This method of Cloudflare would never be used in a site that takes credit card data, for example. That would violate the PCI rules that protect credit card data.

I took a moment to look briefly into this. PCI is not a legal compliance. It’s contractual. Merchants violate their agreement with visa/mc all the time and it tends to go unenforced.

So the next question is whether using Cloudflare’s gratis service (thus the 1st and last diagram in your post) is PCI compliant. Having read the nerdwallet link and this link:

https://listings.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf

letting Cloudflare see card № and CVV code seems to be PCI compliant. If the 1st diagram is in play (which is unlikely), that would be non-compliant. But in most cases there will be a CF→origin tunnel (the last diagram which is incorrectly X’d out). The rules are quite loose. E.g.:

Do ensure that third parties who process your customers’ payment cards comply with PCI DSS, PED and/or PA-DSS as applicable. Have clear access and password protection policies

So 3rd parties are allowed to see the data. Those other standards appear to deal with data at rest not in transit, IIUC. From nerdwallet:

4. Encrypt cardholder data when transmitting it across open, public networks. Among other things, don’t send unprotected account numbers via messaging technology. This includes email, instant messaging, text and chat.

When the tunnel terminates at Cloudflare’s server, the supplier just has to treat CF as a 3rd party who complies with PCI DSS, PED and/or PA-DSS.

In the event of disaster, law is out of the picture and all you have is finger pointing between two sides a slippery sloppy worded private contract. PCI does not seem to have any real unambiguous force in the case of Cloudflare’s most common config.

My astonishing claims?

It makes no technical sense that Cloudflare would refuse to proxy a TLS site, which is implied by comparing your 1st diagram to @joepie91@fedi.slightly.tech’s diagram, the only difference of which is the CF←origin segment. Hence why the claim is astonishing.

I failed to support my argument? I read actual Cloudflare documentation, which your sources apparently didn’t.

Cloudflare is a biased source and they have been caught in lies (ref: 3rd article).

I provided screenshots and links to actual facts of the product.

There are no links in your comment. Just pics. You would not likely be able to find a source that supports the claim the CF←origin segment is necessarily in the clear.

You chose to give 3 links and your first two were bad.

You quoted from the first link so obviously it’s a good link.

If you’re actually trying to say the /content/ is bad, this is what you’ve failed to show. You attempted to criticise @joepie91@fedi.slightly.tech’s article which was 2 links deep. You failed because the viability of the 1st diagram does not obviate the joepie’s more accurate reality (most sites use TLS these days).

If your thesis depended upon the 3rd, you should have lead with that.

Indeed it was a non-intuitive sequence. The links were pasted in a hurry.

As it was, your links presented factually incorrect information and further cited factually incorrect information.

This is what you failed to show. You did not even address the 2nd link; in fact said you did not read it. Your 1st response presented bogus misinfo on your part. The last diagram (@joepie91@fedi.slightly.tech’s) is by far the most common configuration.

I trust you that your thesis is built upon your cited works. Therefore, I reject your thesis because your supporting cited words are flawed with bad analysis and incorrect conclusions.

You only read the article about the walled garden. And you actually agreed with the relevant facts that were there, and ultimately concluded that you have no problem with the circumstances that makes CF a walled garden. Your only dispute with the facts were in fact irrelevant. That is, CF is a walled garden regardless of whether there is TLS in the CF←→origin segment. It’s you who has the facts wrong on that (and failed to support your astonishing claim), but either way it does not matter for the walled-garden thesis or for my thesis.

Your provided the supporting documents, which are wrong, and they themselves are citing incorrect works.

As you said, you did not read the 3rd link, so you haven’t even begun to look at the supporting facts for my thesis. The fact that CF is a walled garden (1st article) barely scratches the surface of Cloudflare’s disalignment with EFF principles. That’s mostly covered in the cited works from the 3rd link that you ignored.

Its not my reference, its @JohnnyCash’s.

@JohnnyCash@sopuli.xyz’s reference to malice was different than yours (coming from an entirely different entity in fact). The “twist” was in your misrepresentation of his reference. Hence why your response was a straw man. At 1st I did not regard your strawman as willful malice because it could have been down to very sloppy speed-reading. But now that you have had a chance to revisit his very simple comment, either you’re attempting intellectual dishonesty at this point or English is not your first language.

The sum total of my post was asking @JohnnyCash to expand on his statement for better clarity so we could discuss it.

It was a loaded question. That is, the question itself makes no sense if you comprehend what JC wrote. I don’t believe JC could have been more clear. There was no ambiguity in his reference to malice.

Clearly you misunderstood what you read. @JohnnyCash@sopuli.xyz’s reference to malice is not as you imply.

His fact is correct and his opinion is well supported by it. Specifically, it’s a fact that Cloudflare requires trust. And when over 30% of the (world-wide) web is concentrated in that single walled garden by a single US corporation, it’s obviously sensible to conclude that a lot of trust is required.

Your reference to malice is a straw man. JC did not say CF was itself malicious (but if he were to, it would be a reasonable claim anyway as CF’s harm to legit traffic is deliberate). You must also trust Cloudflare to be competent and not have serious defects (e.g. Cloudbleed). You must trust their diligence with incident response (accidental or malicious). You trust Cloudflare to not suddenly spontaneously hold a website hostage and demand large sums of money (for example).

Finally, JC’s comment that CF is incompatible with an open Internet is an opinion, but it’s spot on if you understand the difference between walled gardens and open resources.

…continued (due to post size limits)…

I can’t tell if the author is being willfully ignorant or if they simply don’t know how technology works. What this comes down to is where in the chain the decryption occurs, if the traffic is ever re-encrytped (and how), or if the traffic is never decrypted to begin with. The article links to secondary another article to explain the technical aspects. However, not only is this secondary linked incomplete, its presents a false scenario which doesn’t actually exist with Cloudflare, but less technically savvy users may not pick this up.

@joepie91@fedi.slightly.tech is an infosec researcher IIRC. I’m not up to speed on any recent CF changes but certainly what you call fiction was in play in 2016. It also make no sense that that would change.

Do you understand the difference between your 1st diagram and your last? The last config (which you call fictional) is actually more secure than the 1st (which has no CF←→origin TLS). The 1st diagram is the most reckless config.

I’m not a CF user, but I am certain admins have a choice whether to use TLS between their host and CF.

However, the author wrongfully assumes this would be commonly used to pass sensitive information. That’s not the use case for this.

What are you saying a gratis (non-paying) subscriber does?

This would be for a non-sensitive site that would improve privacy

No, it does not “improve” privacy (LOL!) to put Cloudflare in the loop, who proxies over 30% of the world’s web traffic all with centralized access in a country without privacy safeguards. Imagine someone in Europe with two ISPs (home+work) and a few VPNs. Cloudflare has an inescapable aggregated view of their activity on ½ dozen different networks.

Separately, Cloudflares exclusion is an assault on privacy. The loss of privacy inherent in CGNAT and Tor is at the hands of CF.

By using this, your ISP loses the ability to see what you’re reading on this site.

Tor is better for that. CF just fucks up privacy.

This method of Cloudflare would never be used in a site that takes credit card data, for example.

Can you cite a source for this claim? The premium (paying) CF subscribers are a tiny minority.

That would violate the PCI rules that protect credit card data.

Well, that’s interesting for sure. Can you link to something about that? I’ve not heard of those rules, but if it’s illegal (in the US, presumably) to let CF see CC data, rightfully so but seems unlikely. I would like to read about that.

BTW, I will be the judge of what is sensitive. A body of law can cover some obvious categories of sensitive data but that’s a very low bar. Each user can do their own threat model which cannot be prescribed by someone else.

The other configurations are end-to-end encryption. There are two configs which I won’t go into here (one avoids another attack vector for bad actors), but for the purposes of this discussion they behave the same.

This means the web traffic is encrypted at the web users side (using an SSL cert) and that data is passed through Cloudflare without ever being decrypted then sent to the web server serving the content.

It also means Cloudflare’s role of bringing the muscle is useless. CF cannot respond to client requests encrypted by another entity’s cert, so the original server bears the full load, thus defeating the top attraction to CF.

This is the config where you’d have your credit card data, name/address, sensitive information, etc. Cloudflare cannot see the data inside this web session.

This simply isn’t a possible config for Cloudflare. The fact that the secondary article’s author completely leaves out the end-to-end encryption options and presents this false narrative as a short coming of the Cloudflare service makes me think they are being malicious.

Can you explain why adding TLS to the CF←→origin segment in a “Universal/Flexible” config scenario would be impossible? If anything, it should be encouraged. It’s malicious to block that possibility.

Unless it wasn’t clear for my assessment of “oppression 3”, I have no issue with this Cloudflare behavior.

I appreciate you sharing your view that Cloudflare is bad or evil here.

You seem to have also missed the thesis of my post. The thesis is important because without it you’re blind about what the facts and arguments are trying to support. To be clear:

• thesis of my post: CF is starkly wholly inconsistent with EFF’s declared and implied values.
• 1st link thesis: CF is a walled garden
• 2nd link thesis: CF’s walled garden is more disempowering than Google or Facebook
• 3rd link thesis: CF is evil. It’s a general smearing with copious dirt on CF’s harm to: privacy, software freedom, netneutrality, vulnerable people, human rights, democracy, censorship, environment, innovation, and their history of poor character and integrity.

Without seeing the 3rd link, you mentally substituted a “CF is evil” thesis when reading my post and when reading the 1st link. So your analysis misses the purposes. I.e. you basically replied to “CF is a walled garden” with “CF is not evil”, and replied to my “CF is not aligned with EFF’s public values” post with “CF is not evil”.

I disagree and hope that some of what I have posted has cleared up some misconceptions and falsehoods being presented as fact that will allow you to make your choice and form a more informed opinion.

Getting the facts right is the most important thing you can do. Opinions, meh, they are useful only to the extent that they put accurate facts into context. But the facts you present are dodgy. Joepie is more convincing. What he says makes sense. And it also concurs with others who have exposed the same problem as Joepie (he was not the 1st). Though you’ve seeded something that could be useful/insightful with the PCI rules.

It makes absolutely no sense that CF’s flexible config would refuse to proxy a TLS-only origin. There is a how-to doc covering how to Cloudflare proxy someone else’s website. I’m not going to dig for the link but that how-to would be fake news if your claim were true (that joepie’s diagram were bogus).

It’s really a tough sell to claim the e2ee configs are common enough to be noteworthy when that config dumps the gratis performance gains that bring CF patrons.

It was interesting to discover that I can see your pics. Lemmy.world is a Cloudflare site (last I checked). Pics are not cached or mirrored, so when pics are uploaded to a CF’d Lemmy node, everyone outside of Cloudflare’s walled garden just see broken links to unreachable images. Yes, CF breaks the fedi. So either LW ditched CF, or LW finally figured out how to whitelist Tor.

(oppression 1)… As a consequence, money-saving shortcuts are taken and Cloudflare uses a cheap blocking criteria based crudely on IP reputation.

Entire subnets or national TLDs are blocked because they come from place or nations that do little to stop bad actors from doing bad acts.

Arbitrary collective punishment has to be seen as arcane and barbaric by 2025, no? I can’t wait until we make enough social progress to collectively see it as zombie-minded as racism.

How many times do you have to get port scans or malware introduction attempts from these subnets,

I was unaware that Cloudflare blocks whole nations. That’s even sloppier than I was aware of. Can you give more details? Which countries? Cloudflare is not transparent about the demographics they exclude.

especially when you have few to zero legitimate users,

People travel. It’s extremely rare that a web admin can block a nation with an expectation of zero collateral damage. The possibility of Cloudflare knowing the web admin’s business is even less likely.

It’s mind-boggling how foolish admins are when they block countries or continents on the basis that residents have no business on their site. So when I travel overseas, there are some affairs I cannot manage in my homeland because of this stupidity.

before the better action is to block the who subnet.

“Better” is a slippery word. If a preemptive DoS attack on legit users is acceptable, you might like to endorse SpamHaus as well. The whole point to fighting spam is to protect the availability of legit traffic. When you directly attack legit traffic under the pretext of anti-spam, you’ve become an obstacle to your own purpose.

As someone that maintains servers, the constant threat and time consumed trying to protect against these is immense.

Pawning your own users to Cloudflare just shifts security problems onto others. You shift a new security problem onto all your users to escape the burden that was rightfully yours. And if you’re like all other CF sites, you also conceal CF’s role and consequences from the users.

Its simply unreasonable to place the burden on server administrators to continuously put their servers in harm’s way

There is no dichotomy of “harm’s way” some magical network that is outside of “harm’s way”. All connected servers are in harm’s way.

It’s simply unreasonable for an unmotivated admin to compromise the security of their users (who lack infosec expertise) in order to have an easier job securing the server.

simply to conform to an ideal when there may even be zero users coming from these places you’re interested in serving.

This place of zero legit users you mention – where is it? It’s certainly not the Tor network. It’s certainly not the CGNAT networks.

I have no issue with this Cloudflare behavior.

Try not to lose sight of the thesis. That behavior is part of what makes CF a walled garden. You may have no issue with walled gardens, but then what would the point be in reading the article?

(oppression 2)… When a website administrator joins the cage by opting to reverse proxy their services via Cloudflare’s walled garden, the visitors of the website have no choice in this decision. The end user is forced into a disempowered take-it-or-leave-it proposition and thus trapped to an essentially absolute extent.

This idea suggests that the mitigation should be the web user should have more power/choice over the web server owner that the owner themselves.

That’s a false conflict. It’s not a competition. A server owner has an independent choice whether to trap their users in a walled garden. Choosing the open-free-world does not elevate the users’ power above the owner. What a bizarre notion. Server owners also have the choice whether to give users choice. E.g. freedom-respecting admins offer onion access as a clearnet alternative, like the privacy international website.

That’s a bizarre notion to me.

What’s bizarre is the idea of competitively comparing admin autonomy to user autonomy. They can (and should) both have autonomy, self-determination, and free choice. How do you make that leap from not trapping users to users have more power than the owner?

A random web user is not automatically entitled to more than what the web server owner is willing to give.

“Entitled” is a slippery word and also awkward in this context. Entitlement can be legal or moral, neither of which is implied by what you quoted. The article covers the meaning of a walled garden, not who is entitled to what.

Though orthogonal to the article, it can still be an interesting discussion. Consider that people are entitled to vote in general elections. Several US states have put online voter registration inside Cloudflare’s walled garden naively¹ using Cloudflare’s default config.

The analysis can get quite complex and messy. Even though /everyone/ is entitled to vote, only demographics of people who Cloudflare Inc. grants access have the privilege of registering online because the website owner is “unwilling²” to serve all those who are entitled to vote. You could say registering is an entitlement but not necessarily online reg, which is fair enough only if there are no eligible voters excluded by that. Not sure that’s a safe stance when all kinds of handicaps and situations might emerge where someone has web access but cannot obtain or complete a paper form. Paper forms are also a problem because of Cloudflare. I do not vote. Kamala lost my vote because even though I can do a paper registration, the data entry worker will still supply the sensitive form data to CF, who I distrust. IOW, trusting Cloudflare has become a pre-condition to voter reg.

¹ I say “naively” under the assumption that the SoS is impartial. Of course if the SoS is republican-leaning, voter suppression serves their party well. ² Unwilling, or in many cases is simply naive about excluded demographics.

I have no issue with this Cloudflare behavior.

Another walled garden feature you are happy with.

(oppression 3) Opacity— to keep people uninformed

The excluded group is wanting more than the web server is willing to give (for whatever reasons).

Of course. This is inherent in being denied access. If the excluded group did not want access, they would not even make the attempt to know they were being excluded. There would be no discussion to be had.

This is the same complaint that the web user should be prioritized of the web server owner. I reject this notion.

It’s not. When an oppressive resource controller marginalises a demographic of people, it is bizarre to frame that scenario as owners vs. users having “priority” over each other. It’s not a competition.

There are lousy owners and admins and there are competent ones. The most competent are skilled at separating spam from ham and not sabotaging copious ham to trash some spam. Fewer legit users are denied service when a competent admin is at the helm and it’s not because the users have more “priority” than the ownership. It’s because the ownership (and who they hire) are more skilled. They are also wise enough to measure detriment to ham (as opposed to the naive measure of just measuring the spam while neglecting collateral damage).

Would you mind saying if you are politically right of center? I’m curious because some recent research found that conservatives have a tendency to view the world as a zero-sum game; that if someone is gaining something then someone else must be losing. It explains xenophobia to some extent (for example) because if immigrants get a better life then it must come at the expense of someone else (per their zero-sum lens). Your tendency to think in terms of a priority between users and owners s.t. when users benefit the owner must be at a loss is analogous to this way of thinking.

And prioritized by WHO? The prioritization comment neglects that every stakeholder has the priviledge to rank for themselves what matters to them personally. Of course from the users’ perspective it’s satisfaction of user needs that matters most. The ownership’s needs only matters to the extent that users needs are served as a consequence. It’s naturally and inherently secondary. And inversely so for the ownership.

Your advocacy for prioritizing ownership above users in line with the enshitification trend that has downgraded all tech we’ve used over the past ~15 years.

Pre-gen-z, suppliers were rightfully expected to serve consumers. That has gotten adversely inverted. So now consumers have been made subservient to suppliers – and they are conforming. It’s fucking shit up. A bathroom remodeling company has an appointment/contact page with CAPTCHA. So customers must dance for the supplier to solve shitty puzzles prior to having the privilege of spending thousands on a new bathroom. I walked, because I don’t bend over backwards to do service for suppliers while feeding those I boycott (Google). Service is their job. My job is to pay them.

In reality the padlock only indicates a secure line to Cloudflare, who sees everything including usernames and unhashed passwords.

The article presents this as objectively true, when in fact its only true in some most cases.

Fixed that for you. It would not make sense for the author to complicate an article about what a walled garden is with rare unverifiable³ corner cases.

³ It’s technologically impossible for web users to prove whether Cloudflare or the server ownership holds the private key associated to the public key that the user’s browser gets from CF. But if you understand business and capitalism, you know the CF e2ee is a rare scenario.

Are you asking how the kill switch is triggered? It’s an autonomous algorithmic kill switch not a remote kill switch. When the machine detects a fault it switches to a broken mode. The switch can only be reset by someone who the manufacturer trusted with the reset procedure (ie. their own repairers who charge more than the machine is worth just to show up).

At that age (27 yrs), I suppose your machines don’t have kill switches. Your next machine will have a kill switch, so even though you can fix it mechanically, the control board will deny you the privilege to start a wash program.

Not to defend garbage business practices, but hand washing REALLY sucks though.

That’s exactly why they get away with it. People’s intolerance for inconvenience is directly proportional to the level of enshitification suppliers can get away with.

I have been washing my clothes by hand for a year now to ensure that I am on the right side of the curve. I wash my much clothes with much less frequency now and do more airing out.

This is a systemic problem and the solution to systemic problems is legislation, not personal responsibility.

We don’t live in the kind of reality where your proposal works. The jurisdiction where legislation is the most viable on the world stage would be Europe. Europe decided against it. “Ecodesign” and right to repair are a shit-show after a 10-year attempt. Have a look at this thread:

https://discuss.tchncs.de/post/46422830

It’s just like the climate problem. You cannot sit back and expect the state to fix it. Hence the existence of Extinction Rebellion. The problem needs both state action and people taking personal responsibility.

Europe has gone as far as to make consumers immune to prosecution for reverse engineering their own property (IIRC). But that’s as far as they go. So effectively, the Polish train hacking approach is allowed but Europe is helpless as far as obligating suppliers to share repair info with amateur repairers (only pros).

People outside of Europe are fucked even more.

I don’t really have time to write a book here and now, but I’ll start with some articles:

• https://thefreeworld.noblogs.org/post/2024/03/18/cloudflare-has-created-the-largest-most-rigidly-exclusive-walled-garden-in-the-world/
• https://thefreeworld.noblogs.org/post/2024/03/20/comparison-of-the-human-disempowerment-severity-of-3-walled-gardens-facebook-google-and-cloudflare/
• https://gitlab.hax0rbana.org/public-repos/liberethos_paradigm/-/blob/master/rap_sheets/cloudflare.md?ref_type=heads

Library hours are limited. Where I live they are open 10am to 9pm. They are closed on Holidays. They are closed when the rather is bad. I checked in Grenoble which I’m slightly familiar with and librarys there are closed on Sundays.

What was the response when you complained? Try city council.

That makes it completely impossible to receive morning schedule changes.

No, it just means you cannot sit in a chair inside the library to get your morning schedule changes. Any wi-fi you traverse in the morning will do the job.

Yes. And what are you doing yo do about it?

I personally use hacker spaces and universities in moments when libraries fail to serve.

Suggest that it should be privatized and deregulated like the Internet so that it magically becomes free?

Libraries are already the right price for me. But if you’re getting fucked on the price, knock yourself out asking for privatization but I can’t see that improving anything. You would still be asking the same people to broaden the operating hours, but they would have to alter a contract.

But you have been arguing against regulating!

No I haven’t. You are really lost here. I never said anything of the kind. By now you should know that I advocate boycotting. Whether you boycott or not has nothing to do with the extent they are regulated.

I guess I should boycott libraries too until they change?

Not sure why you think a boycott affects a public resource. Unlike a private sector boycott, your lack of relationship does not cost the library. You would have to get nearly /everyone/ to boycott the library just to make the case that it should be shut down due to lack of use. You have a better chance of just asking for morning hours, after convincing them that the local university library is also closed in the mornings.

Do you need me to go back and quote you where you repeatedly defended Trump’s deregulation because high speed Internet customers would subsidize cheaper service?

Yes, I do.

“Netneutrality is not going to cause dial-up customers to lose even more performance. If anything, they might even fair better because the ISP will be able to bring in more profits which could increase the effect of subsidy from higher payers.”

Is that the quote you think defends deregulation? Your mother tongue is apparently not English. Nothing in that quote endorses deregulation. It simply supports the claim deregulation harms broadband users but not narrowband users. Harm to either is harm nonetheless.

That was a single example from a link I gave you with dozens of examples from multiple states from 10 years ago.

The only interesting state was Texas because the other states have offline filing, which makes them entirely irrelevant.

It also included states that require online filing for small claims and landlord tenant disputes.

You’ve misunderstood the article. Only Texas has the requirement.

Internet is cheaper than a lawyer.

This is a false dichotomy. You need not choose between the two. If you opt out of the lawyer, free public wi-fi is cheaper than Internet delivered to your home.

Your lawyer does the filing, not you. So no problem if you boycott having Internet at home. If you need to file pro se in Texas, it’s shitty indeed that there is no analog mechanism but at least you have the library. And the court itself probably has machines you can use. Otherwise, there is a human rights issue in Texas if court access is exclusively for people who have property (i.e. PCs).

And people need to receive communications before and after school hours.

And? Are you trying to imply that library hours are a total subset of school hours, making it impossible for students to access libraries? If so, that’d be a quite dysfunctional library system you have.

Many libraries aren’t even open on Sunday.

You have a democracy. Use it. Stop making excuses and demand better.

I have access to an unstaffed library on Sunday. The library card unlocks the door.

That’s not an argument. It is a veiled personal attack.

Nonsense. “Rediculous” is not an argument. You have failed in presenting facts and logic that support your claims. Attempting to claim my ideas are “rediculous” is a baseless ad homenim. Pointing out your lack of sound logic is not.

It is as weird insult for you to use because you have been defending this Trump ruling to deregulate large Internet corporations.

It’s the other way around. You have lost track of the thesis. The boycott opposes Trump’s action and the corps interests. Your opposition to the boycott is the boot licking pro-Trump stance.

It does because they need Internet to receive communication about School for their children.

Not simultaneously. The library operates all day long. Different people have different schedules.

Children’s homework is also online.

Bad idea. But not everyone has kids. Not all kids have homework. Not all homework requires the cloud. Not all homework must be done the same day it is assigned.

The time to build a larger library is measured in years. A timer means the library cannot support everyone but everyone needs the Internet.

I am living proof that all hospitals can be closed. (I haven’t needed to be in a hospital since childhood)

Your argument is ridiculous.

You sound like Trump’s lawyer, who could put together a logical argument, and so was just left with declaring “rediculous”. Can’t pound the law… cannot pound any facts or evidence… so you are left pounding the table.

We are talking about the potential affect of net neutrality on everyone. That you personally can function without it doesn’t mean everyone can.

I am not functioning without Internet. I am using the Internet in a sacrificial way without feeding the infra. I am not streaming movies and using all the convenience frills that pushovers are addicted to.

That needs to be built. The current infrastructure cannot support everyone using the public library.

It only needs to be built if 10k people actually have the will power to boycott. And in that case the affluent users and the poor users are treated equally by the library, unlike the boot-licking action you advocate for where wealthy people can buy their way to superior access from the comfort of their homes.

It’s not will power when it is required by schools and the government.

Citation needed on the government mandate that you have Internet installed in your home. It’s will power because access from your sofa and home office is a matter of convenience.

The total infrastructure support for 1,000 simultaneous people in a library that was only built for 100 is far greater than that.

It’s not simultaneous. 1000 people boycotting does not mean they all leave their homes and enter the library at the same time. Libraries are scalable (not limited to 100). They control the upper limit of the scale as well with timers.

And it doesn’t fix the problem that communication via Internet is required. You can’t live at the library.

Works for me. I am living proof that occasional Internet access from the library is possible.

Again that is a side effect. If reddit paid tier ones to block Lemmy, they now can.

They cannot. You’re again fixated on what’s legally possible, not how the market works. Reddit could not pay tier 1’s enough money to block Lemmy and offset the market consequences of that move.

I’m focused on tier 1 because that’s what actually matters. They are the ones who fought net neutrality.

That’s a false cause fallacy. Comcast fought net neutrality because for their retail business, not tier 1 business.

56k is a side effect, not the target.

Exactly. It’s not the target. As I said, you cannot market a dial-up connection that is artificially crippled. And you cannot cripple the speeds across the board enough to affect 56k connections.

Stop saying that when we’ve already proven it’s impossible because of government/school communication.

Nonsense. I am proof that boycotting is viable. I am living by the boycott. I can communicate with my gov just fine. I also communicate with researchers at universities just fine without paying Internet subscriptions and without using other institutions bandwidth that was not oversold.

Consolidation reduces the work up to the limit of existing infrastructure. You can litter without affect.

Indeed.

Everyone littering means more cleaners are needed.

The already exposed brokeness of your analogy continues to escape you. As already pointed out, the analogy is inaccurate if you assume no one litters to begin with. Everyone is already using the Internet. They would be effectively be moving their litter from being scattered to consolidated. The same litter in one place reduces the amount of infra needed, not increases. There is no longer a need to maintain all those comms lines citywide if no one uses them.

It’s why a festival requires far more clean up than regular service.

It’s far less effort.

We’ve already covered this.

Yes we have. How can you still fail to grasp this? 2-4 people cleanup after a festival in <2 hours. That same litter scattered citywide needs a staff of hundreds working days. It’s not even close. As I already established, you’re off by at least 2 orders of magnitude.

It’s why you can use the library, but it isn’t an option if all 10,000 people in a village needed to use it at the same time.

If you cannot support a network for 10k people in a small place, it’s a failure of your competency, not physics. A “library” need not be a single building. 10k people would be using a combination of libraries and campuses, in the unlikely event that you manage to find 10k people with the will power to boycott. You are well in the realm of pure fantasy at this point because Americans would have no hope of escaping their own intolerance for inconvenience on that scale. You simply will not find 10k people in any given city with the will power to boycott anything at all, much less something that serves as a daily convenience. But if you do, you’re limited only by your competence.

Which is beside the point that families with children living at the library isn’t an option. Schools communicate through the Internet.

There is nothing that stops students from using libraries and gov buildings. No one needs to “live” at a library.

You admitted that everyone using the library would increase costs to the library.

Your math and memory are both failing you. I said: “They lose my subscription fee but the library does not have to pay the difference in excess of their costs.”

That’s the same for everyone. If 1000 people cancel their $40/month subscriptions and go to the library, the library costs do not increase by $40,000/month to offset the loss, even if you forgot that library consumption per person is less than always-online domestic usage per person.

W.r.t your memory failure, I said I alone do not increase the library costs. Conflating /myself/ with /everyone/ neglects the math above.

You don’t understand how the Internet works.

The ability for intermediary networks to interfere with Internet traffic isn’t bogus. That is why the FSF has and is fighting for it.

FSF is not in the slightest worried about Lemmy being throttled below 56k. If they were, it would indicate inability to understand how business works. FSF is fighting for reasons you don’t understand if you think the concern is throttling Lemmy below analog modem speeds.

Companies do not act as idealized politically neutral agents. For example right wing media has distorted news reporting because it is what the owner wants despite the loss in profit from alienating part of their customers.

You should really avoid analogies.

A tier 1 network can now restrict content both for profit (a competitor pays the tier 1’s to shut down the competition) or simply because the owner wants it despite the lost profits.

Tier 1 is too far up the supply chain to have the effect that you think it does. The netneutrality battle matters most to consumers on the last mile of transmission lines which determines the contracts. Worrying about tier 1 is like worrying about what is happening in Guatamala or El Salvador when you buy coffee on the world market, while ignoring the local market. But in any case, if your flawed understanding of how the Internet works leaves you fixated on tier 1 and you want to focus on that, boycotting is still the best move if you have the will power to walk. Boycotting the retail end of the transaction also boycotts tier 1, even if you hypthetically watch Netflix all day at the library instead of at home because the consolidation still yields less oversold unused bandwidth, less fat, and less revenue for the industry.

Your claim that your littering causes absolutely no social cost is absurd.

Yet you fail to support your claim that my use of the library has driven up the library’s cost for their flat rate contract. Your absurd litter analogy failed you because you failed to realise that consolidation of work reduces the work, reduces the infrastructure needed, and reduces the revenue it brings.

Your suggestion to don’t use the Internet was refuted at the very start when I explained that some government services, in particular schools, require internet for communication.

Your attempt failed when you failed to realise the reduction in revenue. They lose my subscription fee but the library does not have to pay the difference in excess of their costs.

Lemmy isn’t throttled because no one is paying them to do so.

Then your claim was bogus to begin with. I addressed the /potential/ scenario that you suggested; I never claimed that your suggestion was reality, just that it was flawed.

They can now legally throttle it below 56k. Physics has absolutely nothing to do with it.

It’s not the law the prevents the throttling. It’s the marketplace. The physical limit is low enough that it is the min tolerance the market will accept. Physical limits and marketplace limits are relevant, but legal rights to throttle are irrelevant when the dialup market won’t accept less than physical limits.

Because up until now you argued the opposite.

I never claimed a boycott is not sacrificial. I have advocated for boycotting, but that does not mean it’s not a sacrifice. Hence why I mentioned will power in the OP. Boycotts have consequences, which I accept.

Irrelevant to your original argument that there was no effect.

Your analogy has failed you. Your litter analogy supports the reality contrary to your thesis. Revenue is reduced when people consolidate their consumption with fewer flat-rate subscriptions. Just as litter cleanup has reduced costs in concentrations that need less infrastructure.

Your logic is off-target, as this is caused by “management”, not the individual.

It is management that I was referring to. That should be obvious. The incompetence belongs to whoever makes the incompetent decision, which in this case would be high in upper management.

It’s fair to assume in this case USPS is not that incompetently wasteful.

No. It isn’t.

The USPS is being intentionally mismanaged as a step towards dismantling the pillars of US government.

A safe assumption need not be an accurate assumption. It’s about consequences. Incompetence has consequences – and rightfully so. IOW, when the assumption is wrong, it does not obviate the purpose of my action. Therefore the assumption is safe.