• 3 Posts
  • 8 Comments
Joined 5 years ago
cake
Cake day: November 13th, 2019

help-circle


  • NB: Can’t believe I had to register here with an e-mail address to comment about privacy…

    Supplying an email address on Lemmy used to be optional. Has that changed?

    Problem I have with searx is it does no regional searches at all

    I think that’s determined by the searx instance. Some instances let you choose your UI language, as well as the results language. You can also do “site:de” if you want to search *.de sites for example.

    I notice that DDG does allow users to set their search method to POST requests and support redirects to prevent search leakage.

    Why would POST prevent leakage? As long as the site is HTTPS, the query is encrypted regardless of whether it’s HTTPPOST or HTTPGET.


  • The fact that there is no mandatory phone reg. puts Session above Signal. But Session is still very dicey:

    • www.getsession.org is a CloudFlare site, which indicates that the staff on that project lack some basic knowledge about privacy - or they just don’t care. (note that Signal also uses CloudFlare)
    • the developers have some kind of alt-right tendencies: https://chaos.social/@laufi/103825791713996438 The problem is not just ethical but conservatives inherently do not value privacy. They value money very much. This is a bad combination for a platform that wants to be privacy-centric.
    • they put a lot of energy into having a professional appearance. This is consistent with corporations with profit-driven intentions and atypical of charitible free software projects. Their org chart has everyone’s photo (not characteristic of privacy advocates) and every single means of contact of every staff member is through Microsoft or Twitter.
    • website has links to privacy abusers (Facebook, MS Github, Twitter) and not a single link to any social networking service that self-respecting privacy proponents can use.
    • their email address traverses Google’s servers and has no PGP key.
    • their project is managed on Microsoft Github.

    BTW @AgreeableLandscape, itsfoss.com is not a good site to publicize; it’s also jailed in CloudFlare walled garden (thus calling into question the extent to which that site genuinely respects freedom).

    The only useful effect of Session is that it serves as a PR jab at Signal for requiring phones. And if it helps divide or shrink the Signal community that’s a good thing.






  • I should also mention a couple tests that would be quite useful in the search engine comparison:

    • count of CloudFlare links. CloudFlare results are useless pollution to Tor users and to everyone else CloudFlare links are privacy abusing. DDG is insanely overrated for privacy. One of the problems with DDG is a high number of privacy-abusing CloudFlare links getting high ranking results. Whereas Mojeek seems to have relatively few CloudFlare results. This is a purely anecdotal observation, however.

    • there are rumors that DDG results are consistent on a per IP address basis, but differing from one IP to another. This ultimately suggests that DDG analytics have manifested into a filter bubble – contrary to the users’ expectations.

    So it would be useful to test for presence of a filter bubble, and also to measure CloudFlare exposure. If you agree, then consider the importance of rank: a link is twice as likely to be clicked than the link that immediately follows it. So a measure of CloudFlare exposure should weigh the top results accordingly.



  • “Free software” that forces execution of non-free software isn’t really free. (see paragraph “2” below)

    There is nothing particularly wrong with the gitlab software, but that software must be hosted and configured and there are copious ethical problems with the gitlab.com service that the OP suggested:

    • Sexist treatment toward saleswomen who are told to wear dresses, heels, etc.
    • Hosted by Google.
    • Proxied through privacy abuser CloudFlare.
    • tracking
    • Hostile treatment of Tor users trying to register.
    • Hostile treatment of new users who attempt to register with a @spamgourmet.com forwarding email address to track spam and to protect their more sensitive internal email address.
    • Hostile treatment of Tor users after they’ve established an account and have proven to be a non-spammer.

    Regarding the last bullet, I was simply trying to edit an existing message that I already posted and was forced to solve a CAPTCHA (attached). There are several problems with this:

    • CAPTCHAs break robots and robots are not necessarily malicious. E.g. I could have had a robot correcting a widespread misspelling error in all my posts.
    • CAPTCHAs put humans to work for machines when it is machines that should work for humans.
    • CAPTCHAs are defeated. Spammers find it economical to use third-world sweat shop labor for CAPTCHAs while legitimate users have this burden of broken CAPTCHAs.
    • The reCAPTCHA puzzle requires a connection to Google
      1. Google’s reCAPTCHAs compromise security as a consequence of surveillance capitalism that entails collection of IP address, browser print.
        • anonymity is compromised.
        • (speculative) could Google push malicious j/s that intercepts user registration information?
      2. Users are forced to execute non-free javascript (recaptcha/api.js).
      3. The reCAPTCHA requires a GUI, thus denying service to users of text-based clients.
      4. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. PRISM corp Google Inc. benefits financially from the puzzle solving work, giving Google an opportunity to collect data, abuse it, and profit from it. E.g. Google can track which of their logged-in users are visiting the page presenting the CAPTCHA.
      5. The reCAPTCHAs are often broken. This amounts to a denial of service. gitlab_google_recaptcha
        • E.g.1: the CAPTCHA server itself refuses to give the puzzle saying there is too much activity.
        • E.g.2: ccha
      6. The CAPTCHAs are often unsolvable.
        • E.g.1: the CAPTCHA puzzle is broken by ambiguity (is one pixel in a grid cell of a pole holding a street sign considered a street sign?)
        • E.g.2: the puzzle is expressed in a language the viewer doesn’t understand.
      7. (note: for a brief moment gitlab.com switched to hCAPTCHA by Intuition Machines, Inc. but now they’re back to Google’s reCAPTCHA)
      8. Network neutrality abuse: there is an access inequality whereby users logged into Google accounts are given more favorable treatment the CAPTCHA (but then they take on more privacy abuse). Tor users are given extra harsh treatment.