debanqued

joined 4 years ago
 

From the linked PDF:

Anyone with a smartphone or other wireless device that supports RTT can make a TTY Relay call. As a result, it is easier for individuals with no communication- related disability to misuse TTY Relay in an attempt to hide their identities or otherwise deceive a called party by communicating through a CA.

  1. To ensure that TTY Relay is used appropriately and efficiently, and to safeguard the TRS Fund from waste, fraud, and abuse, we seek comment below on applying user eligibility, registration, verification, and call detail records requirements to all forms of TRS95—measures that have proven effective in safeguarding other TRS programs. 96 We seek comment on the specific processes for TTY Relay user registration and verification, including the type of documentation or assessment required to confirm eligibility and how to balance ease of access for legitimate users with robust protections against misuse. Are providers able to verify the identity of TTY Relay users at the beginning of calls? Would user registration requirements unduly burden state TRS programs in their support and oversight of intrastate TRS?

54·. User Eligibility, Registration, and Verification Requirements. To ensure that IP STS are used appropriately and efficiently, and to safeguard the TRS Fund from waste, fraud, and abuse, we propose to apply user eligibility, registration, and verification requirements similar to those already in place for IP Relay, VRS, and IP CTS. 137 This would include requiring users to register with a certified provider and undergo a verification process to confirm their identify and location, as well as to certify eligibility as individuals with speech disabilities who require the service for functionally equivalent communication. 138 We seek comment on the specific processes for IP STS user registration and verification, including the type of documentation or assessment required to confirm eligibility and how to balance ease of access for legitimate users with robust protections against misuse.

Yikes. Having my voice recorded by large corporations (e.g. banks), then having to trust the untrustworthy to protect the recording so that it is not used to do AI-driven impersonation -- no thanks. So obviously TTY/RTT services are interesting for non-impaired (hearing) people who want to avoid that exploitation. As we can see from the quote, the FCC intends treat street-wise people as “abusers” for doing common-sense self-defense.

Some people need a Call Assistant (CA) and some do not. Obviously a hearing person does not need a human CA. We can simply do a straight text chat in both directions. Having a needless MitM is where the waste is. I’ve read that IP relays need a CA, but it’s not clear why that would necessarily be the case for everyone.

Interesting to note that the FCC cares to protect the privacy of the hearing/speech-impaired /to some extent/:

  1. Provision of a Muting Option. The Commission currently requires STS providers to offer the user the option of having their voice muted so that the other party to the call would only hear the STS CA re-voicing the call, and not also the voice of the STS user. This feature serves to minimize disruption to the conversational flow and potentially enhance the privacy and comfort of the STS user.

Nice, but in the end the FCC (who blocks Tor) is privacy-hostile motherfuckers:

  1. Extending User Registration and Verification Requirements

  2. While Internet-based TRS users are subject to various registration and verification requirements, analog TRS, such as TTY Relay, CTS, and STS, currently lack comparable mandated user registration and centralized verification processes. To further strengthen the integrity and oversight of the entire TRS program and build upon the recognized benefits of a user registration database, we propose to extend comprehensive user registration and verification requirements to all forms of TRS, including these analog services and any future Internet-based forms of TRS. This expansion is crucial to ensuring that all services supported by the TRS Fund operate with enhanced accountability and to combat waste, fraud, and abuse program-wide. Such a measure would allow the Commission to gather complete and accurate data on service demand and utilization across the entire TRS landscape. We seek comprehensive comment on the feasibility, costs, and benefits of extending user registration and verification requirements to all forms of TRS. Commenters should detail any unique technical or operational challenges for specific services (e.g., TTY Relay, STS, CTS, or IP Relay, or proposed IP STS and RTT- based relay service), and identify the specific types of data that would be most relevant and least burdensome for the providers to collect and submit. We also solicit input on how current user registration data elements might apply or need modification for these services, and the timeframe for implementation.

  3. TRS providers seeking compensation from the TRS Fund must submit Call Detail Records (CDRs) to the TRS Fund administrator for each call for which compensation is sought.

 

cross-posted from: https://beehaw.org/post/27156738

I have been relying on quite poor VOIP service to place calls to large orgs that have call centers. The voice quality was lousy and recently my VOIP provider screwed something up and the service became broken.

I am not hearing-impaired but I think TTY might solve my problem. If I need to call a large org/agency that is likely TTY-capable, is this possible without some kind of service? In principle, shouldn’t I be able to connect to a bank or something without using any kind of subscription service? Linux, gnu screen, ssh, a terminal, Internet should be all I need, no?

My searches for TTY either yields results about how deaf people can use dedicated hardware or a Telecommunications Relay Service (“TRS”) -- or the search results are about /dev/tty* which is just a UI for sending commands to a command interpreter (apparently not a human). There are claims that all iPhones and /some/ Androids can do TTY. But doesn’t that still rely on phone service? I prefer NOT to use a phone or phone service.

This question has no answers, but it’s along the lines of what I need. There is this Zapata thing but that project has had no status since 2004.

Update

After more looking, it seems an “IP-TTY” relay service is needed for this situation. Searches so far lead to services that want to force a proprietary app on you, which only works on proprietary platforms.

 

I have been relying on quite poor VOIP service to place calls to large orgs that have call centers. The voice quality was lousy and recently my VOIP provider screwed something up and the service became broken.

I am not deaf but I think TTY might solve my problem. If I need to call a large org/agency that is likely TTY-capable, is this possible without some kind of service? In principle, shouldn’t I be able to connect to a bank or something without using any kind of subscription service? Linux, gnu screen, ssh, a terminal, Internet should be all I need, no?

My searches for TTY either yields results about how deaf people can use dedicated hardware or a Telecommunications Relay Service (“TRS”) -- or the search results are about /dev/tty* which is just a UI for sending commands to a command interpreter (apparently not a human). There are claims that all iPhones and /some/ Androids can do TTY. But doesn’t that still rely on phone service? I prefer NOT to use a phone or phone service.

This question has no answers, but it’s along the lines of what I need. There is this Zapata thing but that project has had no status since 2004.

Update

After more looking, it seems an “IP-TTY” relay service is needed for this situation. Searches so far lead to services that want to force a proprietary app on you.

[–] debanqued@beehaw.org 2 points 6 days ago

Exactly. Most local banks outsource to bigger evil corps (visa and m/c) for the network. American Express is smaller but it’s a hard-right corp ethically worse than visa and m/c.

A long time ago there was a scarce handful of small banks (like <10 nationwide) who used the Discover/Diner's club network but that has shrunk to like 1 or 2 banks IIRC.

 

The sad reality is that POTS is dying. The upside of this is that in principle we don’t need a VOIP provider, right? We should be able to run our own SIP server and place a call to another SIP user without using a POTS line -- thus w/out a subscription to a service. SIP addresses look like email addresses.

The problem is, IIUC, I have no way of knowing the SIP address for my bank. I only have their phone number. Is there a way around this? Is there a way to obtain the underlying VOIP address for a phone number?

[–] debanqued@beehaw.org 2 points 1 week ago* (last edited 1 week ago)

Cash is very much still a thing for Germany.

Indeed Germany is a cash strong-hold. But the German system is fragile. When cash is refused by a German company, the enforcement authorities are looking the other way. There is also no German ombudsman to appeal to, so without accountability enforcement agencies have no incentive to act. The only thing currently enabling cash to persist in Germany is the capitalistic drive to serve customers who like cash -- which is almost sufficient today but it’s a downward trend worldwide. So cash will die in Germany as soon as a large enough portion of consumers quit caring. I think the tipping point is not far off. It’s just a matter of a few elderly folks dying off.

Many online stores allow you to do bank transfers to pay for products.

Okay, but Discovercard is a US institution with very little acceptance outside the US. Americans never have a bank transfer option for online purchases. Most Americans don’t even have an IBAN. Only 7 banks in the US have an IBAN themselves (out of ~2000 banks). So of the ~1993 or so banks some get an agreement with one of the 7 banks to borrow their SWIFT access. It’s quite messy and the fees are absurd. Because the money goes via 3rd party, the comment field is used for critical information about the ultimate beneficiary.

[–] debanqued@beehaw.org 1 points 1 week ago (1 children)

BBB typically facilitates comms in these cases. Indeed I have never gotten a BBB-inspired remedy from a quite large corporation. But large corps almost always respond to the BBB in my experience. It’s useful in the very least to force a corporation to talk. That talk can be used against them in court or presented to an attorney general.

I would rather have BBB compel a corp to talk than to lick Elon’s boots. Compared to Yelp and Twitter, BBB is the lesser of evils.

[–] debanqued@beehaw.org 0 points 1 week ago* (last edited 1 week ago)

BBB is a scam, they extort companies to pay them to remove stuff basically. Not very helpful for consumer reference if companies can pay for a good profile.

It is true about the extortion-based mud-cleanup shady way of operating. But from a consumer standpoint they still get results often enough. I’ve experienced it 1st hand w/many complaints I’ve filed with different BBB agencies. I’ve experienced roughly an even distribution of these outcomes:

  1. the business confesses, apologizes, and makes the situation right. The complaint pays off 100% (and it costed nothing back when fax numbers worked).
  2. the business responds defensively, refuses to remedy the problem. In some of these cases BBB spanks them with a bad score. In other cases BBB plays the deadbeat and does nothing. Which way it goes depends to a notable extent on the bribe money from the merchant to BBB. Even when the bribe works and the company gets off despite wrongdoing, at least they still have the hidden penalty of paying the bribe.
  3. the business ignores the BBB. This should always be automatic condemnation and an extra poor score. But in reality sometimes BBB is just fucking lazy themselves.
  4. BBB does not even accept the complaint and the merchant is not even contacted. This is the most infurating and unjust scenario. Some BBB agencies are anti-consumer. In principle, this is still not an entire loss because there is a potential shred of justice in going to the press to embarrass the BBB.

Perhaps you have a quite high bar with high expectations. For me, if BBB forces a silent merchant to talk, that’s already sufficient progress to justify the complaint. Communication is half the battle.

 

I’ve been on a maddening search for a VOIP provider. Everything I find either blocks tor or blocks VPNs. Are we stuffed?

 

Recall my previous post when the threat was emerging a couple years ago. Now that shit has played out. Now Discovercard customers are served by a much bigger scumbag.

It’s also a practical problem. The hand-off was apparently incompetently executed so now I have suppliers harassing me because the Discovercard they have on file quit working. And it looks like Cap One wants to stuff their app and shit down our throats. Fuck me if that’s true.

Around a decade prior the Japanese network (JCB) pulled out of the US. So no quasi-ethical refuge.

 

Several years ago BBB’s website became Tor-hostile. This forced privacy-minded people to rely on analog methods for complaint submissions.

Fax was our refuge, until just recently. BBB agencies have been dropping their fax numbers. So we are increasingly forced to resort to snail mail, which is slow and increasingly costly particularly for anyone abroad.

What’s left? I won’t touch Yelp. Fuck those incompetent anti-tor motherfuckers. Yelp cannot be taken seriously with the massive sewer of false reports they publish without regard to credibility.

 

I was very tempted to call this asshole design but I suppose it’s most likely simply incompetence.

Their website is access restricted, they use Google for email which is both controversial and access restricted, and they have no fax. They were not smart enough to make outbound calls at least work for customer service.

So, I’m fucked.

Can anyone recommed a pay-as-you-go/prepaid VOIP provider for making low-volume infrequent calls in the US? I do not need a DID (a phone number).. I just need to occasionally make an outboud call. It’s strangely very hard to find a VOIP provider for this purpose.

[–] debanqued@beehaw.org 1 points 10 months ago

Fighting for your rights… with gdpr, yeah, I’m sometimes doing it, but the problem is, sometimes tcompanies fail to respond … and if they take 30 days… or longer to give a response you’re really at a huge loss

Not sure what you mean by being at a huge loss. Filing a GDPR complaint is gratis, by law. It’s indeed typical that data controllers ignore complaints. After 30 days of ignoring your request, you have a sound case for an art.77 complaint. The DPA will also likely do nothing, but you’re not at a loss for complaining. If the DPA decides to simply contact the data controller, they will dance. The case will still go nowhere, but the data controller will respond to the DPAs inquiry, if they make one.

[–] debanqued@beehaw.org 1 points 10 months ago* (last edited 10 months ago)

The options (1) use black box, (2) start a tech company, as you presented in the bakery case, is a false dichotomy. Managed open source is the middleground.

It’s a false middleground. It is still taking on the burden of tech knowledge. It’s a true dichotomy, as follows:

① use a black box
② become technical

(or trichotomy if you figure the baker can nix email)

You still have to understand what’s going on in the FOSS box even if it’s managed -- otherwise you are in the same position. The point in being managed is to perform the work you don’t understand. That managed box is still likely to use a Spamhaus gatekeeper or the like which the baker has no clue about. The baker is still unlawfully using AIDM, unwittingly, because he just saw the ad for the managed service saying “spam free” -- thinks that’s good but has no idea what questions to ask or how it can go badly. He could just as well ask the relevant questions to the blackbox provider. Just the same, his business carries on uninformed about GDPR infringement.

BTW, you’re also wrong about managed open source services giving you the needed info, even if the customer is highly technical. I use a managed service of FOSS s/w. I can see the source code that runs on the box but I cannot see how it is installed or configured. The account dashboard I get is nannied subset of control. I can do basic tasks like create users, but I cannot see the backend configs or even an inventory of other software running on the host. There could be all kinds of snooping and shenanigans on that host and I have no way of verifying it. It could be littered with AIDM abuses, but I don’t have a root shell account on that host.

It’s the same problem in the end. The data processors have no legal accountability for the logic that they control. At the same time, they are not even required to disclose the AIDM logic, or even the existence of it, to the data controller. Yet the controller is exclusively liable for what they potentially do not control -- or even have awareness of. This is all still possible if the processor runs a managed open source service.

[–] debanqued@beehaw.org 1 points 10 months ago* (last edited 10 months ago) (2 children)

Exactly: don’t use the black box.

That is not what I said. I never said don’t use it. I said black boxes bring problems that require sensible policy.

Of course it makes sense to use black boxes. Someone running a bakery does not have the competency and resources to deploy an email service. Outsourcing email is the only option that makes the business case viable, unless they discard email entirely, in which case they lose business from customers who insist on emailing orders. From there, all processors are black boxes. There is no email provider who gives you the keys to castle. And even if they did, as a baker you wouldn’t know what you’re looking at anyway. Your choice is, use the black box or get into the tech business.

Not even Microsoft can handle email alone. They outsource to Spamhaus, another black box. And Spamhaus outsources to Cloudflare -- yet another black box.

 

Ireland has their own data protection act which largely mirrors the GDPR. I first have to wonder why. Why rewrite an EU regulation, if not to do something twisted? IIUC, Ireland is part of the EU thus automatically obligated to enforce the full GDPR as-is. (Unlike Great Britain, who left the union but decided voluntarily to keep the GDPR, so they had to mirror it and rewrite some parts that are irrelevant to an EU outsider). Or is Ireland somehow outside the EU too, yet with the Euro?

Art.18, the right to restriction of processing, has been expanded from a ½ page to several pages full of loopholes and exceptions watered down to the point of data subjects not really getting this right.

Art.21, the right to object, has been torn out completely (not mirrored at all), but there is a blurb about removing the right to object specifically giving policians an exemption on election matters, and postal service matters.

If they add a restriction on the right and say nothing more on it, then I suppose that implies the art.21 right is otherwise in force, correct? It’s bizarre because other GDPR sections have been redundantly rewritten to very similarly reflect the GDPR. So I’m trying to make sense of what it means when redundancy is in place sometimes and not others. And what happens when a redundant section of code has a silent omission with no language to explicitly state intent to dishonor the omitted part.

There are some peculiar omissions from the duty of data processors as well.

I have not read it completely but I did not notice any Irish law that strengthens data protection. I only see shenanigans that work against data subjects.

Is it fair to say that tech giants love Ireland and put their HQ there for tax purposes, where the EU’s version of Silicon Valley is expected to be established, which then effectively pressures Ireland to weaken the GDPR as much as possible to maintain that attraction?

[–] debanqued@beehaw.org 1 points 10 months ago* (last edited 10 months ago) (4 children)

It’s a black box. You can’t know what you don’t know when the information is concealed. Blackboxes can be tested (we call it blackbox testing). But it is inferior to clearbox testing. It’s too costly and ineffecient to wholly rely on. The giant processor has the resources to disclose their use of AIDM. The micro-controller (as in small data controller) does not have the resources to exhaustively simulate hundreds or thousands of demographics of people. They don’t even have the competency to be aware of all the demographics. It’s guesswork and it’s a non-starter. If the controller had that kind of resources, they would not be outsourcing the first place. Not only is it impractical, it’s also inefficient. To have thousands of small businesses and agencies carry out duplicated tests is an extremely wasteful use of resources and manpower. It just makes no sense. The processor already knows who they discriminate against.

The blackbox testing happens to some extent regardless. But there is no incentive to do the testing before deployment. The shitshow we call /GDPR enforcement/ ensures that data controllers do their testing on the public. Which means people are harmed in the process of testing because it’s cheaper for the controller (who knows their chances are low of getting penalised by DPAs who are up to their necks in 10× the workload they can handle).

[–] debanqued@beehaw.org 1 points 10 months ago* (last edited 10 months ago) (6 children)

They should! That’s the point! They shouldn’t use bad products, regardless of if it’s home made, from a small 3rd party, or a large 3rd party.

Yes they should, but investigative journalists are not a competent way to have that information disclosed. When the processor secretly uses AIDM and conceals that from the controller, holding the controller EXCUSIVELY¹ responsible is reckless because the controller does not have right to inspect the servers and code of the processor. It’s a black box. The GDPR requires processors to disclose a lot of GDPR factors in their contract with the controller. But AIDM is not one of them. It is perfectly legal for a processor to (e.g.) write an algorithm that treats black people different, and not tell the controller. Putting the responsibility on controllers to investigate and discover unlawful practice is not a smart system.

If a restaurant buys nails and puts it in their food, it’s not the nail manufacturer that’s at fault. The argument “but it’s a large nail manufacturer” doesn’t take away one’s own responsibility.

For this analogy to work, the nail mfr would know that the nails are being put in the food. With knowledge comes responsibility. If the nail manufacturer is aware of the misuse, the nail mfr is willfully complicit in the abuse. But also to make the analogy work, the restaurant would have to be also unaware that the nails were ending up in the food (because AIDM is undisclosed in the case that you are trying to make an analogy for).

(update) Europe does not have the machinery to bring thousands of small mom and pop shops into court. It just makes no sense from a logistical standpoint and it’s a non-starter economically. Though I do not oppose controllers having liability. They should retain liability. But processors should also have liability, when you have one giant processor who is the cause of hundreds of thousands of people’s rights being infringed by way of thousands of controllers. To neglect the giant is to fail at data protection.

¹ added that word late! Controllers should be accountable, but not exclusively.

[–] debanqued@beehaw.org 1 points 11 months ago* (last edited 11 months ago)

Depends on how you define the goal. It’s not going to work like magic, all in one motion. Indeed you are right that the DPAs are not going to take remedial action on the spot. The DPAs ignore most cases that get filed by individuals no matter how solid the law and evidence is.

After dealing with deadbeat DPAs, I’ve lowered my expectations quite a bit. The DPA cannot legally ignore the complain wholly. They must file it and acknowledge it. Then they will ignore it, sure. For me, it’s about getting the valid complaint on record. Then it gets reported in the stats and metrics in annual reports and the 4-year report that the EDPB prepares for the Commission. It helps add to the collossal embarrassment of DPA inaction.

[–] debanqued@beehaw.org 1 points 11 months ago* (last edited 11 months ago)

Indeed it may very well be in vain to file an article 77 complaint. I am saying you might as well do it, if you have the urge and the time. It is gratis. Technically the DPA must accept the complaint and file it. The reality is they will do that much but then the case will rot.

From there, I’m not sure it’s entirely useless. If you file an art.77 complaint against Google and it gets mothballed, then the DPA has another case against Google for another reason, perhaps they will add the art.22 reports into the mix.

I also think the reports are tracked for metrics and stats. By filing a complaint, you add to the overall stats which will add to the embarrassment of GDPR inaction by the DPAs who will look bad in the face of the EU eval every 4 yrs. Perhaps it would have the effect of increasing figures that prove the DPAs need more resources. If you don’t file a complaint, they don’t even know there is a problem. So it’s about getting light on a problem not necessarily going as far as to fix it.

Some folks are happy to take the art.78 route and directly sue. I heard a Brit say he does that. Costs him £50 or something which he does not get back, but for him it’s worth the satisfaction of getting a symbolic win.

[–] debanqued@beehaw.org 1 points 11 months ago* (last edited 11 months ago) (8 children)

Yes, but I think you’ve missed the point. Indeed one course of action is to file a GDPR complaint against the small controller to force them to change suppliers. But note that GDPR penalties are limited to 4% of revenue and if the controller is a gov agency I don’t even know what determines the penalty. I have also noticed a reluctance of DPAs to act on complaints against other gov agencies.

When the processor is a tech giant Google, Microsoft, or Cloudflare, the AIDM abuse is centralised on them. There are thousands of small businesses and small gov agencies using the services of MACFANG (the various tech giants). It’s a bit misguided to put accountability on each small business who does not even necessarily know the processor they outsourced to uses unlawful AIDM. It would be far more sensible to hit Microsoft or Cloudflare with the liability rather than have a separate article 77 complaint against all the small users.

 

cross-posted from: https://beehaw.org/post/21500261

If you’re not in Europe, move along. You’re stuffed and this thread can’t¹ help you.

European email self hosters--

Tech giants screw self-hosters over by crudely blocking email on the sole basis of IP address (e.g. if the IP is residential). Before 2016, we were as fucked as everyone (in fact worse b/c European ISPs tend to block² egress port 25).

Post 2016, we have the GDPR which has an Article 22 that gives us rights against Automated Individual Decision Making. It has become unlawful to profile people on a crude discriminatory basis without human intervention. The motherfuckers “predict” that you’re a baddy/spammer based on your personal information, which wholly consists of nothing more than your IP address. It’s as unsophisticated and prejudiced as it gets. They’re not using anything intelligent like spamassassin (as the cheap bastards want to save money for their greedy shareholders by reducing processing power at your expense).

Why let them get away with it? And unless you’re a boot-licker, you don’t dance for them either. Well, to some extent you may have to implement DKIM, SPF, DMARC, etc, but it’s debatable. Either way, you do you, and if in the end MS or Google or whatever imperial tech giant empire blocks you from sending email to their server on the blunt basis of your IP address, consider filing an Art.77 complaint to the relevant DPA citing Art.22 violations.

¹ Exceptionally, some non-EU regions have created their own variant of the GDPR like Brazil and some US states (e.g. CCPA in California). But AFAIK, they are all very watered down, weak and mostly useless. Just there for show. I don’t imagine that Art.22 sentiment has been adopted outside of Europe but plz correct me if I am wrong.
² If egress port 22 is blocked by your ISP, then you’re probably fucked anyway but there are some tricks to get the block disabled (free and non-free).

 

cross-posted from: https://beehaw.org/post/21500261

If you’re not in Europe, move along. You’re stuffed and this thread can’t¹ help you.

European email self hosters--

Tech giants screw self-hosters over by crudely blocking email on the sole basis of IP address (e.g. if the IP is residential). Before 2016, we were as fucked as everyone (in fact worse b/c European ISPs tend to block² egress port 25).

Post 2016, we have the GDPR which has an Article 22 that gives us rights against Automated Individual Decision Making. It has become unlawful to profile people on a crude discriminatory basis without human intervention. The motherfuckers “predict” that you’re a baddy/spammer based on your personal information, which wholly consists of nothing more than your IP address. It’s as unsophisticated and prejudiced as it gets. They’re not using anything intelligent like spamassassin (as the cheap bastards want to save money for their greedy shareholders by reducing processing power at your expense).

Why let them get away with it? And unless you’re a boot-licker, you don’t dance for them either. Well, to some extent you may have to implement DKIM, SPF, DMARC, etc, but it’s debatable. Either way, you do you, and if in the end MS or Google or whatever imperial tech giant empire blocks you from sending email to their server on the blunt basis of your IP address, consider filing an Art.77 complaint to the relevant DPA citing Art.22 violations.

¹ Exceptionally, some non-EU regions have created their own variant of the GDPR like Brazil and some US states (e.g. CCPA in California). But AFAIK, they are all very watered down, weak and mostly useless. Just there for show. I don’t imagine that Art.22 sentiment has been adopted outside of Europe but plz correct me if I am wrong.
² If egress port 22 is blocked by your ISP, then you’re probably fucked anyway but there are some tricks to get the block disabled (free and non-free).

 

If you’re not in Europe, move along. You’re stuffed and this thread can’t¹ help you.

European email self hosters--

Tech giants screw self-hosters over by crudely blocking email on the sole basis of IP address (e.g. if the IP is residential). Before 2016, we were as fucked as everyone (in fact worse b/c European ISPs tend to block² egress port 25).

Post 2016, we have the GDPR which has an Article 22 that gives us rights against Automated Individual Decision Making. It has become unlawful to profile people on a crude discriminatory basis without human intervention. The motherfuckers “predict” that you’re a baddy/spammer based on your personal information, which wholly consists of nothing more than your IP address. It’s as unsophisticated and prejudiced as it gets. They’re not using anything intelligent like spamassassin (as the cheap bastards want to save money for their greedy shareholders by reducing processing power at your expense).

Why let them get away with it? And unless you’re a boot-licker, you don’t dance for them either. Well, to some extent you may have to implement DKIM, SPF, DMARC, etc, but it’s debatable. Either way, you do you, and if in the end MS or Google or whatever imperial tech giant empire blocks you from sending email to their server on the blunt basis of your IP address, consider filing an Art.77 complaint to the relevant DPA citing Art.22 violations.

¹ Exceptionally, some non-EU regions have created their own variant of the GDPR like Brazil and some US states (e.g. CCPA in California). But AFAIK, they are all very watered down, weak and mostly useless. Just there for show. I don’t imagine that Art.22 sentiment has been adopted outside of Europe but plz correct me if I am wrong.
² If egress port 22 is blocked by your ISP, then you’re probably fucked anyway but there are some tricks to get the block disabled (free and non-free).

view more: next ›