Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)C

coffeeClean

@ coffeeClean @infosec.pub

Posts
16
Comments
56
Joined
2 yr. ago

  • AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people's location info

    Jump

  • That’s insufficient. Mobile providers are not even getting your location through that Google mechanism that feeds Google. Their towers track your location even if you have GPS off.

    I always tap “disagree” to location svcs when turning GPS on and take a hit on slow positioning. But that only cuts Google off. To cut the mobile carriers off, I keep my phone in airplane mode and also keep the GSM chip slot empty. In fact I don’t even carry a gsm chip. I believe in this state I can make emergency calls (IIRC, airplane mode automatically gets disabled when an emergency number is dialed).

  • AT&T, Verizon, Sprint, T-Mobile US fined $200M for selling off people's location info

    Jump

  • Yet a vast majority of people have no problem when people are forced to subscribe to mobile phone service:

    https://infosec.pub/post/11658371

    This kind of information should be startling enough to at least see the merit in not having a mobile phone subscription. But no, people will just say “that sucks” and continue to being the sucker while also expecting others to be equally naive or cavalier too.

    from the article:

    AT&T told The Register said it should not be blamed for the failure of those buying its data to obtain proper consent, and said it will fight the fine.

    Private investigators are treated as legitimate consumers of that location data. An angry ex-boyfriend or ex-husband hired a PI to find out where his ex was, who then simply bought the location data from a mobile carrier. The guy used the info to find her and shoot her dead on the spot (headshot while she was driving a car). The data sharing was “legit” in that case, in the US where privacy laws are generally non-existent.

    It’s strange how that murder case gets omitted in these articles about mobile carriers selling location data.

  • Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

    Jump

  • Could I be in the wrong? No, it must be literally everyone else in this entire thread / national library network.

    Is your position so weak that you need to resort to a bandwagon fallacy?

    Grow up.

    and an ad hominem?

    You demonstrate being a grown up by avoiding ad hominems in favor of logically sound reasoning.

  • Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

    Jump

  • After reading your post, I would say, no harm intended, just don’t do it again.

    You may be misunderstanding the thesis. This is not really about staying out of trouble. Or more precisely, as an activist up to my neck in trouble it’s about getting into the right trouble. The thesis is about this trend of marginalising people with either no phone and/or shitty wifi gear/software and a dozen or so demographics of people therein who do not so easily give up their rights. It’s about exclusivity of public services funded with public money. Civil disobedience is an important tool for justice outside of courts.

    The security matter is really about competency and cost. The main problem is likely in the requirements specification conveyed to the large tech firms that received the contract. From where I sit, it appears they were simply told “give people wifi”, probably by people who don’t know the difference between wifi and internet. In which case the tech supplier should have been diligent and competent enough to ask “do you want us to exclude segments of the public who have no wifi gear and those without phones?”

  • Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

    Jump

  • You set a great example of getting mad at a bitch eating crackers.

    I merely tried to get online using an ethernet cable. I didn’t get hostile. I was calm. And because I was calm, the librarian became calm. The only hostility was in the librarian’s single opening comment to me, and what you see in this thread.

  • Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

    Jump

  • The librarian who said it was okay to plugin (which they likely understood to mean plugin an A/C power cord) was young, not as senior as the edgy librarian. I’m not going to take down a kid and get them in trouble for not picking apart what it means when someone asks if they can “plug-in”.

    People like Trump will throw his supporters under the bus when self-defense calls for it. I will not.

    What would the point be? I didn’t need a defense. I got scolded and was walking out. Since I was calm, the librarian became calm. Police were not called and I was not detained. And if that had happened, I would have exercised my right to remain silent anyway.

  • Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

    Jump

  • And what does trust have to do with it?

    I think they mean trust in the librarian to genuinely know the policy and what should work. They tend not to in this case because ethernet has become obscure enough to be an uncommon question, if ever.

    Another library had ethernet ports all down the wall next to desks. They were dead and no one used them. It was obvious that the librarian had no clue about whether the ports were even supposed to function. When I said they are dead and asked to turn them on or find out what’s wrong, they then figured that if the ports don’t work, it must be intentional. So the librarian’s understanding of the policy was derived from the fact that they were dysfunctional. Of course if they were intended to work but needed service, ethernet users are hosed because the librarian’s understanding of policy is guesswork. There is no proper support mechanism.

    I asked a librarian at another library: I need to use Tor. Is it blocked? I need to know before I buy a membership. Librarian had no idea. They just wing it. They said test it. Basically, if it works, then it’s acceptable. The functionality becomes the source of policy under the presumption that everything is functioning as it should.

    Since ethernet has been phased out, modern devices no longer include an ethernet NIC, and there are places to plug into A/C with no ethernet nearby, the librarians and the public are both conditioned to be unaware of ethernet. So the answer will only be either: no or test and see.

  • Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

    Jump

  • When I entered I spoke to a different librarian about the locked PC room (due to a holiday or something). They said I could use wifi but need to give a phone number to a captive portal, which I already knew. My phone was not on me so I said: is it okay if I plug in over there by the catalog PCs? They said yes. Revealing what I mean by "plugging in”, well, i was vague for a reason. I know the population has become ethernet-hostile¹ so indeed asking for forgiveness is better than asking for permission in this situation.

    ¹ Another library in the area has ethernet ports but they are just decoys (dead ports). I asked the librarian what the problem is, why they are disabled, and whether we can turn them on. Librarian was helpless, and said “use wifi”, which didn’t work for me for different reasons than the other library. But the librarian basically said in so many words “not our problem.. you can just use wifi.” At another library, I was able to connect but Tor was blocked. I tried to get support from the librarian. They had no clue but were also unwilling to lead me to someone who could give support. The way it works around here is the info systems are outsourced to some unreachable tech giant, and the librarians are rendered helpless. If the SSID does not appear, the librarian can send an email to someone to say it’s down, and that’s about the full extent of their tech capability.

  • cybersecurity @infosec.pub
    coffeeClean @infosec.pub

    Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet

  • Bypassing problematic captive portals. Cafe gives a red padlock; transit svc has broken TLS captive portal, etc…

    Jump

  • Your first priority should be to get on an android version from this decade. Lollipop came out in 2014 and went eos in 2016.

    My first priority is to not financially support systems of premature forced obsolescence that has led to more smartphones in the world than people (despite ½ the world’s population having no smartphone at all). Buying a new phone just 6 years after another would make me part of the problem. I am writing this comment from a 16 year old machine that runs just fine. My AOS 5 device still uses the original battery. Only incompetence could explain inability of /software/ to outlive a /battery/.

    I cannot think of a more absurd reason to upgrade a phone than to keep up with captive portals. Apart from that, I must say that I may have to argue in court soon that I no longer have access to my bank account because my bank closed their website and forced people to install their closed-source proprietary app from Google Playstore. It will be easier to argue in court that the bank’s software does not run on my phone than it will be to say I have philosophical and ethical objections to sharing my phone number with a surveillance advertiser just to open an account just to fetch software, of which the non-freeness I also object to. So I am trapped on this phone for higher legal endeavors.

    When you say “this decade”, you’re disregarding the age and saying the line should be drawn at years that are multiples of 10. So a phone bought in 2019 would be “obsolete” in 2020 by your logic. Obviously that’s obtuse and reckless. I bought my AOS 5 phone new from the retail shop of a GSM carrier in 2018, 3rd quarter. It’s been in service less than 6 years.

    Apple is borderline reckless and they officially support phones for 10 years IIRC. And that limitation is imposed by the business bottom line. Capitalism aside, engineers who can’t make a smartphone that lasts 20 years would be lacking in competency.

    As for your liability comment. I highly doubt the vendor had any liability or or requirement to support such on old os.

    Captive portals are a messy hack. You do not need a captive portal to supply Wi-Fi in the first place. The suppliers do not advertise “we have a captive portal”. They advertise “Wi-Fi”, which my oldest phone (AOS 2.3) and my Nokia n800 (pre-smartphone) supports out of the box. They still connect to wi-fi today. You might be right that a pusher of forced obsolescence by way of incompetently implemented captive portal can argue in court that their advertising has immunity to old devices, but this won’t fool engineers who know they’ve needlessly drawn an arbitrary line. If the truth-in-advertising outcome would be that their “Wi-Fi” sign has to become “Wi-Fi available only for new phones”, I would be fine with that.

  • cybersecurity @infosec.pub
    coffeeClean @infosec.pub

    Bypassing problematic captive portals. Cafe gives a red padlock; transit svc has broken TLS captive portal, etc…

  • cybersecurity @infosec.pub
    coffeeClean @infosec.pub

    knowing when to trust a login page on a Cloudflare site

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • They’re not at odds. We don’t have to choose between protecting UDHR Art.3 and Art.17. It’s foolish to disregard some portion of the UDHR needlessly and arbitrarily.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • The real problem with @Blaster_M@lemmy.world’s comment was to blame the victim. It may be sensible to blame the victim, but let’s not lose focus on the perp.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • Don’t try to strawman this. Human rights are violated when someone is deprived of their property (their data in the case at hand). If food is withheld from starving people in Gaza, your argument is like saying:

    “Claims human rights are being violated because someone failed to drive a truck”

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • beehaw.org defederated from lemmy.ml. And I don’t blame them. I actually try not to post to lemmy.ml or any of the Cloudflare-centralized nodes (lemmy.world, sh.itjust.works, lemm.ee, etc) but it slipped my mind when I posted here.

    (edit) sorry, i'm confused. I thought beehaw.org defederated from lemmy.ml, but both the post herein and the original are on lemmy.ml yet you can reach this one. So I’m missing something. I wonder if you are able to see infosec.pub-mirrored content and maybe the original community has no infosec subscribers? hard to say.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • You’re very trusting of your corporate overlords. I’m sure they are grateful for your steadfast loyalty and trust.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • No amount of money you pay for your phone up-front will make that malicious code magically go away. You can pay cash, and you can even tip the seller. The code that reduces your control remains in that device. If you don’t control it, you don’t own it.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • If you fail to use rights granted to you by free software licenses, you can blame yourself.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • You’re not getting it. Again:

    If you don’t control it, you don’t own it.

    Buying something does not mean you control it. You might have bought an Amazon Ring doorbell but if Amazon does not like your behavior they can (and will) render it dysfunctional.

    If you don’t control it, you don’t own it.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • I guess a closer analogy would be rental storage. If you don’t pay your mini storage bill, in some regions the landlord will confiscate your property, holding it hostage until you pay. And if that fails, they’ll even auction off your contents.

    So in the case at hand the creditor is holding the debtor’s data hostage. One difference is that the data has no value to the creditor and is not in the creditor’s possession. It would be interesting to know if the contracts in place legally designate the data as the creditor’s property. If not, the data remains the property of the consumer.

    This is covered by human rights law. Universal Declaration of Human Rights, Article 17 ¶2:

    “No one shall be arbitrarily deprived of his property.”

    If the phone user did not sign off on repossession of their data, and thus the data remains their property, then the above-quoted human right is violated in the OP’s scenario.

  • motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    Jump

  • If the creditor wants to collect on a debt, there is a court process for that. I’ve used it. It works.

    Locking the phone is not repossession. It does nothing other than sabotage the device the consumer may need to actually make the payment. The phone remains in the buyer’s possession and useless to the seller.

    Power is also misplaced. What happens when the creditor decides to (illegally) refuse cash payments on the debt? Defaulting is not necessarily the debtor’s fault. This in fact happened to me: Creditor refused my cash payment and dragged me into court for delinquency. Judge ruled in my favor because cash acceptance is an obligation. But this law is being disregarded by creditors all over. If the creditor had the option to sabotage my lifestyle by blocking communication and computing access, it would have been a greater injustice.

    #WarOnCash

  • cybersecurity @infosec.pub
    coffeeClean @infosec.pub

    Detecting a tracker pixel/image in email

  • DeGoogle Yourself @lemmy.ml
    coffeeClean @infosec.pub

    motivation to deGoogle: Creditors can lock your Android remotely if you are delinquent.

    infosec.pub /post/10001262
  • Is this Instance Down? @infosec.pub
    coffeeClean @infosec.pub

    (lemmy) links.hackliberty.org → 502 Bad Gateway

  • Is this Instance Down? @infosec.pub
    coffeeClean @infosec.pub

    (mastodon) infosec.exchange also shooting blanks (browser issue)

  • DeGoogle Yourself @lemmy.ml
    coffeeClean @infosec.pub

    Situations where a Google account is essential -- feedback wanted

  • deGoogle @discuss.tchncs.de
    coffeeClean @infosec.pub

    Situations where a Google account is essential -- feedback wanted

  • Is this Instance Down? @infosec.pub
    coffeeClean @infosec.pub

    (mastodon) ~~catcatnya.com shooting blanks~~ (browser issue)

  • cybersecurity @infosec.pub
    coffeeClean @infosec.pub

    Did protonVPN recently start blocking VOIP?

  • Is this Instance Down? @infosec.pub
    coffeeClean @infosec.pub

    (mastodon) fedi.at down (edit: back up)

  • Privacy @links.hackliberty.org
    coffeeClean @infosec.pub

    (Canada) An M&M vending machine error revealed facial recognition was used to illegally snoop on students (boycott Mars)

  • Is this Instance Down? @infosec.pub
    coffeeClean @infosec.pub

    mamot.fr API down for /some/ people

  • Is this Instance Down? @infosec.pub
    coffeeClean @infosec.pub

    Fedi nodes that always have reduced availability (lemmy.world, sh.itjust.works, zerobytes.monster, lemmy.ca, lemm.ee, programming.dev, lemmy.zip)

  • zerowaste @slrpnk.net
    coffeeClean @infosec.pub

    using coffee to clean grease off your hands -- and for showering