I would not interact on a centralised Cloudflare node like LW. But I still appreciate your suggestion because it might inspire me to check with some of these decentralised venues:
That looks useful for sure. Not sure what it does as far as direct PC-phone transactions but I think it would help with some of my needs.
It apparently uses a server for a lot of things, but in some cases that will be useful, such as reaching heavily restricted websites.
(edit: I don’t find the phone app.. i wonder if the jar file can run on android)
sideload what, exactly?
To get apps, I usually bring a tor-only laptop into a cafe and download apk files, then later sideload them using adb. But this does nothing to solve the problem I described.
Oh, sorry about the confusion. Indeed I framed it in the context of software we need, then crossposted to relevant groups. I will adjust the title.
I should add that part of the idea is to solicit suggestions from those who have perhaps hacked something together.
It means that for more than 30 days, you’ll be unable to send or receive emails that have to do with that email provider.
I’m not sure how you arrive at that. Whether you file a GDPR Art.77 complaint is independent of how you ultimately decide to reach the other party.
This is not what I would do but this is what most activists would do:
The fact that your webmail provider can reach MS does not obviate your Art.77 complaint.
Personally, I have indeed quit sending email. When I need to reach an MS recipient, I use fax or snail mail and I do not give them an email address, thus forcing them to respond by snail mail. Most people will not elevate ethics above convenience like that, but to each his own.
but not being able to receive them gets really problematic.
That’s a separate matter and it depends on what email address you supply. You can attempt to send from your own server using any email address you want, even an @gmail.com address if that’s your thing. The email address you share with the other party need not be one that associates to your mail server.
I personally do not even share an email address with MS users, so those users can only reach me by postal mail. But of course this move requires a higher level of discipline on your part.
Thanks. That may indeed be a good answer.
I’m confused because it claims to work offline yet it’s also p2p and uses no centralised server. Perhaps mgs queue up until both parties are simultaneously connected at some point? Guess I’ll have to study it more.
Fighting for your rights… with gdpr, yeah, I’m sometimes doing it, but the problem is, sometimes tcompanies fail to respond … and if they take 30 days… or longer to give a response you’re really at a huge loss
Not sure what you mean by being at a huge loss. Filing a GDPR complaint is gratis, by law. It’s indeed typical that data controllers ignore complaints. After 30 days of ignoring your request, you have a sound case for an art.77 complaint. The DPA will also likely do nothing, but you’re not at a loss for complaining. If the DPA decides to simply contact the data controller, they will dance. The case will still go nowhere, but the data controller will respond to the DPAs inquiry, if they make one.
The options (1) use black box, (2) start a tech company, as you presented in the bakery case, is a false dichotomy. Managed open source is the middleground.
It’s a false middleground. It is still taking on the burden of tech knowledge. It’s a true dichotomy, as follows:
① use a black box
② become technical
(or trichotomy if you figure the baker can nix email)
You still have to understand what’s going on in the FOSS box even if it’s managed -- otherwise you are in the same position. The point in being managed is to perform the work you don’t understand. That managed box is still likely to use a Spamhaus gatekeeper or the like which the baker has no clue about. The baker is still unlawfully using AIDM, unwittingly, because he just saw the ad for the managed service saying “spam free” -- thinks that’s good but has no idea what questions to ask or how it can go badly. He could just as well ask the relevant questions to the blackbox provider. Just the same, his business carries on uninformed about GDPR infringement.
BTW, you’re also wrong about managed open source services giving you the needed info, even if the customer is highly technical. I use a managed service of FOSS s/w. I can see the source code that runs on the box but I cannot see how it is installed or configured. The account dashboard I get is nannied subset of control. I can do basic tasks like create users, but I cannot see the backend configs or even an inventory of other software running on the host. There could be all kinds of snooping and shenanigans on that host and I have no way of verifying it. It could be littered with AIDM abuses, but I don’t have a root shell account on that host.
It’s the same problem in the end. The data processors have no legal accountability for the logic that they control. At the same time, they are not even required to disclose the AIDM logic, or even the existence of it, to the data controller. Yet the controller is exclusively liable for what they potentially do not control -- or even have awareness of. This is all still possible if the processor runs a managed open source service.
Exactly: don’t use the black box.
That is not what I said. I never said don’t use it. I said black boxes bring problems that require sensible policy.
Of course it makes sense to use black boxes. Someone running a bakery does not have the competency and resources to deploy an email service. Outsourcing email is the only option that makes the business case viable, unless they discard email entirely, in which case they lose business from customers who insist on emailing orders. From there, all processors are black boxes. There is no email provider who gives you the keys to castle. And even if they did, as a baker you wouldn’t know what you’re looking at anyway. Your choice is, use the black box or get into the tech business.
Not even Microsoft can handle email alone. They outsource to Spamhaus, another black box. And Spamhaus outsources to Cloudflare -- yet another black box.
It’s a black box. You can’t know what you don’t know when the information is concealed. Blackboxes can be tested (we call it blackbox testing). But it is inferior to clearbox testing. It’s too costly and ineffecient to wholly rely on. The giant processor has the resources to disclose their use of AIDM. The micro-controller (as in small data controller) does not have the resources to exhaustively simulate hundreds or thousands of demographics of people. They don’t even have the competency to be aware of all the demographics. It’s guesswork and it’s a non-starter. If the controller had that kind of resources, they would not be outsourcing the first place. Not only is it impractical, it’s also inefficient. To have thousands of small businesses and agencies carry out duplicated tests is an extremely wasteful use of resources and manpower. It just makes no sense. The processor already knows who they discriminate against.
The blackbox testing happens to some extent regardless. But there is no incentive to do the testing before deployment. The shitshow we call /GDPR enforcement/ ensures that data controllers do their testing on the public. Which means people are harmed in the process of testing because it’s cheaper for the controller (who knows their chances are low of getting penalised by DPAs who are up to their necks in 10× the workload they can handle).
They should! That’s the point! They shouldn’t use bad products, regardless of if it’s home made, from a small 3rd party, or a large 3rd party.
Yes they should, but investigative journalists are not a competent way to have that information disclosed. When the processor secretly uses AIDM and conceals that from the controller, holding the controller EXCUSIVELY¹ responsible is reckless because the controller does not have right to inspect the servers and code of the processor. It’s a black box. The GDPR requires processors to disclose a lot of GDPR factors in their contract with the controller. But AIDM is not one of them. It is perfectly legal for a processor to (e.g.) write an algorithm that treats black people different, and not tell the controller. Putting the responsibility on controllers to investigate and discover unlawful practice is not a smart system.
If a restaurant buys nails and puts it in their food, it’s not the nail manufacturer that’s at fault. The argument “but it’s a large nail manufacturer” doesn’t take away one’s own responsibility.
For this analogy to work, the nail mfr would know that the nails are being put in the food. With knowledge comes responsibility. If the nail manufacturer is aware of the misuse, the nail mfr is willfully complicit in the abuse. But also to make the analogy work, the restaurant would have to be also unaware that the nails were ending up in the food (because AIDM is undisclosed in the case that you are trying to make an analogy for).
(update) Europe does not have the machinery to bring thousands of small mom and pop shops into court. It just makes no sense from a logistical standpoint and it’s a non-starter economically. Though I do not oppose controllers having liability. They should retain liability. But processors should also have liability, when you have one giant processor who is the cause of hundreds of thousands of people’s rights being infringed by way of thousands of controllers. To neglect the giant is to fail at data protection.
¹ added that word late! Controllers should be accountable, but not exclusively.
I’m surprised no one mentioned emacs. I’ve not done much with version control lately but back when I was coding at a day job, emacs was king. All the important version control functions are mapped to key bindings and macros.
Emacs functions graphically with a mouse for novices, which makes it good for starting off. Then as you get more advanced you memorise bindings for frequent functions so the mouse slows you down less and less. The default keybindings in emacs have become ubiquitous so e.g. many of the emacs bindings work in BASH and other apps. So when you learn emacs, your knowledge becomes portable outside of emacs.
A lot of the same can be said for vi variants. But that’s mostly it. Editors other than emacs and vi are isolated and less powerful -- though I’ve not really looked hard outside of emacs lately so things may have changed.