freedomPusher

cross-posted from: https://sopuli.xyz/post/14006758

Yikes.

“In the adequacy decision, the European Commission estimated that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union.” (emphasis added)

Does the EU disregard the Snowden revelations?

And what a missed opportunity. California state specifically has some kind of GDPR analogue, so it might be reasonable if CA specifically were to satisfy an adequacy decision, (still a stretch) but certainly not the rest of the country. Such a move could have motivated more US states to do the necessary.

I must say I’ve lost some confidence and respect for the #GDPR.

Yikes.

“In the adequacy decision, the European Commission estimated that the U.S. ensures a level of protection for personal data transferred from the EU to U.S companies under the new framework that is essentially equivalent to the level of protection within the European Union.” (emphasis added)

Does the EU disregard the Snowden revelations?

And what a missed opportunity. California state specifically has some kind of GDPR analogue, so it might be reasonable if CA specifically were to satisfy an adequacy decision, (still a stretch) but certainly not the rest of the country. Such a move could have motivated more US states to do the necessary.

I must say I’ve lost some confidence and respect for the #GDPR.

People are often told if their data is published, they have no expectation of privacy. But I found an interesting gem in the EDPB Guidelines of 04/2019 which counters that to some degree:

59. Even in the event that personal data is made available publicly with the permission and understanding of a data subject, it does not mean that any other controller with access to the personal data may freely process it themselves for their own purposes – they must have their own legal basis.²⁰

²⁰See Case of Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland no. 931/13.

IMO, that means #AI bots cannot exploit openly public data if it’s data that’s personal to a European or someone residing in Europe.

A national central bank that keeps track of bank accounts, credit records, delinquency, etc for everyone in the country has their website on Cloudflare. People are instructed to check their credit records on that site.

The question is: suppose you don’t use the site. Suppose you only request your records offline. What are the chances that Cloudflare handles your sensitive records?

I guess this might be hard to answer. I assume it comes down to whether to central bank itself uses their own website to print records to satisfy an offline request. And I assume it’s also a question of whether the commercial banks use the website of the central bank to feed it. Correct?

Just a pro tip if you want to build a case against a data controller: when they ignore your GDPR request, don’t simply send them a reminder. Instead, send them a new Article 15 request demanding records on how your previous request was handled. This way when you build a case against them, you can tack on yet another Article 15 violation when they also ignore your request for information about how they handled your request.

Not that it matters.. the GDPR isn’t really being enforced. When the DPA ignores your complaint, you’re basically stuffed anyway.

cross-posted from: https://sopuli.xyz/post/12558862

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

cross-posted from: https://sopuli.xyz/post/12558862

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the #GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

So here’s a disturbing development. Suppose you pay cash to settle a debt or to pay for something in advance, where you are not walking out of the store with a product. You obviously want a receipt on the spot proving that you handed cash over. This option is ending.

It’s fair enough that France wants to put a stop to people receiving paper receipts they don’t want, which then litter the street. But it’s not just an environmental move; there is a #forcedDigitalTransformation / #warOnCash element to this. From the article:

In Belgium: since 2014, merchants can choose to provide a paper or digital receipt to their customers, if they¹ request it.

What if I don’t agree to share an email address with a creditor? What if the creditor uses Google or Microsoft for email service, and I boycott those companies? Boycotting means not sharing any data with them (because the data is profitable). IIUC, the Belgian creditor can say “accept our Microsoft-emailed receipt or fuck off.” If you don’t carry a smartphone that is subscribed to a data plan, and trust a smartphone with email transactions, then you cannot see that you’ve received the email before you leave after paying cash. Even if you do have a data plan and are trusting enough to use a smartphone for email, and you trust all parties handling the email, there is always a chance the sender’s mail server is graylisted, which means the email could take a day to reach you. Not to mention countless opportunities for the email to fail or get lost.

It’s such a fucked up idea to let merchants choose. If it’s a point of sale, then no problem… I can simply walk if they refuse a paper receipt (though even that’s dicey because I’ve seen merchants refuse instant returns after they’ve put your money in the cash register).

But what about creditors? If you owe a debt and the transaction fails because they won’t give you a paper receipt and you won’t agree to info sharing with a surveillance advertiser, then you can be treated as a delinquent debtor.

Google, Facebook, Amazon, and Microsoft must be celebrating these e-receipts because they have been working quite hard to track people’s offline commerce.

It’s obviously an encroachment of the data minimisation principle under the GDPR. More data is being collected than necessary.

¹ This is really shitty wording. Who is /they/? If it’s the customer, that’s fine. But in that case, why did the sentence start with “merchants can choose…”? Surely it can only mean merchants have the choice if they make a request to regulators.

cross-posted from: https://sopuli.xyz/post/12515826

I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:

From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion  
To: someoneElse@clearnet_addy.com

I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?

I’m looking for an email service that issues email addresses with an onion variant. E.g. so users can send a message with headers like this:

From: replyIfYouCan@hi3ftg6fgasaquw6c3itzif4lc2upj5fanccoctd5p7xrgrsq7wjnoqd.onion  
To: someoneElse@clearnet_addy.com

I wonder if any servers in the onionmail.info pool of providers can do this. Many of them have VMAT, which converts onion email addresses to clearnet addresses (not what I want). The docs are vague. They say how to enable VMAT (which is enabled by default anyway), and neglect to mention how to disable VMAT. Is it even possible to disable VMAT? Or is there a server which does not implement VMAT, which would send msgs to clearnet users that have onion FROM addresses?

cross-posted from: https://sopuli.xyz/post/10440580

The source of this article is in a walled garden that disrespects our privacy so I will not cite it. But here’s the text, posted here in the free world for all people to access:

The menace of “the War on Cash” is making steady headway across the board.

And that’s whether it concerns big-time international policy-makers pushing for total digitization of financial assets – or individual examples that showcase just how serious this threat is.

Here’s one such case: Elizabeth Dasburg and two others were denied the right to use cash to pay entry fee to the Fort Pulaski National Monument in Georgia, managed by the National Park Service.

It’s turned into, “parks, but no recreation” – because the victims of this violation of US law regulating the use of domestic currency have now opted for litigation.

Plain and simple, Dasburg and the two others believe it is still illegal in the US to refuse to accept the country’s legal tender. Or is it? That’s the question the US District Court for the District of Columbia will have to spell out.

Judging by the filing, the Fort Pulaski employees were equally indoctrinated against accepting cash, as they were trying to be helpful. The visitors were first told in no uncertain terms that only cards are accepted.

We obtained a copy of the complaint for you here.

And then, if – say they had no cards (that they might not want to use them doesn’t seem to have been a consideration) – they were instructed to go to a grocery chain like Walmart and buy a gift card.

However bizarrely and unnecessarily complicated this might sound – all the more ironic, because it appears the “explanation” for this policy is that cards are more “convenient” – that’s what Fort Pulaski wanted.

Cards. Of any sort. Things that can be tracked and tied to a person, in other words.

“By forcing people to use credit cards or digital wallets, under the guise of convenience, the National Park Service becomes a player in the surveillance state, undermining park visitors’ privacy right,” Children’s Health Defense (CHD) General Counsel Mack Rosenberg commented on the case – and the state of affairs.

CDH has decided to put its money where its mouth is and support the defendants’ case financially.

The National Park Service is said to have been working on cashless-only payment options for some years, the scheme now in effect in to close to 30 national parks, historic sites and monuments.

While those behind such things are always happy to present themselves as champions of “equality and diversity,” the reality looks quite different.

“Only half of low-income households have access to a credit card, according to a March 2022 Federal Reserve Bank of New York report,” CHD President Laura Bono said in a letter to the Park and Service CEO.

This is a seriously big loophole. Paraphrasing the various positions:

Data Controller:

“data collection is legal because we have a contract with the data subject” (iow, they claim Art.6.1(b) as the legal basis for processing)

Data Subject:

“There is no contract. I did not agree to a contract.”

Supervisory Authority:

“we do not act on contract issues”

EDPB:

“the scope of the GDPR does not include harmonization of national provisions of contract law”

I’m not finding it ATM, but somewhere in the GDPR or EDPB guidelines it says something to the effect of contract law varying across all member states, and therefore the GDPR is not applicable to contract matters and the validity of contracts cannot be assessed.

So, WTF? It’s a blatant abuse flying in the face of the GDPR when a data controller simply falsely claims a contract is in play. Since the SAs opt-out of regulating contract cases, this leaves data subjects with only direct court action.