evenwicht

It’s not a binary statement. it’s a measure of proportions. So my statement was factually correct. Cloudflared banks are quite rare in Western Europe, for example. I actually cannot think of any off the top of my head. Step into the US, and credit unions are mostly pawned by Cloudflare. It’s a shit show. Hard to find non-Cloudflared CUs, which is an artifact of shoestring-budget funding.

I heard someone talking about a European bank that was considering using Cloudflare and it was met with protest. The bank backed off the idea. In the US people don’t give a shit.. they don’t even notice. There’s a bit more blind trust for big corps.

Cloudflare is mostly a US thing. Banks outside the US are a bit more competent¹ in this regard. But there are thousands of banks and CUs in the US and I only need one in the end. The problem is the Discover network narrows the choice down to a tiny fraction of banks. So I’m looking for an intersection of two small sets. If I can find one that functions offline and does not charge extra for paper statements that might be good enough.

¹ (edit) Guess I should clarify. A website that has good security does not rely on the crude practice of DoSing based on IP reputation. If an admin believes they can protect a website by using arbitrary guesswork about IP addresses, that’s alarming because the kind of criminals that should be in their threat models as threat agents would be in control of botnets that give them countless normal residential IPs. Use of Cloudflare is a sign of a poorly secured bank because it suggests they don’t have good enough security to protect from malicious traffic regardless of IP address. Also: not my problem. As a non-clearnet user, I am nixing banks that cannot serve me. That means they must either serve Tor users or they must work offline.

I asked them in writing. It will be interesting to see if they comply.

To be clear, the purpose of the post is to understand the law (the forum being !law_us) because I want to fix this problem for everyone not just myself. I believe these digital rights abuses are so rampant because so few people step up to the plate to fix the problem for everyone. Most people just pragmatically fix the problem for themselves and move on. I want to understand the law to get an idea of the legal actionablity so that I can work out whether I have a pathway to force the CU to make their workflow with all customers legally compliant -- which would be a process I can recycle with other similar data abusers (other banks).

I blame Taylor Swift, telling people to “shake, shake, shake it off…” instead of fighting back.

When I visit the opt-out website and it simply prints on the screen “403 Forbidden”. No reason given¹. No recourse given. That is not giving opportunity. When they conceal the URL from some demographics of people, that is also withholding an opportunity to opt-out.

Let’s suppose the opt-out procedure were completely disclosed and fully transparent. Suppose they sent a properly formed email that reveals the opt-out procedure to everyone (inluding those with text-based MUAs). If they were to outright state something like “you must use our preferred network (clearnet, not Tor, not VPN, not CGNAT), you must share your personal IP address with a 3rd party with no expectation of privacy, and you must solve a series of CAPTCHA tests after traversing our cookie wall.” That would still be giving exclusive opportunity. IOW, not everyone has opportunity, just those who are both willing and able to dance for them. When strings are attached to the opt-out, that “opportunity” is conditional. I believe the law would have to specifically state that conditional opportunity is permissable. Otherwise the only valid interpretation of law (IIUC) is that the opportunity be unconditional. Hence my question.

If you believe arbitrarily conditional opportunity is lawful, what’s your limit? What if the procedure requires driving to a remote location, crossing a river with crockodiles, and running through an area with snakes and scorpions in order to reach a form (written in a blend of Mandarin and Apache) that you must fill out requesting an opt-out? Would you still regard that as giving opportunity?

¹ When I say that they are blocking people who are on the Tor network, that is merely my guess. A “403 Forbidden” can manifest for many reasons and in this case the site does not state why a 403 was pushed. But regardless of their undisclosed reason, when they lock someone out of their gate, it is of course denying opportunity to opt out.

Javascript clients aren’t good for that. Lemmy/kbin/mastodon nodes vanish all the time without warning. All your posts: gone. JS has no practical way to integrate local storage, thus no historic content when a server vanishes.

Not to mention as well that web UIs tend to force you to use a mouse, which is a slower workflow.

thanks!

I refuse to do online banking entirely because the websites have become so shitty. And I will not touch non-FOSS smartphone apps. So I only bank offline. And yes, I get screwed because most banks charge a fee for paper statements. So my options are very limited.

If you are offline you can probably still invest and have savings (in the US, not sure about Europe) but I would expect that to be quite costly. I think manual trades with human involvement are like $20 per trade or so in the US. That’s really the most fucked up part of this. If offline consumers had equal rights in terms of pricing, it would be fair enough and the online options would have pressure to be less shitty.

I think it’s hard to find a bank that doesn’t require a phone.

It really depends on where you are. The US has over 6000 banks to choose from, so the highly competitive region somewhat helps. You probably could find some small town rural banks in the US that will open an account without a phone number. In some parts of Europe they insist on having a mobile number. But what some people do not know is EU banks cannot refuse a request for a “basic” bank account. I don’t think all banks offer basic accounts, but when they do, the application form does not even have a field for a phone number. Just name, address, and date of birth.

I’m in a city where the furthest points of the city are reachable in less than 45 min on the bicycle. I took public transport for years. The commute time on public transport was about the same as cycling. This is because cycling is door-to-door. Public transport requires walking to/from the stations on both ends. That walk takes triple the time on foot than on bike. Then you have to wait, and possibly wait again at a transfer point. So that overhead time makes the door-to-door trip the same as cycling. Tram stops are also frequent enough that if I am cycling next to a tram, I pass the tram every time it stops at a stop. The trams average speed side-by-side seems to be only slightly faster than cycling. Also figure that cyclists get more direct routes, one-way streets are two-way to cyclists, and cyclists have traffic immunity and strike immunity.

A 1 hr public transport commute should not be a 2 hr cycle. I’m not sure what crazy circumstance would cause that. Unless you live next to a heavy-rail train with just ~2-3 stops.

If a city is as big as London, then I could see cycling losing the avg race against public transport because the overhead time becomes less significant over long hauls. But you can still control where you work and live to organise your situation to shrink the city, in effect.

I used the proprietary apps for public transport back in my pre-Google boycott days and indeed they were quite useful for last minute changes on unfamiliar routes. Then public transport started blocking Tor which broke their app. But I eventually realised public transport is not the way forward anyway.

I switched to a bicycle (more independance and autonomy, better for the environment, better for health [not just exercise but less viral exposure], much more privacy, and cheaper). So if your travel is in cycling range or you can make it so, it makes more sense to ditch public transport entirely.

Public transport is getting increasingly more privacy hostile. More and more networks refusing cash payments, transitions to SMS tickets, more surveillance & facial recognition, more tracking, and despite all that privacy compromise in the end you are still less safe than cycling due to viruses and the unavoidable possibility of attacks (though that’s city-dependant to some extent.. some cities are rough cycling).

You’re really asking “how much convenience do you need?” Some people are entirely enslaved to what Tim Wu describes as the Tyranny of Convenience.

I am not one of those people. I have ditched Google Playstore which greatly limits what I can do with the phone (and I’m fine with that -- fuck suppliers demanding that I patronise Google). And since I am always around a PC I only use a smartphone for:

• offline navigation with OSMand (hard to give up)
• notes (could give that up easily)
• camera -- to take a pic of store hours posted on a door, occasional QR codes, to capture evidence when a store advertises a different price than they charge at the register, and because there are actually hardware stores that have no posted prices and you need to give the cashier the item number of (e.g.) a pipe fitting so they can ring it up. Also to capture rejection messages from ATM screens because ATMs are not designed well enough to print faults with the receipt printer.
• some (stupidly) high-tech restaurants have no paper menu. Although I prefer to ask staff to borrow their phone to highlight to them the foolishness of their operation. My hardened defensive phone does not even work with most websites and i need to do this anyway.

I struggle to agree in the strict sense of need. But it’s a boiling frog scenario.

Public transport managers have mostly quit offering printed schedules and maps. IMO that’s borderline a violation of human rights (all people are entitled to equal access to public services, and I would consider providing info about public transport to be an indispensible part of that public service). Although in terms of smartphones, you can typically use a PC instead. And inside the stations you often have schedules and maps on the walls. But the bus infrastructure is dicier.

In Germany there are ticket sales with online exclusive pricing. Offline people must pay more for the same trip, or even lose access to some tickets entirely. Although a PC may still be an option there.