bot that replies with a summary or even the full text, so an author can decide before posting in the target community whether to omit a shitty link and just post the content. > > --- > > (update) It’s worth noting that for Mastodon there an ad hoc tool. If you follow @mg@101010.pl, that bot will follow you back and analyze every URL you share for whether it is Cloudflared. If yes, it will DM you with alternative URLs. > > Note that the mitigator bot is quite loose it its judgement. If the host is not Cloudflared but another host on the same domain is Cloudflared, it is treated as a positive because it’s assumed that when you visit the host it will link to other hosts on the same domain.
Wish I could see it. www.onem.be seems to be dropping my packets.
The problem:
Most #fedi authors post links with no idea if the hosting server discriminates against people, or who. The consequence is that the fedi is muddied with references to exclusive venues that do not treat people equally, which wastes the time of readers who are impacted by discrimination. A variety of walled gardens pollute our threadiverse experience. So how can we remedy this?
Proposed fix:
Suppose we create a community and designate it as a testing area which welcomes bots. So e.g. I post something in the test community, and a bot that is paywall-aware replies yes or no whether the link is paywall-free. A bot that is Cloudflare-aware does the same. A regional bot, such as a bot in Poland can check that Polish IP addresses can reach the URL and make noise if the website blocks Poland. Etc. It need not be just bots.. someone in some oppressed region might manually attempt to visit links and report access problems. We would certainly like a bot in a GDPR region to test whether access is refused on the basis of a data controller’s unwillingness to respect GDPR rules. The OONI project could have a bot that reports anything interesting in their database.
There could also be anti-enshitification bots, which point out things like cookie walls.
There are bots that find better links to replace Cloudflare links. Those bots could help direct authors to better URLs to share.
There could be a TL-DR bot that replies with a summary or even the full text, so an author can decide before posting in the target community whether to omit a shitty link and just post the content.
---
(update) It’s worth noting that for Mastodon there an ad hoc tool. If you follow @mg@101010.pl, that bot will follow you back and analyze every URL you share for whether it is Cloudflared. If yes, it will DM you with alternative URLs.
Note that the mitigator bot is quite loose it its judgement. If the host is not Cloudflared but another host on the same domain is Cloudflared, it is treated as a positive because it’s assumed that when you visit the host it will link to other hosts on the same domain.
eclic.ro is an exclusive Cloudflare site just like change.org is. Exclusivity is obviously quite lousy for democracy. Better alternatives are here:
privacytools.io always was shit show even before the infighting. They put their own endorsement site on Cloudflare. Despite a collossal pile of dirt emerging on #Signal:
https://github.com/privacytools/privacytools.io/issues/779
PTIO continued endorsing Signal non-stop, refusing to disclose the issues. That was also before the breakup. Dirt was routinely exposed on PTIO endorsements and it never changed their endorsement nor did they reveal the findings on their website.
Now both factions are hypocrits just as they were when they were united. The original PTIO site is back to being Cloudflared (nothing like tossing people coming to you for privacy advice into the walled garden of one of the most harmful privacy offenders), and Privacy Guides has setup on a CF’d Lemmy node. The hypocrisy has no end with these people.
Interesting, but that does not help because Mint jails all their docs in Cloudflare.
Also worth noting that #Ubuntu and #Mint both moved substantial amounts of documentation into Cloudflare (the antithisis of the values swiso claims to support). I have been moving people off those platforms.
BTW, prism-break is a disasterous project too. You know they don’t have a clue when they moved their repo from Github.com to Gitlab.com, an access-restricted Cloudflare site. There are tens if not hundreds of decent forges to choose from and PRISM Break moved from the 2nd worst to the one that most defeats the purpose of their constitution.
It might be useful to find dirt on various tech at prism-break, but none of these sites can be trusted for endorsements.
The prism-break website is timing out for me right now. I would not be surprised if they were dropping Tor packets since they have a history of hypocrisy.
If you look in their bug tracker, it actually reveals that they ignore dirt that has been dug up on their suggestions.
As others have mentioned there is little in the way of justification for these suggestions, and while I happen to agree with plenty of them, I’d personally like to see more reasoning, if not to appease people that already have opinions then to help newer users understand their options.
Indeed. In fact it’s actually worse than you describe. Swiso witholds negative information. They don’t want to inform people. They want to steer people. For example, swiso’s endorsements for donation platforms have some quite serious problems:
https://codeberg.org/swiso/website/issues/141
swiso is also aware of the serious issues with Qwant and the serious issues with DuckDuckGo. Not only failing to remove them but also failing to inform. Qwant and DDG are both Microsoft syndicates!
(if anyone is interested, one of the most privacy-respecting search services is Ombrelo¹, which is largely unknown to the world because PTIO, swiso, and prism-break don’t do the job they claim to do)
And swiso is aware because that’s their bug tracker.
/cc @Imprint9816@lemmy.dbzer0.com
¹ https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/
There are a few good alternatives and swiso has been aware of them for ~4+ years:
People are often told if their data is published, they have no expectation of privacy. But I found an interesting gem in the EDPB Guidelines of 04/2019 which counters that to some degree:
> 59. Even in the event that personal data is made available publicly with the permission and understanding of a data subject, it does not mean that any other controller with access to the personal data may freely process it themselves for their own purposes – they must have their own legal basis.²⁰ > > ²⁰See Case of Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland no. 931/13.
IMO, that means #AI bots cannot exploit openly public data if it’s data that’s personal to a European or someone residing in Europe.
If you long-tap an image that someone sent, options are:
- share with…
- copy original URL
- delete image
The URL is not the local URL, it’s the network URL for fetching the image again. When you send outbound images, Snikket stores them in one place, but it’s nowhere near the place where it stores inbound images. I found it once after a lengthy hunt but did not take notes. I cannot find it now. I think it’s well buried somewhere. What a piece of shit.
wintermute announced this instance when it came into existence ~2 or so years ago. So they might be interested and might have some information about it.
Notice the cross-post. Funny how that works.. I did not cross-post this, but because I linked the URL to community.xmpp.net the cross-post link was autogenerated.
Self-hosting is a different scenario than the way most users reach the fedi. Self-hosters certainly have fewer reasons to have multiple accounts. But obviously the one unescapable reason is privacy. If all activity is under the same account, doxxing risk is pegged.
Another reason a self hoster would want multiple accts is followship. Someone might want to follow you because they love your French posts about oil painting, for example, but since you do everything with the same account they also have to see posts in English about politics, religion, phones, movies, etc, they may not want all the other noise. Compartmentalisation improves followship.
I’m just noticing this instance for the first time. Judging by the hostname, it’s a node that’s devoted to #XMPP chatter. But I cannot reach it. Getting timeouts from Tor. This could mean that they are down, or it could be that they block Tor in the rudest possible way (dropping packets).
To me, it’s a ghost node because I can reach a tiny cache of posts from !infosec@community.xmpp.net locally:
https://sopuli.xyz/c/infosec@community.xmpp.net
cc: @wintermute@feddit.de
cross-posted from: https://sopuli.xyz/post/13489053
> In the onion v2 days we had underwood2hj3pwd.onion
. There were half a dozen other onion email providers but Underwood was the only one that did not have a clearnet email alias (IIRC). That was a useful feature because you could distribute an onion address to a MS Outlook or Gmail user and they could not use it to share their correspondence to you with Google or MS in the loop. They had just two options: step off the ad surveillance platform or not contact you at all. That option died with Underwood.
>
> The other onion email services all have a clearnet translation. So if (for example) I give a gmail user this address:
>
> foo@yllvy3mhtamstbqzm4wucfwab57ap6zraxqvkjn2iobmrtxdsnb37dqd.onion
>
> and they are motivated to reach me, they can figure out that the corresponding clearnet alias is foo(/at/)onionmail.info
and then they can use that address to send me a msg that is then shared with their surveillance advertiser. And worse, that’s less effort for them than obtaining an onion email account.
>
> So what I do now is give an XMPP account. Since Google has abandoned jabber and MS never partook, XMPP avoids Google and MS. But XMPP is not a drop-in replacement for email. OMEMO is glitchy/buggy with pitfalls.
>
> I would like to offer an email option. Ideally, an onion email service would offer a clearnet alias that cannot be determined from the onion address, which implies a different userid string.
Young voters did this, ironically enough, according to BBC World News. Young people struggling to get jobs after graduation think that right wing parties will fix that.
So as older generations are trying not to hand-off a burning planet to the young, the young are signing up for a burning planet under some delusion that right wingers will get them jobs. Schools have apparently failed to teach kids that the jobs they get under conservative governance are shit jobs -- lousy pay and lousy benefits.
My god… “Consumer power” is a myth, there’s no evidence of it working for anything significant.
I guess you are not following Gaza. McDonalds in Israel decided to give free meals to Israeli soldiers. McDonalds customers who boycott Israel impacted McDonalds’ bottom line. And it’s a franchise. The McDonalds shops in Israel had different ownership than McDonalds outside Israel (where the boycott was impacting). So in response McDonalds HQ directly bought out all Israeli branches in order to stop the support to Israeli troops, just to protect their brand.
Lidl and Aldi both started taking a hit in Europe because their produce from Israel was being boycotted. Aldi got caught removing the origin label from their produce when Israel was the origin. Lidl got caught falsifying the label by displaying a different region. If the boycott was insignificant, there would be insufficient motivation for a grocery chain to commit fraud against their customers. So I boycott the whole Lidl chain and Aldi North, not just Israeli products.
Organize your workplace
Or boycott without organising, as this person did:
https://slrpnk.net/post/4687232
Here’s what does not work: not boycotting.
Boycotts only lack effect when in fact they are not executed. IOW, the apathy you advocate weakens the strength of boycotts. The shitty attitude that boycotts don’t work is the sole factor that disempowers boycotts from working.
Those who condemn centralised social media naturally block these nodes:
- #LemmyWorld
- #shItjustWorks
- #LemmyCA
- #programmingDev
- #LemmyOne
- #LemmEE
- #LemmyZip
The global timeline is the landing page on Mbin nodes. It’s swamped with posts from communities hosted in the above shitty centralised nodes, which break interoperability for all demographics that Cloudflare Inc. marginalises.
Mbin gives a way for users to block specific magazines (Lemmy communities), but no way to block a whole node. So users face this this very tedious task of blocking hundreds of magazines which is effectively like a game of whack-a-mole. Whenever someone else on the Mbin node subscribes to a CF/centralised node, the global timeline gets polluted with exclusive content and potentially many other users have to find the block button.
Secondary problem: (unblocking) My blocked list now contains hundreds of magazines spanning several pages. What if LemmEE decides one day to join the decentralised free world? I would likely want to stop blocking all communities on that node. But unblocking is also very tedious because you have to visit every blocked magazine and click “unblock”.
the fix --- ① Nix the global timeline. Lemmy also lacks whole-node blocking at the user level, but Lemmy avoids this problem by not even having a global timeline. Logged-in users see a timeline that’s populated only with communities they subscribe to.
«OR»
② Enable users to specify a list of nodes for which they want filtered out of their view of the global timeline.
onionmail POP3 server continues accepting creds after accounts are deleted
The “disobey”¹ onionmail server has been accepting my POP3 logins without issue for months/years. There has been “no new messages” for as long as I can remember and I have also not sent mail for a long time. Then I tried sending myself a message and I get “500 Mailbox full”. Yet my inbox is empty.
It’s quite disturbing because I have no idea when the admin apparently decided out of the blue to delete my account. It might have an automated removal, perhaps due to such sparse/rare traffic. But regardless, it makes it hard to trust any #onionmail server because they all run the same code. This same scenario occurred on another onionmail server as well.
Does anyone here use onionmail?
¹ a5dkbvgakon2lxmauleiizkv6i3s36wp6w3i32a3buc4xmtdnbttmryd.onion
While composing this post the Lemmy web client went to lunch. This is the classic behaviour of Lemmy when it has a problem. No error, just infinite spinner. After experimentation, it turns out that it tries to be smart but fails when treating URLs written with the gemini:// scheme.
(edit) It’s probably trying to visit the link for that convenience feature of pre-filling the title. If it does not recognise the scheme, it should just accept it without trying to be fancy. It likely screws up on other schemes as well, like dict, ftp, news, etc.
The workaround is to embed the #Gemini link in the body of the post.
The linked¹ #gemini article is the political platform of the French green party in Belguim w.r.t. digital rights. It was translated from French.
I’m overall impressed enough to vote for them. But I do have some concerns:
> “At the Belgian level, we propose to establish a legal guarantee of 5 years for new electronic devices.”
Yikes, waaay too short. Needs to be at least 10 years. But it helps that they advocate FOSS:
> “Generalize the ability to use free software on all devices to decrease software obsolescence.”
Though this statement is far too vague. If a maker of hardware with proprietary non-free software only gives 5 years of support, there needs to be a legal obligation that they port FOSS to the device at the end of the warranty. This is missing in the green party’s plan.
A lot of other things are missing in their plan, but generally their principles are sensible.
¹ (edit) actually it cannot be linked using the URL field due to a #LemmyBug. But at least it was linkable in the msg body.