Interesting perspective, but I’d tend to argue that the technologies such as WiFi have massively increased inclusiveness and accessibility for magnitudes more people than it has raised issues for.

Not in the slightest¹. It has reduced inclusiveness. The groups being excluded were previously given full and equal access. To argue that nighttime access is possible is to inherently advocate for exclusive access to those who would sit on the sidewalk with their device while people who need access by other means are denied. What a bizarre and obscure corner case. It’d be somewhat elitist to be selective like that. Human rights calls for equal access to public services (UDHR Art.21¶2). That means if a service cannot be offered to all demographics it should be offered to no one.

It’s really hair-splitting esoterics to be concerned about what library access there is at night time on the sidewalk. Maybe it’s fair enough to say outside of hours there is no sense of equal access. I don’t want to die on the nighttime access hill either way. My post concerns equality during the day when the library doors are open. If there really is a notable need for nighttime access from the sidewalk, that can also be deployed in an egalitarian way by mounting exterior ethernet ports and removing the captive portals.

(edit)¹ well, Wi-Fi in the 2000s was inclusive because it did not generally come with a captive portal and it was offered in parallel to ethernet. Having Wi-Fi is an essential part of being inclusive now that wi-fi-only devices exist. But the way they are doing it in 2024 is exclusive, depending on the library. Some libraries still today do not have captive portals but that’s becoming more rare as libraries prioritize a paperless agreement above equal access.

I am also concerned with outsourcing. But worried about cloudflare are pretty far down the list. Adobe controlled DRM on most ebooks, and even third party cloud based catalogues, are way more concerning.

You’re thinking about the barriers and inconveniences to you personally. But when I speak about exclusivity, I’m talking about different demographics of people getting different treatment and different service. It’s unacceptible for a public service to say “sorry, some people just do not make the cut for the profile of those we are including… our public service is only for people who subscribe to private GSM service” (precisely the demographic less in need of public service). It’s better to pull the plug to ensure equality than to create unequal access.

The DRM problem is not a problem of exclusivity w.r.t the public library, AFAICT, because the library secures whatever DRM rights are needed equally for all patrons. DRM does not cause someone who cannot afford a mobile phone to be refused service. Unless a DRM mechanism were to require an SMS verfication – then I would be with you on that because that would be discriminatory and exclusive. Although I’ve heard that some forms of DRM prevent reading a page more than once. I can imagine that someone with an impairment of some kind might need to read a page more times than someone else to absorb the same book. In that case, DRM would indeed be adding to the exclusivity problem and would need a remedy in that regard. If a library could not negotiate an egalitarian deal in that case, then the egalitarian remedy is to drop that book from the library’s catalog completely, as that would ensure equal access.

Lets face it, the half dozen people per million (if that) who care about the FLOSS status of thier WiFi hardware’s firmware, probably are technically capable enough to find a way to access library resources securely more than most people!

It’s not a technical problem. It’s an ethical problem. When a public funded service is forces people to run proprietary non-free software on their own devices, it’s an abuse of public funding to needlessly force people into the private sector. In the US, the American Library Association has a bill of rights that states people are not to be excluded from the library based on their views or beliefs. Designing a library to only cater for people who are ethically okay with running non-free proprietary software would undermine that principle. It would be comparable to a public service denying service to vegans because of their ethical viewpoints.

Wouldn’t direct access to a library’s network via Ethernet in an uncontrolled manner pose a security risk though?

You would have to detail why. Ethernet offers /more/ security by not exposing users’ traffic and by avoiding MitM to a reasonable extent. It’s far easier to spoof a Wi-Fi AP from next door or even a block away than it would be to to plant an ethernet attached MitM box, which means getting behind the drywall or breaking into a utility room. Not to mention the mass surveillance of all iOS devices collecting data, timestamps, location of every other WiFi device in range and feeding that to Apple. Ethernet is trivially immune to that collection, whereas Wi-Fi users are exposed without a countermeaure. They can dynamically change their MAC daily or whatever but that’s not the only data being collected by Apple.

(edit) It’s worth noting as well that the NSA actually advises people not to use Wi-Fi.

Also, while propriety Wi-Fi and other technology-related solutions are sometimes frustrating, many libraries are ultimately budget constrained, making the use of standardized solutions far more economical than custom ones.

Economics does not justify excluding some demographics of people¹. If a public funded service cannot offer service in an equitable way, it’s better to not offer the service at all. When a public library offers a service, assumptions are then made in other contexts that the whole public has that access. Governments operate on the assumption that people they serve have access, and they use that assumption to remove analog means of contact and service. Some government offices have already closed their over-the-counter service. How was it that they could afford it previously but not anymore? Those budgets are themselves set by assumptions, like assumptions that everyone carries a mobile phone.

¹ exceptionally, public funding cannot for example cover every heart transplant everyone needs. But the library does not face those kinds of extremes. Ethernet cable is cheap enough. Getting people to agree to terms of service the old fashioned way (paper) is cheap enough. Priorities have to be really screwed up to be willing to exclude someone from service to save money on paper agreements.

Some of them do, while some libraries proactively take steps to /block/ people who make egress Tor connections from the library’s network, which is a revolting contrast to the librarians who care. The same libraries who block Tor also impose SMS verification on Wi-Fi users. Note that article is US based and only the US has a “Library Bill of Rights”. Outside the US it’s quite a different story.

I wonder if it’s because privacy is in such a poor state of affairs in the US to start with that the US libraries are motivated to give some refuge.

Hate to be a party pooper but the author is a bit off. From the article:

It’s a place I can get free wifi and where I don’t have to explain myself to anyone in any way.

This is precisely where libraries demonstrate poor governance.

First of all by offering Wi-Fi and not ethernet the library discriminates against people with old hardware, people who oppose the non-FOSS firmware that Wi-Fi cards depend on as well as those who don’t want to expose their traffic to all eavesdroppers in range and those who prefer to avoid spoofed APs and those who would rather be less wasteful with energy. I do not think I’ve encountered any library in the past decade that intentionally offer ethernet. The very few I’ve encountered with open ethernet ports apparently offer it by accident (ports that were likely meant for the libraries own assets but unused and left inadvertently connected).

Even if you are in the included group who are happy to see ethernet users marginalised, among Wi-Fi users are those who are discrimated against because they do not have a mobile phone, thus cannot get past the Wi-Fi captive portal that demands SMS verification. Which also inherently discriminates against people whose devices cannot handle captive portals as well. So libraries are less of a refuge from corporate bullshit than they were in the past.

And that we can do it without a profit motive, simply because we think that’s the way it ought to be.

It’s great that the library itself is non-profit. But that only mitigates part of the problem brought by corporate commercial greed. The library needs to evolve to:

• help people find refuge from tech giants, which means not imposing mobile phones on the public and ideally go as far as offering access to FOSS PCs. It should be mostly FOSS PCs, and perhaps 1 or 2 Windows and MACs for those who have various special needs. Most libraries are 100% MS Windows with Chromium (possibly Firefox as an alternative) and the search engine default is Google. So library visitors are still being immersed in the same exploitive commercial environment that dominates homes and workplaces.
• the library blocks Youtube front-ends like Invidious but not Youtube, which ensures delivering an a profitable audience to Google. I realise the library has to avoid copyright violations, but Invidious is not a clear offender. It’s murky gray area but the library should be fighting for the people considering Invidious nodes are not being shut down which highlights the weakness of Google’s position.
• mention of lending out Rokus is a double-edged sword. Yes it’s keeping pace with the times to get people access to streams but Roku is a smart TV which doubles as spyware designed to enrich corporations. I’m not sure if there is a FOSS alternative. I’m tempted to say Kodi but it would then have to be installed on portable hardware that the library could lend.
• cut ties with all e-book suppliers who lock their books up into Cloudflare’s exclusive walled garden. Cloudflare should not be a gatekeeper for who gets access to e-books.

Our governmental structures and agencies should not be in the service of business,

Indeed. But when a library excludes those without mobile phones, they are serving the telephony industry and undermining the human right to equal access to public services.

The author himself, J.Hill, deployed this blog from a website that is inside an exclusive walled garden that discriminates against some demographis of people. I agree with his push to defend libraries from right-wing assholes and in that sense we are united. But a fight is also needed within the library systems to stop libraries from discriminating against some classes of people. They are outsourcing their technology to tech giants who have made library access exclusive.

I had a faraday phone case at one point. They also make jackets with faraday inside pockets. I quit using the faraday pouch because if you use that as a convenient off switch, the phone works harder to find a tower, draining batteries. So to save juice you need airplane mode. There’s probably still reason to use a faraday bag along with airplane mode, but since I’ve parted with a GSM chip as well, it’s just not worth it unless you’re someone like edward snowden.

That’s insufficient. Mobile providers are not even getting your location through that Google mechanism that feeds Google. Their towers track your location even if you have GPS off.

I always tap “disagree” to location svcs when turning GPS on and take a hit on slow positioning. But that only cuts Google off. To cut the mobile carriers off, I keep my phone in airplane mode and also keep the GSM chip slot empty. In fact I don’t even carry a gsm chip. I believe in this state I can make emergency calls (IIRC, airplane mode automatically gets disabled when an emergency number is dialed).

Yet a vast majority of people have no problem when people are forced to subscribe to mobile phone service:

https://infosec.pub/post/11658371

This kind of information should be startling enough to at least see the merit in not having a mobile phone subscription. But no, people will just say “that sucks” and continue to being the sucker while also expecting others to be equally naive or cavalier too.

from the article:

AT&T told The Register said it should not be blamed for the failure of those buying its data to obtain proper consent, and said it will fight the fine.

Private investigators are treated as legitimate consumers of that location data. An angry ex-boyfriend or ex-husband hired a PI to find out where his ex was, who then simply bought the location data from a mobile carrier. The guy used the info to find her and shoot her dead on the spot (headshot while she was driving a car). The data sharing was “legit” in that case, in the US where privacy laws are generally non-existent.

It’s strange how that murder case gets omitted in these articles about mobile carriers selling location data.

That website you linked clearly doesn’t use it, because it took about 5 seconds to load up despite being entirely text. That’s why it’s a good service.

Selling your soul for a slightly faster load time is your personal preference but arbitrarily trading off inclusion of marginalized groups of people so some people get a faster load time is not in line with the netneutrality principles that the fedi community values. Diversity and inclusion trumps faster load times of some dude in Australia.

Yes, you can in fact access content on the fediverse without Cloudflare if you really want to. You can choose to use a different instance, and it doesn’t matter where that data is hosted.

That’s not true specifically for Lemmy. Images do not get copied. If a LemmyWorld user posts an image in a federated community, everything except the image is accessible on other instances. So those of us in Cloudflare’s excluded groups get a broken threads (people talking about an image we cannot see - we just see the discussion because only text is mirrored).

Even if you are in CF’s included group of those permitted access, if you are on a measured rate uplink you would want to see the size of an image before downloading it. That is something else that Cloudflare breaks. There is no content-length HTTP header. So CF also discriminates against those on measured rate connections.

There are also various other circumstances requiring users to visit a thread’s copy on another host. If that other host is Cloudflare, CF’s access restrictions determine whether the user gets access. If bob@fedi-respecting.node needs to revisit an old thread to recall a link, and fedi-respecting.node had to delete the thread in a periodic cleanup to recover disk space, bob might need to access another node directly which hosted the same thread. Yes, I’ve been there. And if that other node is Cloudflared, bob will be blocked if he is in CF’s excluded groups.

Cloudflare’s wall breaks the fedi in so many bizarre ways I should probably start a log of the various circumstances that CF causes enshitification to manifest.

The fediverse is by design not a privacy-forward platform, so concerns about “content they expect to be private” don’t matter.

That’s not true either. Cloudflare gets a view on all traffic, both public and private including access credentials. Users are deceived because of the lack of disclosures about the CF MitM. E.g. users commonly expect a DM to be visible to the admins of both hosts with no idea the Cloudflare also has visibility as well. Most users don’t even know about the existence of CF. Aussie.zone, for example, is not responsible enough to disclose to users that CF has that visibility.

Of course it completely changes the equation when the same single corporation who has visibility on about half all web traffic in the world also has a view on people’s social media DMs and acct creds, it’s an all-eggs-in-one-basket kind of compromise. That abusive level of visibility increases in the extent of the compromise when all that data can be aggregated. So the centralised nature of just the data exposure alone makes it antithetical the fedi philosophy from a privacy standpoint, most particularly coupled with the masses being uninformed about it.

It’s still decentralised because each instance is run by its own instance administrators with their own rules and capable of maintaining its own culture.

Certainly not. It’s centralized by Cloudflare’s access controls on all Cloudflared nodes under a single corporate policy. What aussie.zone is doing is very rare. Cloudflared nodes run with CF’s default access controls, which blindly gives CF blanket centralized authority over who gets access. This goes directly against the purpose of federation philosophy.

Even when a node like aussie.zone whitelists Tor, there are still half a dozen other demographics of people who they uniformly and centrally discriminate against and this is strictly under Cloudflare’s control and beyond the control of aussie.zone.

Even if they were all hosted in the same data centre it would not be a large mark against the fediverse

Of course it would. You have something like 5 of the 7 biggest fedi instances dependent on Cloudflare. If there is CF-wide downtime (regardless of whether it’s all on one data center or more realistically broken logic that’s distributed like cloudbleed was), the benefits of decentralization fails to deliver. Lack of network diversity makes disproportionately large number of people vulnerable to a single point of failure.

You obviously lack a bit of knowledge about Cloudflare and how it operates. I suggest reading the link you overlooked:

https://thefreeworld.noblogs.org/post/2024/03/18/cloudflare-has-created-the-largest-most-rigidly-exclusive-walled-garden-in-the-world/

I suggest also understanding a bit about Cloudflare as an organisation:

https://git.kescher.at/dCF/deCloudflare/src/branch/master/subfiles/rapsheet.cloudflare.md

Cloudflare is antithetical to every objective of the federation. Most importantly: decentralization. You don’t decentralize a platform by giving central access control and traffic visibility to a single tech giant in the US. It defeats the core purpose.

You might prefer smaller instances; … This part of it is clearly not a bug, however you put it. It is a difference of preference.

My personal preference happens to align with fedi principles. Don’t let that consistency fool you. I’m not advocating for what’s best for me. I am saying the list should be ordered in a way that’s healthy for the fedi based on the federation’s purpose and mission.

Showing the biggest communities on top may be your personal preference, but that is not healthy for the federation.

I myself am on an instance that’s almost identical in size to yours.

FYI, aussie.zone is centralized on a US tech giant (Cloudflare) and thus contrary to fedi principles. Though it’s not the worst manifestation of Cloudflare because they have whitelisted Tor. But there are still many other demographics of people likely being excluded from aussie.zone.

I do not see the value in smaller communities being prioritised when they each cover the same topic. If there’s !android@lemmy.world with 10,000 subscribers and !android@mypersonalinstance.net with me and my twelve mates, lemmy.world is the one the app should show people first. It wouldn’t matter to me whether that 10,000 is on lemmy.world or midwest.social, it makes sense to show users the place they’re likely to have the most interaction.

That is not healthy for the federation. That imbalance is a problem that Lemmy has failed to control. The disproportionately large communities need no promotion. Too many people know about them already. They should either not be listed at all or be pushed lower on the list. It’s an extra slap in the face and injustice that these are exclusive Cloudflare instances that are getting prioritized. These are instances without self-control on their growth and power.

It’s not instance-related at all.

It is instance related. If you search for Android on other instances you will get different lists. Users on infosec.pub have subscribed to every Android community in existence which makes the manifestation of the problem unique to infosec.pub. The !android@hilariouschaos.com community is also federated to infosec.pub by way of my subscription. It is true to fedi principles of inclusion and decentralization, unlike those that get listed on the top. So it’s an unhealthy sequence.

It could even be one user account that caused this. The activism.openworlds.info Mastodon instance was getting hammered with traffic. After investigation, they discovered that one user was following a shit ton of other accounts. All those follows were responsible for the admins struggling to cope with all the traffic. That instance eventually went under because it could not cope with the bandwidth demands.

This belongs in discussion around lemmy-ui, the various Lemmy apps & alternative front-ends, or in Lemmy itself with what gets returned by its search API.

The software part of the problem is specifically in the stock Lemmy web client. The bug tracker for the Lemmy web client is jailed in MS Github’s walled garden, hence why it was originally posted in !bugs@sopuli.xyz. There may be a configuration element to this, which is why it’s posted in this infosec.pub community. If there is an inactive account with all these android subscriptions, that can be remedied on the instance.

order should be descending order of size.

If bigger is better, why are you here instead of Facebook and Twitter? Fedi principles and philosophy have completely escaped you. In the fedi, we consider power imbalances, privacy abuses, and exclusivity resulting from centralization to not only worsen UX but to be an injustice. Encouraging disproportionate growth in the fedi is to advocate the destruction of what brings us here.

They’re not at odds. We don’t have to choose between protecting UDHR Art.3 and Art.17. It’s foolish to disregard some portion of the UDHR needlessly and arbitrarily.

The real problem with @Blaster_M@lemmy.world’s comment was to blame the victim. It may be sensible to blame the victim, but let’s not lose focus on the perp.

Don’t try to strawman this. Human rights are violated when someone is deprived of their property (their data in the case at hand). If food is withheld from starving people in Gaza, your argument is like saying:

“Claims human rights are being violated because someone failed to drive a truck”

beehaw.org defederated from lemmy.ml. And I don’t blame them. I actually try not to post to lemmy.ml or any of the Cloudflare-centralized nodes (lemmy.world, sh.itjust.works, lemm.ee, etc) but it slipped my mind when I posted here.

(edit) sorry, i’m confused. I thought beehaw.org defederated from lemmy.ml, but both the post herein and the original are on lemmy.ml yet you can reach this one. So I’m missing something. I wonder if you are able to see infosec.pub-mirrored content and maybe the original community has no infosec subscribers? hard to say.

You’re very trusting of your corporate overlords. I’m sure they are grateful for your steadfast loyalty and trust.

No amount of money you pay for your phone up-front will make that malicious code magically go away. You can pay cash, and you can even tip the seller. The code that reduces your control remains in that device. If you don’t control it, you don’t own it.

If you fail to use rights granted to you by free software licenses, you can blame yourself.

You’re not getting it. Again:

If you don’t control it, you don’t own it.

Buying something does not mean you control it. You might have bought an Amazon Ring doorbell but if Amazon does not like your behavior they can (and will) render it dysfunctional.

If you don’t control it, you don’t own it.

I guess a closer analogy would be rental storage. If you don’t pay your mini storage bill, in some regions the landlord will confiscate your property, holding it hostage until you pay. And if that fails, they’ll even auction off your contents.

So in the case at hand the creditor is holding the debtor’s data hostage. One difference is that the data has no value to the creditor and is not in the creditor’s possession. It would be interesting to know if the contracts in place legally designate the data as the creditor’s property. If not, the data remains the property of the consumer.

This is covered by human rights law. Universal Declaration of Human Rights, Article 17 ¶2:

“No one shall be arbitrarily deprived of his property.”

If the phone user did not sign off on repossession of their data, and thus the data remains their property, then the above-quoted human right is violated in the OP’s scenario.