emoji works, just not pics. But thankfully someone on a proper connection handled it.
As for PayPal, well, your cc / bank also shares lots of data.
Paypal is not a bank. Paypal is an additional MitM. Using Paypal adds another surveillance capitalist to the chain along with your bank and credit network. But indeed, the banks and credit cards are shit so I am fighting the war on cash quite hard. I’ve already been dragged into court for insisting on paying a creditor in cash. I won that case and will continue insisting on cash payments.
If your threat modelling is that severe
My threat model simply includes mass surveillance. Which is in the threat model of everyone who understands and embraces privacy. It’s worth noting that it’s not purely and infosec stance. I also object to feeding a supplier who is acting against me. The moment I detect that a supplier is working against me, I walk on ethical grounds. They have failed to earn my business. The snooping just happens to be the manner in which they are working against me.
your best bet is Tor Craigslist,
I was doing that at one time but something pushed me off. I don’t recall what.. whether it was SMS verify or CAPTCHAs or phone numbers or fussy email address verifiers... something drove me off.
Ethical consumers patronize the lesser of evils, and go without if it’s feasible given only quite shitty options. Affluenza-driven OCD consumption is the unhealthy obsession that ethical consumers manage to avoid.
I think someone mentioned this is in the Playstore services stuff that’s hardwired in to the platform. Which means if a device is unrooted you can possibly do: $ adb shell 'pm disable --user 13 com.google.android.gms'.
If I were to simultaneously demand:
- a phone with a relatively non-evil brand (thus obscure), and
- a rootable phone (thus a mainstream one)
that leaves me with no phone at all. Because only popular mainstream models get rooted and they’re all made by the worst companies.
When my current phone loses its usefulness I might even go without. Or possibly get one 2nd hand although the 2nd hand market still supports the 1st hand market.
I’ve ditched email for the reason you mention. If I need to email a private sector entity, I might check their MX server and attempt to send a message if the receiving server is not Google or MS. But generally I nix whatever company I would otherwise want to reach. If I need to reach them (e.g. to get support for a product I already own and I’m stuck with), then I use snail mail. Same for public offices. Most government offices use Microsoft for email which is a non-starter for me. If they use MS then they’re getting snail mail from me.
Don’t need Google account to access my bank. How does that work exactly?
Like most banks, a bank pushed an app exclusively via Google Playstore or Apple’s store. At the same time, that bank shut down their website and closed their walk-in over-the-counter service. Customers then had 3 choices to access their account: join Google’s walled garden, join Apple’s walled garden, or make an appointment for every single transaction which incurs fees. Alternatively, the Android app can be obtained using an app called Aurora and violate Google’s ToS by using a shared account to download the app.
I think that particular bank started making their app available in Huawei’s app store, so there is an alternative walled garden for Android users in that case. But Huawei is an uncommon option as more and more banks trend in the direction of forced-Google-patronage.
Never needed an app to dial 911…the whole point of 911/999 is that it’s easy to remember, easy to dial. Also, I haven’t dialed 911 in 25 years, but I’m pretty sure opening the dialer and pressing 3 buttons isn’t too difficult. Also, I don’t see how having a Google account is required to dial 911 (or use an app? ) to do so.
A 911 app was hypothetical but a 112 app certainly exists. You populate the app with important details like name and address. The app is capable of both voice and text (SMS) and IIRC can also connect via wi-fi if there is no GSM signal. If you can’t speak for some reason (choking, throat cut or you’re hiding from an intruder and must be silent) the app transmits all the data you configured plus whatever you can type.
update
Someone in a crossposted thread said it’s not just Playstore that marries people to Google but also an API library for financial transactions:
There’s not really much point in using a self hosted gitea or codeberg or sourcehut if you want the barrier of entry to be as low as possible for potential contributors.
But GitHub has more features (like discussions), provides better hosting and ease of use.
Bingo. Prioritizing convenience features above digital rights principles is exactly why Github’s walled garden dominates over forges that have a lower barrier of entry.
The focus of any open source project should be on development of the software, not the software which supports its development.
Again, people to setting aside their principles is exactly what I’m talking about.
Thanks!
The To: address in the header would be interesting. Of course, you wouldn’t want to disclose it verbatim here but it might be useful to have a rough idea. Was it Firstname.Lastname@yadayada.com or some variation of that, or was it more like commonNickname@yadayada.com? Some people here think it doesn’t matter, that it’s inherently personal info, but the European Commission says it matters. It’s not hard and fast; there are varying shades of gray here. Maybe they kept logs of your IP address and maybe that makes a difference. You might want to read WP136 (I have yet to read that).
I would love to see action taken against Reddit, if anything just to burden their lawyers and create some costs for them. But I doubt it will go anywhere. GDPR enforcement is such a shit-show in Europe. Even dealing with clearly blatant violations that are wholly internal to Europe which should irrefutably incur penalties, simple obvious cases are being ignored by DPAs. So I have little confidence that this cross-border case against a non-EU data controller would actually get results when the law is not really concrete. The one factor in your favor is that Reddit is somewhat high-profile which might take a DPA’s interest.
I don’t think a “delete my account” button constitutes an Article 17 request. It removes the purpose of processing to some extent, which then relies on the data minimization principle (Art.5). Reddit can do a bit of hand-waving to make excuses like needing to retain your email address in case one of your posts sparks a legal inquiry. Your case would be stronger if you had submitted an explicit Art.17 request to Reddit.
From the email:
Per our lawyercats, we are not able to respond to further inquiries or questions.
I wonder if that statement might be actionable. Art.12 and 13 require Reddit to identify a data controller with a point of contact and to tell you your GDPR rights (IIUC). And here they are outright stating in effect “we don’t want to hear from you”. I would stress that in your GDPR complaint, not just the misuse of your email which you expected to be deleted. But note they do provide an address at the bottom of that msg. Although that angle of attack might require Reddit having a way to know you have ties to a GDPR region after the supposedly “deleted” your acct.
Also, I would look into any anti-spam laws your country has. There may be a higher degree of legal actionability there.
So cool to hear that Brazil has a GDPR equivalent. That (and the fact that Bolsanaro got booted) makes me want to live there.
Embarrassing that the US can’t get on the ball with this.
I guess the rub is that a light sensor which determines how bright to make the LCD is probably indistinguishable from a CCD. If that is darkened then it would darken the screen potentially on machines with no CCD. Although you could test it by covering the spot briefly to see if the screen dims.
coffeeClean
joined 1 year ago
I scrambled it for my own privacy… so that would not work. But I preserved the structure well enough that your insight was helpful.