The real problem with @Blaster_M@lemmy.world’s comment was to blame the victim. It may be sensible to blame the victim, but let’s not lose focus on the perp.

beehaw.org defederated from lemmy.ml. And I don’t blame them. I actually try not to post to lemmy.ml or any of the Cloudflare-centralized nodes (lemmy.world, sh.itjust.works, lemm.ee, etc) but it slipped my mind when I posted here.

(edit) sorry, i'm confused. I thought beehaw.org defederated from lemmy.ml, but both the post herein and the original are on lemmy.ml yet you can reach this one. So I’m missing something. I wonder if you are able to see infosec.pub-mirrored content and maybe the original community has no infosec subscribers? hard to say.

You don’t own the phone. That’s how ~~credit~~ nonfree software works.

↑ corrected that for you.

If you don’t control it, you don’t own it.

What does referencing mean exactly?

Sometimes HTML email comes with the logos and objects needed to render it, sometimes not. When the objects are included it’s possible to render the message while offline. In the case at hand, the logo was not included and the HTML body defined a logo with that unique URL inside img tags.

In the very least, if we assume the tracking is appropriate and that it’s consistent with the privacy policy and ToS I agreed to, I would still find it objectionable that a government would conceal the fact that they are using a tracker pixel/image by withholding the content-length header. The gov should be transparent about what they are doing. They should even disclose in each such message “we have a tracker pixel in here”, for transparency which should not be an issue if it’s legit. I personally need the content-length header because I’m on a shit internet connection and have a need to know how big something is before I fetch it. So I’m disturbed that all Cloudflare sites (which is like ½ the web now) withhold the content-length header. The agency at hand is sloppy with privacy and probably sloppy with everything. It’s not necessarily malicious but nonetheless I’m not going to lower the standard by which they should be held to.

I would ditch an app that can’t handle text. You want a screenshot of what, curl’s output? I’m on a shitty connection with images disabled so it’s a bit of a hassle and uses my allowance.

You can check it’s installed (stock android) Settings > Apps > All Apps > three dot menu, Show system > search “DeviceLockController”.

Is that just a “feature” of recent AOS versions? AOS 5’s triple dot menu has nothing like “show system”.

Ebikes and electric devices, however, sound to me like something futuristic

There are kits enabling you to convert a muscle bike (push bike) into an e-bike. If you get one with a torque sensor, then it will detect how hard you push on the pedals and drive the motor proportional to that force. So you still must pedal but it amplifies your effort which preserves the natural feel and control of pedaling. It essentially makes the hills go away; a hilly place becomes a flat place.

What’s TAN?

(edit)
Regarding the train svc, the carsharing, Netflix, etc, I generally draw a line and say all the private sector stuff can be disregarded apart from life essentials like groceries. So in your list, the train service is a good point because that’s a public service which invokes human rights (equal access to public service). Since you mention Germany, I happen to recall some Germans saying that the train app can access tickets and fares that are otherwise unreachable, perhaps in part because some stations have no kiosk.

You might want to crosspost your story to !uklaw@feddit.uk. But if you do that be clever with your phrasing so as to not seem to be asking for advice, but rather for information. E.g. is there any case law for this situation..

(I’m assuming you’re in the UK because other commenters focused on UK law)

Right, so e-mail address together with IP address would then make the e-mail that of an identifiable user under Art.4(1). So the OP needs to find out if an IP address was logged and retained in connection with the email address.

The GDPR is a not a directive. It’s a regulation. Nontheless, I read that the GDPR was specifically mirrored into UK law with a couple minor modifications.

But to answer @automaton@lemmy.world, AFAIK the #GDPR does not apply in this situation anyway because Reddit accounts are “anonymous”. The GDPR only protects identified people.

/cc @d00ery@lemmy.world