Asylum is a legal process. If they follow that process (which begins with claiming asylum), then of course they cease to be illegal immigrants throughout the process.

In fact, borderline human rights compromise is actually a good incentive for people to leave. Would perhaps be good for the country if those in Texas who respect human rights would move from Texas to Pennsylvania for a human rights upgrade (where also the death penalty was repealed).

But I doubt your statement is accurate considering inbound refugees are fleeing from even worse conditions w.r.t. human rights. Refugees still technically have their human right to access emergency medical treatment, they just risk getting harassed and tagged for deportation.

A month ago you would have been wrong. But indeed apparently this just changed:

“Election bets were approved legally just weeks ago, as the 2024 race headed into its home sprint.”

https://www.nbcnews.com/politics/2024-election/election-betting-newly-legal-risks-getting-confused-polls-rcna177880

Question answered in the parent thread:

https://lemmy.sdf.org/comment/15364720

when a server pushes a 403, it still sees the full URL that was attempted.

That’s interesting. It sounds like browsers could be designed smarter. I get “403 Forbidden” chronically in the normal course of web browsing. In principle if a server is going to refuse to serve me, then I want to give the server as little as possible. Shouldn’t Tor browser attempt to reach the landing page of the host first just to check the headers for a 403, then if no 403 proceed to the full URL?

#dataMinimization

I suppose you could even say text-based clients are at a disadvantage because when we opt to render the HTML graphically, a full-blown browser is launched which is likely less hardened than something like whatever profile and engine Thunderbird embeds.

In my case I created a firejailed browser with --net=none so I could hit a certain key binding to launch the neutered browser to render an HTML attachment in a forced-offline context— but I was too fucking lazy to dig up what keys I bound to that which is why I (almost?) got burnt.

Indeed, but what what was logged? Suppose the tracker pixel is something like:

https://www.website.com/uniqueDirForTracking/b1946ac92492d2347c6235b4d2611184.gif

and I visit that URL from Tor. The server at www.website.com can easily log the (useless) Tor IP and timestamp, but does it log the b1946ac92492d2347c6235b4d2611184? I’m not an expert on this which is why I am asking, but with my rough understanding I suspect that transaction might break down to multiple steps:

1. a TLS negotiation just with the www.website.com host
2. if successful, a session cookie may or may not be sent.
3. the “document” (“image”) is fetched by an HTTPGET req (using the cookie, if given).

If the negotiation is blocked by the firewall, does the server ever even see the request for b1946ac92492d2347c6235b4d2611184.gif?

I would indeed be concerned with hosting. But to a lesser extent than email. Email service is gratis & paid for by advertising. The terms of service for email explicitly gives the surveillance advertiser carte blanche on snooping and exploiting email traffic for all it’s worth which is understood by all parties involved.

Hosting service is a paid subscription. Hosting users have the option of controlling their own keys. It is not customary or expected for a web hosting provider to snoop on the traffic they are hosting. Unlike email snooping, I believe it would be a malicious act for a hosting provider to collect data from traffic they host. That said, internal breaches are common, like that of Capitol One data being exfiltrated by an AWS contractor. So it’s not entirely wise to trust MS and Amazon not to snoop on Azure and AWS.

Consider US 3 letter agencies doing their unlawful unwarranted snooping. Because they need to conceal their own snooping activity, they cannot liberally exploit the data they collect. They have to use parallel construction to create a legally plausible scenario by which they obtained the data. This substantially limits how they can use the data and to what extent. I think this is similar to MS’s situation with Azure. How can they use the web traffic data without revealing that they are using it? Not easy. Risks are high. Disgruntled employees tattle on their employers.

You have to decide for yourself where to draw the line. But certainly you’re setting the bar as low as possible if you tolerate email snooping, and a bit higher if you reject email snooping but are not worried about web traffic snooping. A good place to set the bar is to reject email snooping and also reject using their website if hosted by GAFAM or proxied Cloudflare (Cloudflare almost always manages the keys, thus a bit foolish to use lemmy.world).

In the case at hand the prospective insurer blocks Tor, which again means they are demanding more info from me than contractually necessary (my IP address). So I would not use their website regardless of their hosting provider. They will charge a penalty fee for not being paperless.

The insurance company would still likely have your data in a dodgy outsourced cloud space even if you don’t use the website. But in that case control is almost entirely out of your hands. Generally you cannot even be informed about their internal ops. The more out of your control it is, the more liable the insurance company is for misuse. If email traffic to you is abused or misused, you share the blame because you signed up for it by sharing your email address knowing that Outlook traffic is openly surveilled on the table. You willfully feed Microsoft in that case. But when you don’t know how your data is stored for their internal ops, there is nothing you can do and no decision on your part to make.

Every email provider is a surveillance advertiser?

No, the insurance company only uses one email provider, which is Microsoft. Microsoft is a surveillance advertiser.

You have to share personal information with a broker, insurance company, mortgage provider etc.

I don’t have a problem with that. That’s need-to-know and consistent with data minimization. Of course if I don’t trust a particular company with my data I’m not going to pick up the phone and call them in the first place.

Sometimes they ask for too much info. Some brokers ask for more than others. I walk in those cases. I will not authorize a homeowners insurer to check my credit history (only my insurance history).

And your biggest concern is an email?

Of course. Microsoft is a centralized surveillance capitalist who has mastered exploitation of the data it collects to the fullest extent allowed by law, and even beyond that because MS has been caught breaking the law in their exploitation of personal data. It’s reckless and stupid to put a notorious privacy offender like Microsoft in the loop on an insurance deal.

I don’t see how that redeems the insurance company. I find the opposite. This is a reason to resist email and thus serves as a cause to oppose forced email disclosure.

Not sharing sensitive personal information with a surveillance advertiser is an “odd hill to die on”? Really? Yikes… what a low standard of privacy you have (which I suppose is somewhat expected coming from a Cloudflared host).

I don’t think so because it would have to involve deliberate deception. (source)

The first customer to enounter the problem could send a registered letter to the vendor and then a second customer could perhaps later use the 1st customer’s letter to prove the vendor knew about the defect. The vendor would then perhaps try to argue that they did not know a particular customer was vulnerable to the defect. I don’t imagine that the debate could unfold in a chargeback dispute. A bank that is less consumer friendly than what you have in the US and UK would probably say it’s not obvious fraud.

Note as well fraud legally requires 5 components to all be present. I think 3 of them are: deception, someone must profit, someone must be damaged, … and I forgot the other two components.

(edit) I should add that when banks refer to “fraud” they may not be using the legal definition. I think it’s simpler for banks. They might ask “do you recognize the charge?” If yes, they likely don’t treat it as fraud. Of course I am speaking speculatively. I’ve not worked in a bank and a banker might have better answers.

That would indeed be the practical answer assuming he has a credit card with those protections. Credit cards not issued in the US or UK often lack chargeback protections in non-fraud situations.

Note as well that even in the US the chargeback merely moves the money back to the consumer and does not affect legal obligations. If AXS were motivated, they could sue the customer in that case and likely point to a contract that indemnifies them from software defects and incompatibilities.

I think most banks have a threshold where they eat the loss. I did a chargeback once for around ~$20 or 30. Then I found out that the bank’s cost of investigating the chargeback exceeds something like $50, so the bank just takes the hit instead of the merchant. I found that a bit disturbing because a malicious or reckless merchant has no risk on small transactions. But in the case at hand for $200, the bank would likely clawback the money from AXS.

Thanks for the tip. The info would be gone now but I’ll try that next time it happens.

It’s not a balance. About half the web still works from the Tor network. Also, Tor is not a DDoS threat to clearnet sites. There are only a few hundred exit nodes which work as a bottleneck to such attacks. The Tor network itself would suffer before a moderately competent target would fall.

A site calling itself "open data” should obviously be among the half of the world’s websites which function for Tor visitors.

And the fact that it cannot function even as an archive.org mirror, I must say it takes a special talent to be so incapable of being accessible. Most websites are reachable as archives.

Yes, but a scam is normally something that baits someone into a situation they fall prey to. The US credit system is certainly that, but it also exploits unwilling people who have no intent of taking the bait. That is, we cannot opt-out of the credit bureaus collecting data on us even if we try.

I figured the power consumption of multiple parallel decodings would increase but it would be negligable if limited to occur during channel browsing. If you settle on a signal for 2 min, it could revert to 1 channel.

A more crude improvement would be trivial: simply continue playing the previous buffer during the 3 second gap, but update the display instantly to show the user that their command was received and acted on. The 3 second gap could also be a fade-out to give an audible signal that the channel change command is in motion. The linux app “Clementine” does some of this. When you click the stop button, it does not stop the music instantly but does a fade out.

DJs sometimes have to switch to something else quickly with no time to beat match. It’s not a good situation but their method of choice seems to be a rapid cross-fade, as opposed to a sharp and sudden discrete switch. That slight smoothness helps. With a small buffer the two channels could even slow one channel and speed up the other to do an automatic beat match and cross-fade a bit more smoothly. I would not be surprised if there were some FOSS libs that already provide this sort of thing.

(edit) I should note as well that there is one station that has a very low level so you have to double the volume to match any other station. A device that fades during transitions could normalize the level differences without the user even knowing the differences are there.

I’m not sure what data breaches you’re referring to. The data that makes it into the credit file is not generally due to a breach¹. Every “member” of a credit bureau is free to share info with the credit bureau. Those members (which are generally banks, insurance companies, creditors) usually put in their privacy policy some vague verbiage about sharing with credit bureaus.

If you mean breaches of the credit bureau, like what happened with Equifax, I don’t believe a US court would view the breach itself as quantifiable provable damage to every consumer. I think there would only be (court-recognized) damage if the data were actually exploited in a way that costs you money.

¹ Although I say unlawfully exfiltrated data would unlikely make it onto the credit report, I cannot know for certain precisely because the credit bureau conceals the info source. That’s the reason we would want the law enforced. If CRAs were to share the source info, we would be able to separate the sources we have agreements with from those we don’t, and possibly chase up the sources we did not authorize to investigate where the data came from, which very well could have a supply chain that leads to the black market, a ransom attack, etc.

Yeah, I could get some counciling for that problem. Then the invoice from the counselor would be evidence for court. I should probably also buy a CD by Mika, with that song “Relax, Take it Easy” as a destressor. Then bring that receipt to court as well.

update: FWIW, they did not comply to the written request.

I think the law only requires them to comply with opt-out requests when consumers follow the opt-out procedure. Which in my case is a problem.