Richard Stallman's Political Notes
The American Data Privacy and Protection Act takes a step toward limiting how companies can snoop on computer users. But the bad part is that it preempts state laws.

I suspect that the ADPPA is fundamentally based on limiting the use of data once collected, an approach that it is inadequate, because the only method that will really work is to limit the collection of the data.

If states can't pass laws that go beyond this, all progress will stop.

So I think this law should not be passed.

Original: https://stallman.org/archives/2022-may-aug.html#26_July_2022_(is_preemption_too_high_a_price_for_federal_privacy_law)
A Faustian Bargain: Is Preemption Too High a Price for a Federal Privacy Law? - TeachPrivacy

Prof Daniel Solove discusses whether the bill for the new federal privacy law - the ADPPA - is worth the cost of preempting state privacy law

TeachPrivacy
Aug 4, 2022 at 7:52amWeb
Show threadcensored for “transphobia”Aug 4, 2022
@rms I’m 1st of all horrified that a site calling itself “teachprivacy”.com is a #Cloudflare site. But worse, I boosted it w/out knowing b/c the URL was hidden. Text-based #Mastodon clients do not show the URLs that are embedded in HTML tags. So my choices are: dump the raw JSON of toots before boosting & look for hidden URLs that are CFd, or just boost & let @mg catch it
Show threadcensored for “transphobia”Aug 4, 2022
@mg @rms It’s much more convenient to boost & let #Mitigator do the work but what happens when I unboost? I think unboosting takes it off my timeline but some damage does not get reversed b/c the toot was already copied to the federated timelines of all the nodes of those following me. Guess some client-side tooling is needed here. And someone should teach privacy to #TeachPrivacy.com.
Show threadcensored for “transphobia”Aug 4, 2022
@rms @mg BTW RMS, I suggest you follow @mg. That’s a beneficial bot that will follow you back & DM you when you post a Cloudflare link. Docs live here → https://framagit.org/dCF/deCloudflare/-/blob/master/subfiles/service.altlink.md
subfiles/service.altlink.md · master · Crimeflare / deCloudflare · GitLab

The Great Cloudwall / Stop Cloudflare / #deCloudflare #Crimeflare http://crimeflare.eu.org

GitLab
Show threadMovedSinyxAug 19, 2022

Sorry for the late response, @koherecoWatchdog. FYI @rms is a bot and I rarely ever check its notifications.

I am discussing with RMS on the way to filter out ClownFlare links before publishing (though admittedly it’s been taking a while now given my tendency to write long emails and that I got a little busy in meat space lately).

Show threadcensored for “transphobia”Aug 19, 2022
@cnx @rms I was thinking: this isn’t like RMS to not respond.
Show threadcensored for “transphobia”Aug 19, 2022
@rms @cnx Thanks for the update. FWiW, some ways to detect CF sites are mentioned in this thread https://infosec.exchange/@bojkotiMalbona/108596156060149270
bojkotiMalbona (@[email protected])

The world’s most #privacy-respecting search service (#ombrelo) has been taken offline indefinately. Really bad news for privacy enthusiasts! API is still up but probably not many people even knew it existed much less how to use it.

Infosec Exchange
Show threadcensored for “transphobia”Aug 19, 2022
@cnx @rms you may find this service useful as well for filtering CF: http://karma.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/api/is/cloudflare/html/ There is also a clearnet version but it doesn’t work for everyone: https://karma.crimeflare.eu.org:1984/api/is/cloudflare/html/
Show threadcensored for “transphobia”Aug 19, 2022
@rms @cnx at the bottom of that form is a link to an article on how to use the API.
Show threadMovedSinyxAug 20, 2022
Thanks, @koherecoWatchdog. Do you happen to know how the database is constructed? https://framagit.org/dCF/deCloudflare/-/tree/master/cloudflare_users/domains
cloudflare_users/domains · master · Crimeflare / deCloudflare · GitLab

The Great Cloudwall / Stop Cloudflare / #deCloudflare #Crimeflare http://crimeflare.eu.org

GitLab
Show threadcensored for “transphobia”Aug 20, 2022
@cnx I suspect I don’t but I don’t exactly understand the question. Do you mean how do they get the raw data, or what they do w/it? The dCF project got a massive list of all domains & they also get new domains as they get registered, IIUC. I can only guess that they keep an sqlite db (since that’s what they export). They check them for CF & also re-check sites periodically.
Show threadMovedSinyxAug 20, 2022
@koherecoWatchdog, I was asking for the former, i.e. the accuracy of the database.
Show threadcensored for “transphobia”Aug 20, 2022
@cnx The checks are not just on a per-domain basis. One domain can have countless hosts, some of which may be CFd & others not. dCF keeps track of the hosts too. If 1 host on a domain is CF, then that whole domain is treated as CF when you reference just a domain list.
Show threadcensored for “transphobia”Aug 20, 2022
@cnx So e.g. if bobswebsite.com is not CF, but shop.bobswebsite.com is CFd, the domain bobswebsite.com is listed as CFd.
Show threadcensored for “transphobia”Aug 20, 2022
@cnx If you need hostname level granularity, then you either need to grab the headers and look for cf-ray, or check if the IP of the hostname is in the range of CF ASNs.
Show threadcensored for “transphobia”Aug 20, 2022
@cnx There’s another subtlty to be aware of: some sites are not proxying via CF in their normal restful state but when traffic gets heavy a bot automatically flips a switch to spontaneously put all traffic through CF. Those sites won’t usually show a cf-ray header when you check, but they are using CF’s DNS services. Those sites also get flagged as CFd by the dCF project.
Show threadMovedSinyxAug 20, 2022

@koherecoWatchdog, thanks for the insights down the thread!

It’s still not clear to me, though, how dCF keeps track of those sites. Is the methodology documented or is there anyway to reproduce the data, so that we don’t need to rely on dCF as the centralized source of (presumed) truth?

Show threadMovedSinyxSep 19, 2022

@koherecoWatchdog, after some discussion, RMS decided that links to a few sites behind Cloudflare cannot be discarded due to the lack of an alternative source. Instead, a warning will be appended to the post. Could give your thoughts on the wording of the following draft?

Warning: the link above points to a site managed by Cloudflare. If you follow that link, Cloudflare will figure out your location (unless you are connecting throuh a proxy) and snoop on your communication with the site.

Show threadcensored for “transphobia”Sep 19, 2022
@cnx I’d say that warning is suitable, but if you want it to be shorter, the 1st part could perhaps say “Cloudflare can obtain your geoIP location” (assuming the reader will understand that proxies/Tor exposes an IP that mitigates that -- though I’m unsure if that’s a safe assumption). For the 2nd part, I’d say “& snoop/see all your traffic w/the site despite the padlock”
Show threadcensored for “transphobia”Sep 19, 2022
@cnx You could also prefix all Cloudflare URLs with “https://web.archive.org/web/”. This will substitute one man in the middle for another, but archive.org avoids the #netneutrality problem (that is, unlike CF archive.org does not discriminate against some visitors on the basis of browser & IP address)
Wayback Machine

Show threadContradiction FinderAug 4, 2022

@koherecoWatchdog The irony of a CF site calling itself #teachPrivacy is amusingly bolstered by their front-page claim to have “Impeccable Expertise”.

#hypocrisy