Skip Navigation
InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)DI
dirtfindr @lemmy.ml
Posts 9
Comments 2
DuckDuckGo's privacy abuses-- current, historic, and by proxy
  • NB: Can’t believe I had to register here with an e-mail address to comment about privacy…

    Supplying an email address on Lemmy used to be optional. Has that changed?

    Problem I have with searx is it does no regional searches at all

    I think that's determined by the searx instance. Some instances let you choose your UI language, as well as the results language. You can also do "site:de" if you want to search *.de sites for example.

    I notice that DDG does allow users to set their search method to POST requests and support redirects to prevent search leakage.

    Why would POST prevent leakage? As long as the site is HTTPS, the query is encrypted regardless of whether it's HTTPPOST or HTTPGET.

  • Session: A Private Messenger That Doesn't Need Phone Number
  • The fact that there is no mandatory phone reg. puts Session above Signal. But Session is still very dicey:

    • www.getsession.org is a CloudFlare site, which indicates that the staff on that project lack some basic knowledge about privacy - or they just don't care. (note that Signal also uses CloudFlare)
    • the developers have some kind of alt-right tendencies: https://chaos.social/@laufi/103825791713996438 The problem is not just ethical but conservatives inherently do not value privacy. They value money very much. This is a bad combination for a platform that wants to be privacy-centric.
    • they put a lot of energy into having a professional appearance. This is consistent with corporations with profit-driven intentions and atypical of charitible free software projects. Their org chart has everyone's photo (not characteristic of privacy advocates) and every single means of contact of every staff member is through Microsoft or Twitter.
    • website has links to privacy abusers (Facebook, MS Github, Twitter) and not a single link to any social networking service that self-respecting privacy proponents can use.
    • their email address traverses Google's servers and has no PGP key.
    • their project is managed on Microsoft Github.

    BTW @AgreeableLandscape, itsfoss.com is not a good site to publicize; it's also jailed in CloudFlare walled garden (thus calling into question the extent to which that site genuinely respects freedom).

    The only useful effect of Session is that it serves as a PR jab at Signal for requiring phones. And if it helps divide or shrink the Signal community that's a good thing.

  • See how Qwant (a "privacy respecting" search engine) treats Tor users

    Qwant sometimes hits Tor users with this puzzle after they submit a query. Then after solving the puzzle, they're brought back to an empty form so they must re-type their query.

    17

    DuckDuckGo's privacy abuses-- current, historic, and by proxy

    There are substantial privacy and civil liberty issues with DuckDuckGo. Here they are spot-lighted:

    • Nefarious History of DDG founder & CEO:
      • DDG's founder (Gabriel Weinberg) has a history of privacy abuse, starting with his founding of Names DB, a surveillance capitalist service designed to coerce naive users to submit sensitive information about their friends. (2006)
      • Weinberg's motivation for creating DDG was not actually to "spread privacy"; it was to create something big, something that would compete with big players. As a privacy abuser during the conception of DDG (Names Database), Weinberg sought to become a big-name legacy. Privacy is Weinberg's means (not ends) in that endeavor. Clearly he doesn't value privacy -- he values perception of privacy.
    • Direct Privacy Abuse:
      • DDG was caught violating its own privacy policy by issuing tracker cookies.
      • DDG's app sends every URL you visit to DDG servers. (reaction).
      • DDG is currently collecting users' operating systems and everything they highlight in the search results. (to verify this, simply hit F12 in your browser and select the "network" tab. Do a search with javascript enabled. Highlight some text on the screen. Mouseover the traffic rows and see that your highlighted text, operating system, and other details relating to geolocation are sent to DDG. Then change the query and submit. Notice that the previous query is being transmitted with the new query to link the queries together)
      • DDG is accused of fingerprinting users' browsers.
      • When clicking an ad on the DDG results page, all data available in your session is sent to the advertiser, which is why the Epic browser project refuses to set DDG as the default browser.
      • DDG blacklisted Framabee, a search engine for the highly respected framasoft.org consortium.
    • Censorship: Some people replace Google with DDG in order to avoid censorship. DDG is not the answer.
      • DDG is complying with the "celebrity threesome injunction".
    • CloudFlare: DDG promotes one of the largest privacy abusing tech giants and adversary to the Tor community: CloudFlare Inc. DDG results give high rankings to CloudFlare sites, which consequently compromises privacy, net neutrality, and anonymity:
      • Anonymity: CloudFlare DoS attacks Tor users, causing substantial damage to the Tor network.
      • Privacy: All CloudFlare sites are surreptitiously MitM'd by design.
      • Net neutrality: CloudFlare's attack on Tor users causes access inequality, the centerpiece to net neutrality.
      • DDG T-shirts are sold using a CloudFlare site, thus surreptitiously sharing all order information (name, address, credit card, etc) with CloudFlare despite their statement at the bottom of the page saying "DuckDuckGo is an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs." (2019)
      • DDG hired CloudFlare to host spreadprivacy.com (2019)
    • Harmful Partnerships with Adversaries of Privacy Seekers:
      • DDG patronizes privacy-abuser Amazon, using AWS for hosting.
        • Amazon is making an astronomical investment in facial recognition which will destroy physical travel privacy worldwide.
        • Amazon uses Ring and Alexa to surveil neighborhoods and the inside of homes.
        • Amazon paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
        • Amazon runs sweat shops, invests in climate denial, etc.. the list of non-privacy related harms is too long to list here.
      • DDG feeds privacy-abuser Microsoft by patronizing the Bing API for search results and uses Outlook email service.
        • Microsoft Office products violate the GDPR (the Dutch government discovered numerous violations)
        • Microsoft finances AnyVision to equip the Israeli military with facial recognition to be used against the Palestinians who they oppress.
        • Microsoft paid $195k to fight privacy in CA. (also see http://cal-access.sos.ca.gov/Campaign/Committees/Detail.aspx?id=1401518&view=late1)
        • DDG hires Microsoft for email service: torsocks dig @8.8.8.8 mx duckduckgo.com +tcp | grep -E '^\w' ==> "...duckduckgo-com.mail.protection.outlook.com"
      • DDG is partnered with Yahoo (aka Oath; plus Verizon and AOL by extension). DDG helps Yahoo profit by patronizing Yahoo's API for search results, and also through advertising. The Verizon corporate conglomerate is evil in many ways:
        • Yahoo, Verizon, and AOL all supported CISPA (unwarranted surveillance bills)
        • Yahoo, Verizon, and AOL all use DNSBLs to block individuals from running their own mail servers, thus forcing an over-share of e-mail metadata with a relay.
        • Verizon and AOL both drug test their employees, thus intruding on their privacy outside of the workplace.
        • Verizon supports the TTP treaty.
        • Yahoo voluntarily ratted out a human rights journalist (Shi Tao) to the Chinese gov w/out warrant, leading to his incarceration.
        • Yahoo recently recovered "deleted" e-mail to convict a criminal. The deleted e-mail was not expected to be recoverable per the Yahoo Privacy Policy.
        • Verizon received $16.8 billion in Trump tax breaks, then immediately laid off thousands of workers.
        • (2014) Verizon fined $7.4 million for violating customers’ privacy
        • (2016) Verizon fined $1.35 million for violating customers’ privacy
        • (2018) Verizon paid $200k to fight privacy in CA. See also this page
        • (2018) Verizon caught taking voice prints?
        • more dirt (scroll down to Verizon)
        • (2016) Yahoo caught surreptitiously monitoring Yahoo Mail messages for the NSA.
    • Advertising Abuses & Corruption:
      • DDG consumed a room at FOSDEM 2018 to deliver a sales pitch despite its proprietary non-free server code, then dashed out without taking questions. Shame on FOSDEM organizers for allowing this corrupt abuse of precious resources.
      • Tor Project accepted a $25k "contribution" (read: bribe) from DDG, so you'll find that DDG problems are down-played. This is why Tor Browser defaults to using DDG and why Tor Project endorses DDG over Ss -- and against the interests of the privacy-seeking Tor community. The EFF also pimps DDG -- a likely consequence of EFF's close ties to Tor Project.

    For the record, this is how Tor Project responds to criticism about their loyalty toward DuckDuckGo (their benefactor) in IRC:

    > 18:20 < psychil> if torbrowser is going to be recommended, it should also be open to scrutiny. in the absence of that transparency, you create an untrustworthy forum.

    > 18:20 < psychil> we've seen a loyalty from TB toward duckduckgo, but DDG is in partnership with Verizon, Yahoo, AOL et. al.

    > 18:21 < psychil> all CISPA-sponsoring companies

    > 18:22 < psychil> if ppl choose to trust them fair enough, but this trust shouldn't be pushed on every user weighing their choice of browsers

    > 18:26 -!- mode/#tor [-b psychil@!@*] by ChanServ

    > 18:27 < YY_Bozhinsky> psychil: i am using Tor (thanks to Tor Devs)... PLUS brain - good bundle. I am happy. And please, don't rush to change Reality (do it slowly with love and respect). Because it's home for many ppl. They construct their lives in it. Think twice before ruining that. Please.

    > 18:27 -!- mode/#tor [+b psychil!@] by ChanServ

    > 18:27 -!- psychil was kicked from #tor by ChanServ [wont stop the FUD]

    Indeed, Tor Project is notoriously fast to censor any discourse (no matter how civil) when it supports a narrative that doesn't align with their view / propaganda.

    28
    Censorship on Reddit @lemmy.ml dirtfindr @lemmy.ml

    (censored in r/enviroaction) Tell Yang his campaign t-shirt is a bad idea

    This is why people should abandon Reddit in favor of Lemmy. This post exposes the rampant Reddit censorship problem. The following posts are an example of civil on topic rule-conforming posts that were censored in r/enviroaction without cause.

    -----

    In response to this post, I wrote the following (which was censored):

    >> So just a note, all cotton is organic: C6H5O9 > > Either you're attempting equivocation, or perhaps you're unaware of sustainable cotton which has taken the name "organic cotton". ("at present, approximately 0.51% of global cotton production is organic.") > > But thanks for mentioning Amazon's packaging waste.. I overlooked that.

    In response to this post, I wrote the following (which was censored):

    > I was actually half tempted to criticize Amazon for using FedEx. > > FedEx is an NRA-supporting ALEC member, so using FedEx supports climate denial (among other evils). FedEx also ships shark fins, hunting trophies, and slave dolphins. So the toll on the environment by FedEx is quite extensive (while they advertise with claims to have a low carbon footprint to capture business from uninformed but pro-environment consumers). > > UPS is also an ALEC member but not as harmful as FedEx. > > USPS is slightly evil for blocking Tor. But in the big scheme of things any alternative to FedEx and UPS at least avoids the worst of them.

    Can anyone cite a legitimate reason to censor these posts under r/enviroaction rules?

    0
    Boeing @lemmy.ml dirtfindr @lemmy.ml

    Rationale for boycotting Boeing

    0
    Censorship on Reddit @lemmy.ml dirtfindr @lemmy.ml

    (censored in r/banking) Any banks email images of cleared checks?

    In response to this comment, I wrote:

    > It is not a security problem. It's actually more secure to send data via PGP-encrypted email than HTTPS (which can be MitMd). > > I believe the problem is that not enough people are PGP capable to be interesting enough for banks to take the risk of doing something different. US banks are extremely risk averse. There are a couple banks outside the US that send PGP email but they don't deal with checks.

    -----

    That comment was censored.

    0
    Censorship on Reddit @lemmy.ml dirtfindr @lemmy.ml

    (censored in r/CrappyDesign2) Political campaign t-shirt for a progressive party is made with...

    This original post in r/CrappyDesign2 was not censored, but the following two comments in that thread were censored:

    -----

    In response to this comment, I wrote:

    >> In terms of products we need to minimize to save the earth, pretty sure "Shirts" are waaaaaaay down the list. > > The Extinction Rebellion movement has copyrighted their logo so that they can declare: > >"We do not endorse or create any merchandise and we will pursue and prosecute anyone who does." > > And rightly so. Eco-activists quite rightly oppose the foolish production of unneeded clothing that outlasts its useful purpose - even when it promotes their own agenda. Hopefully they sue these scumbags who are not only making XR clothes but they're also doing so with unsustainable material. > > By comparison, the XR movement will long outlive the absurdly short Yang 2020 campaign. > > You imply that there's a triage, whereby sensible clothing design is somehow in competition with other climate actions. It's nonsense. Did Yang save enough time on his shirt design to do something more important for climate change? What more important activity will not be accomplished if clothing is designed to be sustainable? > >> Even the shirts made congratulating super bowl losers get used somewhere. > > Those are slightly less ridiculous because the intent is for them to be appreciated /after/ the event -- unlike a POTUS campaign involving ~20 candidates, 19 of whom won't make it to the general election.

    In response to this comment, I wrote:

    > The design flaw is actually orthogonal to political bias. The problem is the political ideology of the politician is misaligned with the design, thus making the design unfit for purpose. > > If this shirt were a Trump shirt, there would actually be no problem with the design as there would be no conflict of interest (the orange guy is a climate denier). > > The design flaws are objectively evident regardless of our personal political leans.

    -----

    I believe those posts were civil, and in fact more civil than the uncensored posts they are replying to.

    0
    Censorship on Reddit @lemmy.ml dirtfindr @lemmy.ml

    (censored in r/Brussels) How Argenta (a "family" bank) contributes to family separation at US-Mexico

    This graphic (linked by the title) was censored in r/Brussels. The moderator alleges that wrongdoing of Argenta bank is irrelevant to r/Brussels. It's a bogus claim because Argenta has several branches in Brussels. This moderator has a history of generally opposing activism, yet fails to create a rule against politics or activism. So he's enforcing rules that do not exist to control the dialog and bias the narrative to fit into his world views.

    In that thread, a number of posts were removed, all civil and answering questions.

    In response to this post, I wrote:

    > I assume the source you're after is the Argenta-JPM ties. It's in the fine print of their pension plans, and also here: > > https://www.argenta.be/content/dam/argenta/documenten/beleggen/fondsen/arvestar/Subcustodians%20overzicht.pdf > > Argenta does not give pensioners a choice of investments. Opening a pension account at Argenta automatically entails opening it at JP Morgan with no way to opt-out. Investors should be informed where their money goes. > > If you need a source on any other relationship in the chart let me know. It's all easy to find public info.

    In response to this post, I wrote:

    > The chart is my own original work. This thread is the first publication of it. So far it's the sole publication of it. I created that after reading these articles: > > * https://www.dailykos.com/stories/2019/3/11/1841225/-Big-banks-back-away-from-Trump-s-immigration-policies-but-tech-giants-are-still-on-board > * https://boingboing.net/2018/04/20/something-something-invisible.html > * https://www.bloomberg.com/features/2018-palantir-peter-thiel/ > * https://www.businessinsider.nl/security-pro-at-jpmorgan-spied-on-employees-using-palantir-2018-4?international=true&r=US > * https://www.politicususa.com/2018/03/28/peter-thiel-company-helped-cambridge-analytica-steal-facebook-data.html > > I already knew some of the data so let me know if you need a source for anything specifically not covered by those articles and i'll dig it up.

    In response to this post, I wrote:

    > Argenta has several branches in Brussels.

    In response to this post, I wrote:

    >> You mean, how JP Morgan contributes to family separation? > > I mean Argenta Bank contributes to family separation by way of all entities in the supply chain, including JP Morgan. > >> Most banks have services that are dependent on JP Morgan directly for example for cross border payment) or for example with settlement of financial products. > > Apart from the bandwagon fallacy (one bank's evil justifies another), most banks give investors an election on where to direct funding. Argenta does not. Argenta's CEO has JP Morgan ties and Argenta also buries JPMs involvement in fine print that only the most diligent pensioners bother to read. > > It's also unclear why you would consider Argenta's voluntary participation in JP Morgan investments somehow justified by JP Morgan's SWIFT membership for cross-border payments. There are 6 US banks capable of IBAN transfers, and it's the recipients of those transfers who control that. Of course it makes no sense to hold banks accountable for transactions outside of their control.

    -----

    All of the replies above were censored by u/octave1. I believe they were civil and relatively unemotional.

    0
    Censorship on Reddit @lemmy.ml dirtfindr @lemmy.ml

    (censored in r/Boycott_Boeing) "How to Boycott Boeing"

    The following was posted in r/Boycott_Boeing with the title "How to Boycott Boeing", which was censored, ironically. The moderator, who has his own post showing ways to avoid Boeing, is strangely intent on suppressing methods of boycotting other than his own.

    -----

    Suppose you want to boycott Boeing. A Boeing aircraft is probably not on your shopping list, so you can't simply scratch Boeing off your shopping list as easily as you can with a company like Dell, for example. But there are some things you can do to reduce money that ultimately feeds Boeing.

    Boeing has a duopoly with Airbus (detailed on wikipedia).

    Most airlines own both Boeing and Airbus products, so it would be impractical to extend the boycott to all airlines that have Boeings in their inventory. But there is a bias. Some airlines have a strong majority of Boeings in their fleet compared to Airbus. Here is a sampling of some of the large carriers:

    | Airline | Active Boeing assets (%) | Notes | |--|--|--| | Aer Lingus | 7.8% (4/51) | source | | Air Berlin | 0.0% (0/84) | source | | Air Canada | 36.9% (62/168) | source | | Air China | 51.7% (200/387) | source | | Air France | 31.6% (71/225) | source | | Alitalia | 9.8% (10/102) | source | | American Airlines | 48.7% (452/928) | source | | British Airways | 47.0% (126/268) | source | | China Eastern Airlines | 3.7% (16/428) | source | | Delta | 57.0% (479/840) | source | | Finnair | 0.0% (0/47) | source | | Iberia | 0.0% (0/78) | source | | Japan Airlines |100.0% (163/163) | source | | KLM | 88.8% (103/116) | source | | Korean Air | 75.3% (119/158) | source | | Lufthansa | 13.7% (37/271) | source | | Swiss Global Air Lines | 33.3% (6/18) | source | | United Airlines | 78.6% (578/735) | source | | Virgin Atlantic | 56.8% (21/37) | source |

    I recommend boycotting airlines with a Boeing inventory over ~40%. In addition to avoiding Boeing-dominant airlines, it's also a good idea to exclude flights on Boeing aircraft from your air travel search. Here's how:

    1. Go to itasoftware.com
    2. Fill out the search form as you normally would
    3. Click on "Advanced routing codes", and noticed that a new box appears to enter outbound and return routing codes.
    4. In all the advanced routing codes boxes, paste this:

    /-aircraft t:703 t:707 t:70F t:70M t:717 t:721 t:722 t:727 t:72B t:72C t:72F t:72M t:72S t:72X t:72Y t:731 t:732 t:733 t:734 t:735 t:736 t:737 t:738 t:739 t:73C t:73F t:73G t:73H t:73J t:73M t:73W t:73X t:73Y t:741 t:742 t:743 t:744 t:747 t:74C t:74D t:74E t:74F t:74H t:74J t:74L t:74M t:74N t:74R t:74T t:74U t:74V t:74X t:74Y t:752 t:753 t:757 t:75F t:75M t:75T t:75W t:762 t:763 t:764 t:767 t:76F t:76W t:76X t:76Y t:772 t:773 t:777 t:77F t:77L t:77W t:788 t:789 t:B72

    That will exclude all flights that make use of a Boeing aircraft from the search results. Why is that a good idea? A pilot is either a Boeing pilot or an Airbus pilot. Rarely is a pilot trained in both. Riding on a Boeing aircraft feeds Boeing pilots, who exclusively cator for Boeing products.

    Commandline nerds who want to know how to derive that syntax may want to run this:

    $ lynx -dump -nolist https://www.flugzeuginfo.net/table_accodes_iata_en.php | awk 'BEGIN{ORS=" ";} tolower($0) ~ /boeing/{print "t:"$1}'

    Don't forget to prefix the /-aircraft .

    Why boycott Boeing and General Electric? ========================================

    See the rationale chart.

    Boeing has made a deal with General Electric to ensure that some Boeing aircraft can only be fitted with GE engines. It turns out that General Electric (a former ALEC member) is itself very boycott-worthy anyway because it's involved with the same evils as Boeing. Also note that Airbus does not contribute to any of the problems in the rationale chart. It will not be immediately obvious to everyone why drug testing is such a bad idea. I suggest this article for more detail.

    0
    Censorship on Reddit @lemmy.ml dirtfindr @lemmy.ml

    censored in r/unpopularopinion, then by r/boycott_boeing, followed by r/censorship_uncensored

    In response to this post by u/Poison1990 in r/unpopularopinion, I wrote:

    > +1 for humor. But in all seriousness, it is possible for travelers to boycott Boeing. See the How to Boycott Boeing article.

    In response to this post, I wrote:

    > Rationale for boycotting Boeing (for me) is all the right-wing policy it supports financially as well as the politicians it backs." > > If only we get them to make planes without a right wing ;)

    In response to this post, I wrote:

    > Climate change is a scientific theory. The climate denial propaganda is to spin climate change as "just a theory" in hopes that most people are not knowledgeable enough to know the difference between a scientific theory and a "theory" in laypersons terms -- effectively making climate change sound as if someone is wildly guessing. > > A scientific theory is very well supported by evidence from a significant collection of supported hypothesis and not even close to mere guesswork -- and guesswork cannot be passed off as a "scientific theory". Darwin's theory of evolution is also a scientific theory. Would you also regard the theory of evolution as "propaganda"? > > So no, you cannot "both sides" this. Propaganda is on one side; science is on the other."

    When viewed from a logged-out browser, the above three comments are reported "missing". I personally and exclusively can still see them when logged in. It's a bit insideous that this censorship occured in r/unpopularopinion, where we expect to be able to express these sort of ideas in a civil manner. The third post was censored mid-conversation with u/arewetodayman, which is quite disruptive as Reddit has effectively interefered with a conversation between two people.

    You would think a forum meant to accommodate "unpopular opinions" would not suppress a civil boycott on Boeing, but a moderator there is censoring posts critical of Boeing.

    I posted a comment similar to the censorship summary above in r/Boycott\_Boeing, and was appalled that they censored this post (like cops, Reddit moderators side with each other regardless of integrity). Then I posted the same summary message to r/censorship\_uncensored and was censored there. The moderator (u/nonpushoverconsumer) said they did not (and would not) censor that post. So the 3rd instance was censored by a robot.

    0