• 1 Post
  • 26 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle

  • Here’s the heart of the not-so-obvious problem:

    Websites treat the Google crawler like a 1st class citizen. Paywalls give Google unpaid junk-free access. Then Google search results direct people to a website that treats humans differently (worse). So Google users are led to sites they cannot access. The heart of the problem is access inequality. Google effectively serves to refer people to sites that are not publicly accessible.

    I do not want to see search results I cannot access. Google cache was the equalizer that neutralizes that problem. Now that problem is back in our face.


  • From the article:

    “was meant for helping people access pages when way back, you often couldn’t depend on a page loading. These days, things have greatly improved. So, it was decided to retire it.” (emphasis added)

    Bullshit! The web gets increasingly enshitified and content is less accessible every day.

    For now, you can still build your own cache links even without the button, just by going to “https://webcache.googleusercontent.com/search?q=cache:” plus a website URL, or by typing “cache:” plus a URL into Google Search.

    You can also use 12ft.io.

    Cached links were great if the website was down or quickly changed, but they also gave some insight over the years about how the “Google Bot” web crawler views the web. … A lot of Google Bot details are shrouded in secrecy to hide from SEO spammers, but you could learn a lot by investigating what cached pages look like.

    Okay, so there’s a more plausible theory about the real reason for this move. Google may be trying to increase the secrecy of how its crawler functions.

    The pages aren’t necessarily rendered like how you would expect.

    More importantly, they don’t render the way authors expect. And that’s a fucking good thing! It’s how caching helps give us some escape from enshification. From the 12ft.io faq:

    “Prepend 12ft.io/ to the URL webpage, and we’ll try our best to remove the popups, ads, and other visual distractions.

    It also circumvents #paywalls. No doubt there must be legal pressure on Google from angry website owners who want to force their content to come with garbage.

    The death of cached sites will mean the Internet Archive has a larger burden of archiving and tracking changes on the world’s webpages.

    The possibly good news is that Google’s role shrinks a bit. Any Google shrinkage is a good outcome overall. But there is a concerning relationship between archive.org and Cloudflare. I depend heavily on archive.org largely because Cloudflare has broken ~25% of the web. The day #InternetArchive becomes Cloudflared itself, we’re fucked.

    We need several non-profits to archive the web in parallel redundancy with archive.org.




  • More fun to mention 11 “states” at a 5.1% uninsured cutoff, because number 11 is Peurto Rico – a US territory that you might expect to be less developed. Since people are forced to run javascript to see the list, I’ll copy it here up to the 6% point:

    1. Massachusetts
    2. District of Columbia
    3. Hawaii
    4. Vermont
    5. Iowa (what’s a red state doing here?)
    6. Rhode Island
    7. Minnesota
    8. New Hampshire
    9. Michigan
    10. New York
    11. Puerto Rico
    12. Connecticut
    13. Pennsylvania
    14. Wisconsin
    15. Kentucky (what’s a red state doing here?)
    16. Delaware
    17. Ohio (what’s a red state doing here? OH will worsen over time; to be fair they only recently became solidly red)
    18. West Virginia

    (22) California (6.5%… worse than we might expect for CA)

    (52) Texas ← ha! Of course Texass is last. 16.6% uninsured in the most notable red state showing us how to take care of people

    The general pattern is expected… the bottom of the list is mostly red states.




  • If you search, you’ll learn several privacy-abusing ways to do that via enshitified exclusive walled gardens which share the site you’re asking about with US tech giants and treat users of VPNs, Tor, and CGNAT with hostility.

    I only listed 2 bad ones (the 1st two) but when you search the first dozen results are shit. What could be more shitty than being directed to CAPTCHAs and other exclusive bullshit in the course of trying to troubleshoot a problem?

    Also, the community we’re in here is “nostupidquestions”.

    There’s also an onion one but I lost track of it.


  • I figured you were trolling but gave you the benefit of the doubt right up until you mentioned “all credit reporting agencies”, in Belgium. There are no credit bureaus in Belgium, only a central bank which (unlike US credit bureaus) is public sector and not interested in grabbing data for profit, or in obtaining any data it’s not legally required to obtain.

    Nice try though.

    But FYI, your assumption would be wrong even in the US as well. Request your credit report from whichever credit bureau you believe is buying location data from your mobile phone provider. Notice the realtime location data is not on that report. Then go to your local small claims court and spend ~$100 to open a lawsuit against them for $1k (+~100 in court costs). Bring to court proof that they acquired your realtime CDMA/GSM location data, a copy of your credit report showing it’s not there, and a copy of the federal law requiring that consumer credit reports are complete when sent to the subject of the report (yourself). It might be the easiest $1k you’ve earned. You don’t have to prove actual damages either because the statute specifies $1k per violation. If you can catch all three credit bureaus doing what you claim, that’s an easy $3k. You can even hit all 3 in one case. Good luck!

    BTW, I don’t put much stock into what you’re saying at this point but I am curious about the claim that phone providers are sharing sensitive personal info with Visa and Mastercard. Cardholders are just a number to visa & mc. Visa & MC do not even typically know the names of card holders. Exceptionally, if you buy airfare using a credit card, then the airline reveals the name of the passenger to the credit card company. Though to store that name as the account holder is ad hoc because they would have to make the assumption that the passenger and the buyer are the same person.




  • It’s more about ethics than security. I’m an ethical consumer, which means I will not patronize unethical companies. Feeding data to Google is as good as feeding money to Google. Google is part of the fossil fuel industry (they are in partnership with Totaal oil and use AI to help Totaal find places to drill for oil). My objection to Google collecting data on me is less about cyberattack and more about not supporting a harmful force in the world.

    I’m also ethically opposed closed-source software because I think it misplaces power. The worst kind of misplacement of power is to give it to tech giants who abuse their power and use it against consumers.

    I’m also ethically opposed to software designs that make phones disposable and force the disposal of perfectly good hardware. I’ll buy a smartphone after that problem is fixed. #RightToRepair is still insufficient. There needs to be a rule that the moment a phone maker decides to stop supporting a device, they must do whatever necessary to ensure the platform (kernel + drivers + gui) are FOSS at that point of dropped support. I’ll wait for it. I can hold out as long as needed.

    W.r.t. paranoia, street wise people and those with some infosec background always seem “paranoid” to normal people. And to us, normal people are cavalier because they needlessly share information without applying the rule of least privilege. Privilege should only be granted on an as-needed basis and that includes access to information. It’s unreasonable for banks to snoop on people arbitrarily without a warrant. It’s not just that the banks abuse the info, but the overcollection exposes everyone to exfiltration by criminals. That’s not fiction - it has happened. (Captial One via Amazon contractor, Equifax, several other banks including a bank breach I recently detected but have not reported yet). I have already been the victim of multiple data breaches even with some diligence to not be completely reckless.

    Trusting banks with sensitive info is the least of the problems I describe & possibly not a show-stopper in itself. But taking everything together I remain baffled at the zombie masses endorsing & supporting all of it. A basic information security class should perhaps become part of the mandatory secondary school cirriculums at this point.



  • Banks are gradually removing features from their websites in a progression toward complete elimination of the website. Some banks have already taken that step. They impose an app whilst also closing their over-the-counter service.

    Unlike the US, 1-factor authentication by banks is illegal in Belgium. So for web access banks typically hand out devices for 2FA. Some banks avoid that cost by imposing a smartphone app in lieu of a card reader or RSA token (BYO smartphone).

    There are many problems with bank apps in Belgium:

    1. You must buy smartphone hardware (the apps detect when they are executed inside a virtual machine & deny service [tested with Ing’s app])
    2. You must patronize a surveillance capitalist (create a Google or Apple account)
      2.1. You must subscribe to mobile phone service in order to satisfy Google’s unreasonable demand for a mobile phone number as a precondition to obtaining an account
      2.2. You must trust Google with your mobile phone number, IMEI number, and inventory of apps & versions you download (thus a reconnaissance risk)
      2.3. When Google records your place of banking, you must trust Google not to share that info (with debt collectors, for example)
    3. All bank apps in Belgium are closed-source, so you must trust the apps not to carry spyware and to work in your interests
      3.1. The bank’s privacy policies are written to allow your realtime location to be tracked via the app.
    4. You must chronically upgrade your hardware every few years because the bank apps are upgraded with reckless disregard to the lockstep-coupling of hardware to software on all phone platforms that are supported by Belgian banks. You cannot run a VM to prevent irresponsible electronic waste (see point 1)

    The #GDPR possibly (and only symbolically¹) protects from some of that, such as Google sharing your place of banking with debt collectors. But the GDPR does not prevent criminal exfiltration of data that cavalier consumers trustingly agree to the collection of.

    Footnotes:

    1. I say “symbolically” because consumers only have two pathways for remedy under the GDPR: article 77 & direct lawsuit. Article 77 has no teeth. When the DPA ignores/mothballs an art.77 complaint, there is no mechanism for action against the DPA. So DPAs are largely neglecting to treat art.77 reports. That leaves direct lawsuits. The EU has decided that GDPR plaintiffs are not entitled to compensation for legal fees. So that kills that option. You can get a symbolic win in court but you still lose because lawsuits are costly and the damages you can prove are negligable. So the GDPR boils down to an honor system.



  • It’s not just about money. It’s a labor burden and a privacy intrusion. And even if iceblade02 could renounce for free, they then must carry the renounciation cert for the rest of their life and show it to every bank they deal with and hope that no data entry errors trigger data oversharing anyway.

    They must renounce to get their human rights back. Because without renouncing, they lose their human right to non-discriminatory treatment on the basis of national origin (article 1 of the Universal Declaration of Human Rights).

    But back to money, that annual tax filing accidental Americans must file costs them $300+/year – accountants do not work for free. It’s effectively a tax on the poor.




  • You seem unaware of the population of accidental Americans. When a Dutch couple gives birth on US soil before returning to Europe, that child automatically a birthright citizen of the US. They can grow up having never set foot in the US (apart from birth), and for the rest of their life they have a legal obligation to file US tax and declare to the US all their Dutch income & bank accounts even if they are below that $120,000 line. They also get targeted for discrimination along with all other Americans by banks who don’t accept Americans (even if they are also Dutch). They have to pay a US accountant upwards of $300/year for the rest of their life just to file that zero.

    It’s also worth noting that an income of $120k goes much further in the US than it does in Europe (where they might be living).

    So obviously a lot of accidental Americans have become motivated to renounce. But if they already own a home, you can see the problem. I would not say owning a home makes someone “rich”. They still need to work to eat and to maintain the home.