Asylum is a legal process. If they follow that process (which begins with claiming asylum), then of course they cease to be illegal immigrants throughout the process.
In fact, borderline human rights compromise is actually a good incentive for people to leave. Would perhaps be good for the country if those in Texas who respect human rights would move from Texas to Pennsylvania for a human rights upgrade (where also the death penalty was repealed).
But I doubt your statement is accurate considering inbound refugees are fleeing from even worse conditions w.r.t. human rights. Refugees still technically have their human right to access emergency medical treatment, they just risk getting harassed and tagged for deportation.
A month ago you would have been wrong. But indeed apparently this just changed:
“Election bets were approved legally just weeks ago, as the 2024 race headed into its home sprint.”
Texas hospitals must now ask patients whether they're in the US legally.
Critics fear the change could scare people away from hospitals in Texas, even though patients are not required to answer the questions to receive medical care.
So here’s a repugnant move by right-wing assholes. Taxans: you can counter that shit. If a hospital asks you whether you are in the country legally, instead of saying “yes” the right answer is “I decline to answer”. Don’t give the dicks their stats.
Anyone short-selling pro-Trump stocks?
According to BBC World News, the stocks in the US that are expected to do well under Trump are surging. I think those stocks are surely over-valued. Their value will be corrected after Trump loses.
In the US it’s illegal to bet on elections(see update), but betting on the stock market is fair game. I would love it if the some short-sellers would exploit this situation.
(update) It’s now legal to bet on elections in the US, as of a few weeks ago
edits silently discarded → data loss; stock front-end is buggy in general
I’ve noticed this problem on infosec.pub as well. If I edit a post and submit, the form is accepted but then the edits are simply scrapped. When I re-review my msg, the edits did not stick. This is a very old Lemmy bug I think going back over a year, but it’s bizarre how it’s non-reproducable. Some instances never have this problem but sdf and infosec trigger this bug unpredictably.
0.19.3 is currently the best Lemmy version but it still has this bug (just as 0.19.5 does). A good remedy would be to install an alternative front end, like alexandrite.
nationbuilder.com blocks Tor, yet no one is exposing this anti-democratic issue. More activists needed!
Political parties around the world have flocked to nationbuilder.com for some reason. This tor-hostile Cloudflare site is blocking Tor users from accessing election info. This kind of sloppy lazy web administration is common.
But what’s a bit disturbing is that when I contact a political party to say I cannot reach their page because of the nationbuilder block page, they sound surprised, like it’s the first time they are hearing about web problems. So Tor users are lazy too. That’s the problem.
Question answered in the parent thread:
https://lemmy.sdf.org/comment/15364720
when a server pushes a 403, it still sees the full URL that was attempted.
That’s interesting. It sounds like browsers could be designed smarter. I get “403 Forbidden” chronically in the normal course of web browsing. In principle if a server is going to refuse to serve me, then I want to give the server as little as possible. Shouldn’t Tor browser attempt to reach the landing page of the host first just to check the headers for a 403, then if no 403 proceed to the full URL?
#dataMinimization
I suppose you could even say text-based clients are at a disadvantage because when we opt to render the HTML graphically, a full-blown browser is launched which is likely less hardened than something like whatever profile and engine Thunderbird embeds.
In my case I created a firejailed browser with --net=none so I could hit a certain key binding to launch the neutered browser to render an HTML attachment in a forced-offline context--- but I was too fucking lazy to dig up what keys I bound to that which is why I (almost?) got burnt.
Indeed, but what what was logged? Suppose the tracker pixel is something like:
https://www.website.com/uniqueDirForTracking/b1946ac92492d2347c6235b4d2611184.gif
and I visit that URL from Tor. The server at www.website.com can easily log the (useless) Tor IP and timestamp, but does it log the b1946ac92492d2347c6235b4d2611184? I’m not an expert on this which is why I am asking, but with my rough understanding I suspect that transaction might break down to multiple steps:
- a TLS negotiation just with the
www.website.comhost - if successful, a session cookie may or may not be sent.
- the “document” (“image”) is fetched by an HTTPGET req (using the cookie, if given).
If the negotiation is blocked by the firewall, does the server ever even see the request for b1946ac92492d2347c6235b4d2611184.gif?
Just dodged a tracker pixel (I think) -- thanks to a test-based mail client and Tor
Tracker pixels are surprisingly commonly used by legitimate senders… your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts). I use a text-based mail client in part for this reason. ...
cross-posted from: https://lemmy.sdf.org/post/24375297
> Tracker pixels are surprisingly commonly used by legitimate senders.. your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts). > > I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought.. a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that. Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?
Just dodged a tracker pixel (I think) -- thanks to a text-based mail client and Tor
Tracker pixels are surprisingly commonly used by legitimate senders.. your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts).
I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought.. a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that.
Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?
To what extent does AAA fund pro-car lobbyists? Is AAA overall harmful?
A home insurance policy offers a discount to AAA members. The discount is the same amount as the cost of membership. I so rarely use a car or motorcycle that I would not benefit significantly from a roadside assistence plan. I cycle. But there are other discounts for AAA membership, like restaurant discounts. So my knee-jerk thought was: this is a no-brainer… I’m getting some benefits for free, in effect, so it just makes sense to get the membership.
Then I dug into AAA a bit more. The wiki shows beneficial and harmful things AAA has done. From the wiki, these points stand out to me:
AAA blamed pedestrians for safety problems
“As summarized by historian Peter Norton, "[AAA] and other members of motordom were crafting a new kind of traffic safety effort[. ...] It claimed that pedestrians were just as responsible as motorists for injuries and accidents. It ignored claims defending the historic rights of pedestrians to the streets—in the new motor age, historic precedents were obsolete.”
AAA fights gasoline tax
“Skyrocketing gas prices led AAA to testify before three Congressional committees regarding increased gasoline prices in 2000, and to lobby to prevent Congress from repealing parts of the federal gasoline tax, which would have reduced Highway Trust Fund revenue without guaranteeing consumers any relief from high gas prices.”
AAA fights mass transit
“Despite its work promoting environmental responsibility in the automotive and transportation arenas, AAA's lobbying positions have sometimes been perceived to be hostile to mass transit and environmental interests. In 2006, the Automobile Club of Southern California worked against Prop. 87. The proposition would have established a "$4 billion program to reduce petroleum consumption (in California) by 25 percent, with research and production incentives for alternative energy, alternative energy vehicles, energy efficient technologies, and for education and training."”
(edit) AAA fights for more roads and fought against the Clean Air Act
Daniel Becker, director of Sierra Club's global warming and energy program, described AAA as "a lobbyist for more roads, more pollution, and more gas guzzling."[86] He observed that among other lobbying activities, AAA issued a press release critical of the Clean Air Act, stating that it would "threaten the personal mobility of millions of Americans and jeopardize needed funds for new highway construction and safety improvements."[86] "AAA spokespeople have criticized open-space measures and opposed U.S. EPA restrictions on smog, soot, and tailpipe emissions."[87] "The club spent years battling stricter vehicle-emissions standards in Maryland, whose air, because of emissions and pollution from states upwind, is among the nation's worst."[88] As of 2017, AAA continues to lobby against public transportation projects.
Even though the roadside assistence is useless to me, the AAA membership comes with 2 more memberships. So I could give memberships to 2 family members and they would benefit from it. But it seems I need to drop this idea. AAA seems overall doing more harm than good.
AAA is a *federation*:
It’s interesting to realize that AAA is not a single org. It is a federation of many clubs. Some states have more than one AAA club. This complicates the decision a bit because who is to say that specific club X in state Y spent money fighting the gas tax or fighting mass transit? Is it fair to say all clubs feed money to the top where federal lobbying happens?
(edit) And doesn’t it seem foolish to oppose mass transit even from the selfish car driver standpoint? If you drive a car, other cars are in your way slowing you down and also increasing your chances of simultaneously occupying the same space (crash). Surely you would benefit from others switching from car to public transport to give you more road space. It seems to me the anti mass transit move is AAA looking after it’s own interest in having more members paying dues.
Will AAA go the direction of the NRA?
Most people know the NRA today as an evil anti gun control anti safety right wing org. It was not always that way. The NRA used to be a genuine force of good. It used to truly advocate for gun safety. Then they became hyper politicized and perversely fought for gun owner rights to the extreme extent of opposing gun safety. I wonder if AAA might take the same extreme direction as NRA, as urban planners increasingly come to their senses and start to realize cars are not good for us. Instead of being a force of saftey, AAA will likely evolve into an anti safety org in the face of safer-than-cars means of transport. (Maybe someone should start a counter org called “Safer than Cars Alliance” or “Better than Cars Alliance”)
I also noticed most AAA club’s websites block Tor. So the lack of privacy respect just made my decision to nix them even easier.
I would indeed be concerned with hosting. But to a lesser extent than email. Email service is gratis & paid for by advertising. The terms of service for email explicitly gives the surveillance advertiser carte blanche on snooping and exploiting email traffic for all it’s worth which is understood by all parties involved.
Hosting service is a paid subscription. Hosting users have the option of controlling their own keys. It is not customary or expected for a web hosting provider to snoop on the traffic they are hosting. Unlike email snooping, I believe it would be a malicious act for a hosting provider to collect data from traffic they host. That said, internal breaches are common, like that of Capitol One data being exfiltrated by an AWS contractor. So it’s not entirely wise to trust MS and Amazon not to snoop on Azure and AWS.
Consider US 3 letter agencies doing their unlawful unwarranted snooping. Because they need to conceal their own snooping activity, they cannot liberally exploit the data they collect. They have to use parallel construction to create a legally plausible scenario by which they obtained the data. This substantially limits how they can use the data and to what extent. I think this is similar to MS’s situation with Azure. How can they use the web traffic data without revealing that they are using it? Not easy. Risks are high. Disgruntled employees tattle on their employers.
You have to decide for yourself where to draw the line. But certainly you’re setting the bar as low as possible if you tolerate email snooping, and a bit higher if you reject email snooping but are not worried about web traffic snooping. A good place to set the bar is to reject email snooping and also reject using their website if hosted by GAFAM or proxied Cloudflare (Cloudflare almost always manages the keys, thus a bit foolish to use lemmy.world).
In the case at hand the prospective insurer blocks Tor, which again means they are demanding more info from me than contractually necessary (my IP address). So I would not use their website regardless of their hosting provider. They will charge a penalty fee for not being paperless.
The insurance company would still likely have your data in a dodgy outsourced cloud space even if you don’t use the website. But in that case control is almost entirely out of your hands. Generally you cannot even be informed about their internal ops. The more out of your control it is, the more liable the insurance company is for misuse. If email traffic to you is abused or misused, you share the blame because you signed up for it by sharing your email address knowing that Outlook traffic is openly surveilled on the table. You willfully feed Microsoft in that case. But when you don’t know how your data is stored for their internal ops, there is nothing you can do and no decision on your part to make.
Every email provider is a surveillance advertiser?
No, the insurance company only uses one email provider, which is Microsoft. Microsoft is a surveillance advertiser.
You have to share personal information with a broker, insurance company, mortgage provider etc.
I don’t have a problem with that. That’s need-to-know and consistent with data minimization. Of course if I don’t trust a particular company with my data I’m not going to pick up the phone and call them in the first place.
Sometimes they ask for too much info. Some brokers ask for more than others. I walk in those cases. I will not authorize a homeowners insurer to check my credit history (only my insurance history).
And your biggest concern is an email?
Of course. Microsoft is a centralized surveillance capitalist who has mastered exploitation of the data it collects to the fullest extent allowed by law, and even beyond that because MS has been caught breaking the law in their exploitation of personal data. It’s reckless and stupid to put a notorious privacy offender like Microsoft in the loop on an insurance deal.
I don’t see how that redeems the insurance company. I find the opposite. This is a reason to resist email and thus serves as a cause to oppose forced email disclosure.
Not sharing sensitive personal information with a surveillance advertiser is an “odd hill to die on”? Really? Yikes… what a low standard of privacy you have (which I suppose is somewhat expected coming from a Cloudflared host).
Homeowner’s insurance denied if email not disclosed
An insurance agent who I called on the phone for a quote demanded my email address. I resisted, said he could have my fax number instead. He said the form he is filling out in order to get me a quote will not move forward without an email address. I got the impression this was not a requirement of the agent but rather the underwriting company, which means no matter which agent sells me the policy it’s impossible to get insurance from that underwriter without an email address. I would be denied insurance with this underwriter had I not supplied an email address in a phone conversation. They assume if you have access to a phone line, you have email.
So I gave him a disposable. This is still not an okay solution. The quote he sent by email traversed Microsoft servers and contained sensitive information without encryption. It doesn’t matter that MS did not get my real email address considering they still got lots of personal info about me from the quote.
It’s also interesting to note that mortgage lenders require borrowers to always have homeowner’s insurance. So I will dream about pulling this activist move: drop the insurance after securing a mortgage, tell the bank “I cannot get insurance because I don’t have an email address”. Insurance companies tend to refuse to sell policies to someone who is not the beneficiary of the policy, so the bank would not be able to insure the home on their side. I would just love to see that shitshow play out. If anyone wants to drop their homeowners insurance for any reason, this might be your best defense for doing so.
Funnily enough, the insurer offers a “paperless discount”, which means they actually have a paper-sending service for those who are not paperless. Yet everyone must have an email address before they even get a quote.
Peertube is part of the fedi. So is it possible for a peer tuber to post a video to a Lemmy or Kbin community?
I’m new to peertube. Before I upload a video that depletes a chuck of my bandwidth limit, I would first like to know if it’s possible to post a video on peertube and then /from peertube/ create a thread in the relevant Lemmy community or Kbin magazine. Or do I have to use a separate Lemmy or kbin account for that?
I don’t think so because it would have to involve deliberate deception. (source)
The first customer to enounter the problem could send a registered letter to the vendor and then a second customer could perhaps later use the 1st customer’s letter to prove the vendor knew about the defect. The vendor would then perhaps try to argue that they did not know a particular customer was vulnerable to the defect. I don’t imagine that the debate could unfold in a chargeback dispute. A bank that is less consumer friendly than what you have in the US and UK would probably say it’s not obvious fraud.
Note as well fraud legally requires 5 components to all be present. I think 3 of them are: deception, someone must profit, someone must be damaged, … and I forgot the other two components.
(edit) I should add that when banks refer to “fraud” they may not be using the legal definition. I think it’s simpler for banks. They might ask “do you recognize the charge?” If yes, they likely don’t treat it as fraud. Of course I am speaking speculatively. I’ve not worked in a bank and a banker might have better answers.
That would indeed be the practical answer assuming he has a credit card with those protections. Credit cards not issued in the US or UK often lack chargeback protections in non-fraud situations.
Note as well that even in the US the chargeback merely moves the money back to the consumer and does not affect legal obligations. If AXS were motivated, they could sue the customer in that case and likely point to a contract that indemnifies them from software defects and incompatibilities.
I think most banks have a threshold where they eat the loss. I did a chargeback once for around ~$20 or 30. Then I found out that the bank’s cost of investigating the chargeback exceeds something like $50, so the bank just takes the hit instead of the merchant. I found that a bit disturbing because a malicious or reckless merchant has no risk on small transactions. But in the case at hand for $200, the bank would likely clawback the money from AXS.
[email protected] captures these kinds of cases. @[email protected], if you know of any situations where your prof faced difficulty for not having a smartphone, consider posting about it there.
Ah, interesting point. I didn’t realise the devs were Russian. That might explain this issue as well:
https://github.com/osmandapp/OsmAnd/issues/15927
OSMand is so glitchy and crash prone it would be useful to know which features are more inclined to hog resources, since resource insufficiency seems to be the reason for crashes. Things like the animation boolean and Kalman filter. I’m not sure if I should avoid those features.
For one person it crashes on long routes. For me a long route is more likely to have crashes just because the app must run for longer. My workaround is to save every route as a track before starting, so every time it crashes I don’t have to wait to recalculate the route (but I have to keep my eyes on the screen).
Help reducing map detail. App worked for yrs but suddently got into an extreme detail mode that causes copious chronic crashes
OSMand used to only crash 1 or 2 times per trip. It was usable enough. Now recently something changed with my config somehow and it shows extreme detail no matter how zoomed out I am. Every tiny street is being rendered. This is killing the app. It crashes so chronically it’s unusable.
Anyone know how to control this?
In “configure map” I have disabled everything except cycling routes. The “details” shows 0/9, which apparently only configures objects, not street details.
(edit) I think the “map magnifier” might be the issue. It was at 25% (the lowest), which I would intuitively think means less road detail. But it’s apparently counter-intuitive. I chose 100% and I seem to get less map detail -- which is what I need because the more detail, the more crashes. So I might have solved this.. need to experiment.
Someone died from an allergic reaction to food at Disney Springs after the staff gave allergen misinfo. But victim was a Playstation user, so arbitration clause may be in force
Disney asks a Florida court to dismiss a wrongful death lawsuit for an allergy-related death at Disney Springs, citing a Disney+ arbitration clause.
This is crazy. Disney is claiming that a wrongful death lawsuit cannot go forward (paraphrasing):
“sorry, your husband signed up to a Disney+ trial a couple of years ago, hence they accepted T&Cs that clearly stated that any dispute about our products should go through arbitration rather than through courts”.
Even if a consumer carefully reads the terms and conditions, how could they reasonably expect the ToS for a video game would affect the terms they are under at a Disney restaurant? That’s fucking nuts.
Future parents: “sorry kids, you cannot play that video game because there is an arbitration clause and one day you might want to visit Disney’s amusement parks.”
I’ve boycotted Disney for over a decade because of how conservative the corp is and how right-wing extremist they are with politics. IIRC Disney financed the campaign of a politician looking to eliminate background checks on firearms. Indeed, the company who entertains kids is happy to fight against basic gun control. So when Disney pulls a dick move like this arbitration clause it just reinforces the idea that boycotting Disney is the right move.
(edit) wow the ups and downs of the votes are interesting. ATM 9 up & 9 down. Can’t help but wonder who are these anti-human people who are happy to lick the corporate boots of Disney.. capitalist fanatics disappointed that people would object to arbitration clauses perversely applied so broadly? I have to wonder if loyal Disney employees are following this thread.
Thanks for the tip. The info would be gone now but I’ll try that next time it happens.
fetchmail logs showing a Tor exit node is compromised
This is what my fetchmail log looks like today (UIDs and domains obfuscated):
fetchmail: starting fetchmail 6.4.37 daemon fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server4.com: SSL connection failed. fetchmail: socket error while fetching from [email protected]@server4.com fetchmail: Query status=2 (SOCKET) fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server3.com: SSL connection failed. fetchmail: socket error while fetching from [email protected]@server3.com fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server2.com: SSL connection failed. fetchmail: socket error while fetching from [email protected]@server2.com fetchmail: Query status=2 (SOCKET) fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:0A000086:SSL routines::certificate verify failed fetchmail: server1.com: SSL connection failed. fetchmail: socket error while fetching from [email protected]@server1.com fetchmail: Query status=2 (SOCKET)
In principle I should be able to report the exit node somewhere. But I don’t even know how I can determine which exit node is the culprit. Running nyx just shows some of the circuits (guard, middle, exit) but I seem to have no way of associating those circuits with fetchmail’s traffic.
Anyone know how to track which exit node is used for various sessions? I could of course pin an exit node to a domain, then I would know it, but that loses the benefit of random selection.
It’s not a balance. About half the web still works from the Tor network. Also, Tor is not a DDoS threat to clearnet sites. There are only a few hundred exit nodes which work as a bottleneck to such attacks. The Tor network itself would suffer before a moderately competent target would fall.
A site calling itself "open data” should obviously be among the half of the world’s websites which function for Tor visitors.
And the fact that it cannot function even as an archive.org mirror, I must say it takes a special talent to be so incapable of being accessible. Most websites are reachable as archives.
(irony) opendatawatch.com blocking access to their website
And if you try to visit the archive¹, that’s also fucked.
Not sure who these people are.. maybe they are actually watchdogs in opposition to open data.
¹ https://web.archive.org/web/20240925081816/https://www.opendatawatch.com/
Yes, but a scam is normally something that baits someone into a situation they fall prey to. The US credit system is certainly that, but it also exploits unwilling people who have no intent of taking the bait. That is, we cannot opt-out of the credit bureaus collecting data on us even if we try.
I figured the power consumption of multiple parallel decodings would increase but it would be negligable if limited to occur during channel browsing. If you settle on a signal for 2 min, it could revert to 1 channel.
A more crude improvement would be trivial: simply continue playing the previous buffer during the 3 second gap, but update the display instantly to show the user that their command was received and acted on. The 3 second gap could also be a fade-out to give an audible signal that the channel change command is in motion. The linux app “Clementine” does some of this. When you click the stop button, it does not stop the music instantly but does a fade out.
DJs sometimes have to switch to something else quickly with no time to beat match. It’s not a good situation but their method of choice seems to be a rapid cross-fade, as opposed to a sharp and sudden discrete switch. That slight smoothness helps. With a small buffer the two channels could even slow one channel and speed up the other to do an automatic beat match and cross-fade a bit more smoothly. I would not be surprised if there were some FOSS libs that already provide this sort of thing.
(edit) I should note as well that there is one station that has a very low level so you have to double the volume to match any other station. A device that fades during transitions could normalize the level differences without the user even knowing the differences are there.
FM advantage over DAB: fast tuning -- do DAB devices need to evolve more?
My DAB+ radio also has an FM function. It stores a favorite set of channels for DAB and a separate memory store for FM. When cycling through the DAB presets, there is a ~3 or so second delay for it to tune and decode. With the FM mode there is no delay. Is my particular model just slow with decoding the first sound byte or is this an inherent DAB shortcoming?
I imagine a well designed DAB radio could theoretically tune the next 2 or 3 presets in sequence simultaneously in parallel so you could avoid the channel changing delay. Has anything like that been implemented?
What about a device that pairs FM to DAB? Some radio stations have both an FM and a DAB transmission. So in principle I would want the device to be aware of the dupes. From there, I should be able to flip through the FM stations and once I settle on a station push a single button to switch over to the DAB signal. It could even deliberately play the FM signal for 4 sec. longer and quickly cross-fade in the DAB signal. Any hardware on the market doing this sort of thing?
I’m not sure what data breaches you’re referring to. The data that makes it into the credit file is not generally due to a breach¹. Every “member” of a credit bureau is free to share info with the credit bureau. Those members (which are generally banks, insurance companies, creditors) usually put in their privacy policy some vague verbiage about sharing with credit bureaus.
If you mean breaches of the credit bureau, like what happened with Equifax, I don’t believe a US court would view the breach itself as quantifiable provable damage to every consumer. I think there would only be (court-recognized) damage if the data were actually exploited in a way that costs you money.
¹ Although I say unlawfully exfiltrated data would unlikely make it onto the credit report, I cannot know for certain precisely because the credit bureau conceals the info source. That’s the reason we would want the law enforced. If CRAs were to share the source info, we would be able to separate the sources we have agreements with from those we don’t, and possibly chase up the sources we did not authorize to investigate where the data came from, which very well could have a supply chain that leads to the black market, a ransom attack, etc.
The law that all US credit bureaus violate, bluntly, simply because there is no enforcement mechanism: data source disclosure
The FCRA requires credit bureaus to disclose to consumers the identity of the sources of information in your credit file. Yet if you look at your credit report from any of the 3 major giants (TRU, EFX, EXPN), they list out all addresses, phone numbers, and email addresses with no indication of who fed them that info. If you request that info, they ignore or refuse.
The penalty for FCRA violations in that section is $1k. So you might think: “how cool is that? I can simply sue all three credit bureaus for $1k each”. It should work like that, but doesn’t. IIRC, it was a lawyer for a credit bureau who told me in so many words: case law shows that you must incur damages in this particular case. So if you can prove damages, then you can claim $1k (even if the actual damages are $1). But how do you even prove $1 in damages?
I have some ideas but generally this is such an uphill battle that credit bureaus can simply bluntly ignore the law. Which is what they do. It’s a good demonstration of how US corporations will plainly break laws that are unenforceable.
(US) Users of text-based mail clients can legally penalize corporate senders who send HTML-only e-mail (possible legal theory)
cross-posted from: https://lemmy.sdf.org/post/22571649
> According to 15 U.S.C. 7704 §5(a)(5): > > > INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL.— > > > > (A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides— > > > > (i) clear and conspicuous identification that the message is an advertisement or solicitation; > > (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and > > (iii) a valid physical postal address of the sender. > > When my text-based mail client receives an HTML-only email message, it tries to render the HTML as text. It’s sometimes a jumbled up unreadable heap of garbage because the HTML is malformed and relies on a forgiving/tolerant rendering engine. Even when the HTML is proper and standards compliant, links are not exposed to text rendered. E.g. a msg will say “to unsubscribe and stop receiving emails, update preferences here.” > > Where is “here”? That is just raw text. Sure, an advanced user can do a number of things to dig up that link. But I doubt that would pass the legal standard of “clear and conspicuous”. > > Anyone have confidence either way whether HTML-only spam is legally actionable on this basis?
(US) Users of text-based mail clients can legally penalize corporate senders who send HTML-only e-mail (possible legal theory)
cross-posted from: https://lemmy.sdf.org/post/22571649
> According to 15 U.S.C. 7704 §5(a)(5): > > > INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL.— > > > > (A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides— > > > > (i) clear and conspicuous identification that the message is an advertisement or solicitation; > > (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and > > (iii) a valid physical postal address of the sender. > > When my text-based mail client receives an HTML-only email message, it tries to render the HTML as text. It’s sometimes a jumbled up unreadable heap of garbage because the HTML is malformed and relies on a forgiving/tolerant rendering engine. Even when the HTML is proper and standards compliant, links are not exposed to text rendered. E.g. a msg will say “to unsubscribe and stop receiving emails, update preferences here.” > > Where is “here”? That is just raw text. Sure, an advanced user can do a number of things to dig up that link. But I doubt that would pass the legal standard of “clear and conspicuous”. > > Anyone have confidence either way whether HTML-only spam is legally actionable on this basis?
Users of text-based mail clients can legally penalize corporate senders who send HTML-only e-mail (possible legal theory)
According to 15 U.S.C. 7704 §5(a)(5):
> INCLUSION OF IDENTIFIER, OPT-OUT, AND PHYSICAL ADDRESS IN COMMERCIAL ELECTRONIC MAIL.— > > (A) It is unlawful for any person to initiate the transmission of any commercial electronic mail message to a protected computer unless the message provides— > > (i) clear and conspicuous identification that the message is an advertisement or solicitation; > (ii) clear and conspicuous notice of the opportunity under paragraph (3) to decline to receive further commercial electronic mail messages from the sender; and > (iii) a valid physical postal address of the sender.
When my text-based mail client receives an HTML-only email message, it tries to render the HTML as text. It’s sometimes a jumbled up unreadable heap of garbage because the HTML is malformed and relies on a forgiving/tolerant rendering engine. Even when the HTML is well formed, hyperlinks are not exposed in the text rendered. E.g. a msg will say “to unsubscribe and stop receiving emails, update preferences here.”
Where is “here”? That is just raw text to me. Sure, an advanced user can do a number of things to dig up that link. But I doubt that would pass the legal standard of “clear and conspicuous”.
Anyone have confidence either way whether HTML-only spam is legally actionable on this basis?
(update) I should mention the most annoying offenders-- corporate senders (e.g. banks) that attach a plaintext MIME part, but then the motherfuckers use it to just say (in so many words) “You need to update your software”. This makes it extra difficult to see the content of the message because the text mail client of course shows the text MIME part by default.
Banks are harrassing people after discovering their address is not residential; but does the law care?
View on Redlib, an alternative private front-end to Reddit.
Some banks have started demanding proof of address when they realize that the address they have on file is “commercial”, e.g. like a UPS Store PMB type of address. How would this play out in court? The law¹ states:
> “(i) Customer information required—(A) In general. The CIP must contain procedures for opening an account that specify the identifying information that will be obtained from each customer. Except as permitted by paragraphs (b)(2)(i)(B) and (C) of this section, the bank must obtain, at a minimum,the following information from the customer prior to opening an account: > 1. Name; > 1. Date of birth, for an individual; > 1. Address, which shall be: > (i) For an individual, a residential or business street address; > (ii) For an individual who does not have a residential or business street address, an Army Post Office (APO) or Fleet Post Office (FPO) box number, or the residential or business street address of next of kin or of another contact individual; or … > 1. Identification number, which shall be: …
(emphasis mine)
Banks seem to be over-reacting to law that is more lenient than what banks are interpreting. Not only are business addresses allowed, but a bank customer can even supply someone else’s address. The law also seems to distinguish between old customers and new. Yet out of the blue banks are harrassing customers who have had an account for years. They have a gov-issued ID doc and SSN, yet suddenly the banks get anal and persnickety about the address to the extreme of freezing people’s accounts as databases grow (DBs that track the zoning an address is in).
Has this been challenged in court? It’s clear from the linked thread that customers either dance for the banks or get their accounts frozen. It could be hard to challenge in court since banks can demand whatever info they want even if not required by law. But if they suddenly close an account that has been established, that could cause damages to the customer.
One interpretation is that legislators intended the business address to be that of the customer’s workplace. But the law does not seem to specify that.
¹ 31 C.F.R. § 103.121