EU-based ATMs tend to charge a fee of ~€4—6 on non-EU cards. I’m fine with that because my bank rebates those fees anyway. However something seems off with some French ATMs.

France has a reputation for having the highest banking fees in Europe and their ATMs seem consistent with that reputation. Some French ATMs charge €6 and that gets printed on the ATM receipt. As expected my bank sees the fee on their side in that case and they credit it back to me -- so no problem there. But then other ATMs in France do not print any fee on the receipt. Consequently my bank sees no fee on the transaction so they rebate nothing back to me. Are those ATMs reeaaally giving up the opportunity to charge a fee to non-EU cards? Certainly no Dutch ATMs ever pass up that opportunity. When calculating the xe.com rate of that day and comparing to the money drawn from my bank account, there is a discrepancy of ~$5.50 USD.

So it looks like the ATM is adding their fee into the euro amount. E.g. I pull out €400 & decline DCC, and the ATM prints a receipt showing €400 but then draws something like €405. In principle it should be evident from the bank statement. But my bank lacks transparency and omits from the statement the euro amount and also withholds the exchange rate they applied (which the contract says is the straight interbank rate with 0% markup).

I see two possible theories here:

1. my bank’s so called fee-free FX rate is really ~1%; OR
2. the French ATMs add the fee to the amount charged and hiding the fee. They do not benefit from it but could be sloppy programming. Maybe they think it does not matter because they are still charging whatever the customer agrees to anyway.

While I struggle to believe that 3 different French ATMs would pass up the chance to take a fee, I ran the numbers on a transaction that actually does transparently take a fee and result in a rebate. I still paid almost 1% more than the xe.com rate.

All fees must be disclosed on the ATM screen by law. But my memory is not so reliable.

Pushover consumers accepted “Know Your Customer” abuses to their 4th Amendment rights in the banking sector, so why wouldn’t the same work when it comes to internet service? I have no doubt that the privacy apathetic masses will accept this in a heartbeat.

The bank requires customers who use their phone app to:

1. buy a new recent smartphone, repeatedly (because the bank’s app detects when it is running on an Android emulator and denies service)
2. subscribe to mobile phone service (which also costs money and also in some regions requires supplying national ID to the mobile carrier to copy for their records which customers then must trust them to secure)
3. share their mobile phone number with a power abusing surveillance capitalist who promotes the oil industry (Google / Totaal)
4. create a Google account and agree to their terms (which includes not sharing software that was fetched from the Playstore jail)
5. share their IMEI# with Google
6. share all their app versions with Google, thus keeping Google informed of known vulns for which they are vulnerable
7. share with Google where they bank and trust Google not to sell that info to debt collectors
8. install proprietary non-free software and trust the security of non-reviewable code
9. share the mobile phone number with the bank

Why are so many people okay with this?

The state of medical privacy has become quite appalling lately. I started using a young doctor in a new office and they are gung ho on modern tech. That’s fine to some extent but they want to send me invoices and all correspondence via e-mail. No PGP of course. I did an MX lookup on their vanity email address & it resolves to an MS Outlook server.

I asked them for my test results. They offered to email them.

My response: I do not want sensitive medical info coming by e-mail via Microsoft’s servers. I did not give you a copy of my email address for that reason. It needs to be snail-mailed to me.

Perhaps of greater concern is that the receptionist acted like I am making a unusual request, and that they do not mail things. Apparently I am the only patient who has a problem with sensitive medical info going to Microsoft. So the receptionist is investigating whether she can get approval to mail me my results by post.

I wonder if someone in that clinic will have to run out and buy stamps because I have a problem with Microsoft.

cross-posted from: https://links.hackliberty.org/post/984895

Microsoft finances #AnyVision to produce facial recognition technology that the Israeli military uses against the Palestinian people.

So if you oppose Israel’s brutality then #Microsoft should be on your boycott list.

If you are undecided, these stories might help with your decision:

• snipers target a red-cross medic for execution (2018) → https://edition.cnn.com/2018/06/03/middleeast/razan-al-najjar-gaza-nurse-killed/index.html
• Hind Rajab (6 year old; 2024) → https://www.guardian2zotagl6tmjucg3lrhxdk4dw3lhbqnkvvkywawy3oqfoprid.onion/world/2024/feb/10/im-so-scared-please-come-hind-rajab-six-found-dead-in-gaza-12-days-after-cry-for-help

For Hind Rajab, my boycott is on until I die.

cross-posted from: https://links.hackliberty.org/post/125466

My credit card issuer apparently never gets to know what I purchased at stores, cafes, & restaurants -- and rightfully so. The statement just shows the shop name, location, and amount.

Exceptionally, if I purchase airfare the bank statement reveals disclosures:

• airline who sold the ticket
• carrier
• passenger name
• ticket number
• city pairs

So that’s a disturbing over-share. In some cases the airline is a European flag carrier, so IIUC the GDPR applies, correct? Doesn’t this violate the data minimization principle?

Airlines no longer accept cash, which is also quite disturbing (and illegal in jurisdictions where legal tender must be accepted when presented for PoS transactions).

Has anyone switched to using a travel agent just to be able to pay cash for airfare?

UPDATE

A relatively convincing theory has been suggested in this other cross-posted community:

https://links.hackliberty.org/comment/414338

Apparently it’s because credit cards offer travel insurance & airlines have incentive to have another insurer involved. Would be useful if this were documented somewhere in a less refutable form.

There is a common theme pushed by fanatics of capitalism that never dies: that a profit-driven commercial project ensures higher quality products than products under non-profit projects. Some hard-right people I know never miss the chance to use the phrase “good enough for government work” to convey this idea.

I’m not looking to preach to the choir here, but rather to establish a thread of scenarios that correspond to quality for the purpose of countering inaccurate narratives. This is the thread to share your stories.

In my day job I’m paid to write code. Then I go home write code I was not paid for. My best work is done without pay.

Commercial software development

When I have to satisfy an employer, they don’t want quality code. They want fast code. They want band-aid fixes. The corporate structure is too myopic to optimize for quality.

Non-commercial software development

Free software developers have zero schedule pressure. They are not forced to haphazardly rush some sloppy work into an integration in order to meet a deadline that was promised to a customer by a manager who was pressured to give an overly optimistic timeline due to a competitive bidding process. #FOSS devs are free to gold-plate all they want. And because it’s a labor of love and not labor for a paycheck, FOSS devs naturally take more pride in their work.

I’m often not proud of the commercial software I was forced to write by a corporation fixated on the bottom line. When I’m consistently pressured to write poor quality code for a profit-driven project, I hit a breaking point and leave the company. I’ve left 3 employers for this reason.

Commercial software from a user PoV

Whenever I encounter a bug in commercial software there is almost never a publicly accessible bug tracker and it’s rare that the vendor has the slightest interest in passing along my bug report to the devs. The devs are unreachable by design (cost!). I’m just one user so my UX is unimportant. Obviously when I cannot even communicate a bug to a commercial vendor, I am wholly at the mercy of their testers eventually rediscovering the same bug I found, which is unlikely in complex circumstances.

Non-commercial software from a user PoV

Almost every FOSS app has a bug tracker, forum, or IRC channel where bugs can be reported and treated. I once wrote a feature request whereby the unpaid FOSS developer implemented my feature request and sent me a patch the same day I reported it. It was the best service I ever encountered and certainly impossible in the COTS software world for anyone who is not a multi-millionaire.

Some Lemmy instances (e.g. Beehaw) do not support down votes. When an instance does support down-votes, authors often get zero feedback with the down votes which ultimately supports obtuse expression, shenanigans and haters. The status quo suffers from these problems:

• down voters do not need to read the comment they are down voting
• down votes empower non-moderators to suppress comments and posts
• some communities struggle to get content because of some malicious down voters who down vote every post to discourage activity and effectively sabotage the community; voting privacy shields malicious down-voters from discovery and supports their attack
• silent down votes are non-constructive
• some people make heavy use of down votes to suppress civil comments purely because of disagreement; other (more civil) users only use down votes to suppress uncivil dialog. This inequality ultimately manifests to reduce civility.
• transparency: kids and adults are accessing the same forums and adults are blind as to whether down votes are coming from kids (the rationale can reveal this)

The fix:

An instance admin should be able to flip a switch that requires every down vote to collect a 1-line rationale from the voter. These one-liners should be visible to everyone on a separate page. Upvotes do not need rationale. So instance owners should have 3 configuration options:

• down votes disabled (beehaw)
• down votes require rationale (proposed)
• down votes out of control (the most common status quo)

Perhaps overkill, but it might be useful if a moderator can cancel or suppress uncivil down votes.

BTW, the reason this enhancement request is not in the official bug trackers:

• Lemmy’s bug tracker is in MS Github (#deleteGithub)
• Kbin’s bug tracker is on codeberg, who silently deleted my account without warning or reason, and #Codeberg reg forces a graphical CAPTCHA (which fails on my non-graphical browser).

#lemmyBug #KbinBug

/cc @nutomic@lemmy.ml @ernest@kbin.social

It would be useful to have more refined control over participation in a group. Someone should be able to create a group that gives permissions to specific individuals. A variety of permissions would be useful:

• permission to see that a community/mag exists (some groups may or may not want to be listed in searchable a public directory)
• permission to read the posts in a community/mag
• permission to vote in the community/mag
• permission to start a new thread in the community/mag
• permission to comment on an existing thread in the community/mag

A forum creator should be able to set the above perms on:

• individual accounts
• all users on an instance (e.g. users on an instance @weH8privacy.com might be unfit for voting and writing comments in the community “fightForPrivacy”)
• all users not on an instance (e.g. local users only for example)
• instance IP-based (e.g. users from Cloudflared instances might be unfit to participate in a group called “decentralizationAdvocacy”)

Settings for individuals should override instance-specific settings. So e.g. a “fightForPrivacy” forum might allow all forms of participation from an instance stop1984.org, but if antiprivacyMallory@stop1984.org is uncivil, a mod should be able to block all inputs from that user yet perhaps still allow antiprivacyMallory to just read the posts on the off chance of influencing the user to be more civil through exposure to civil chatter.

Workaround 1 (Lemmy only):

Make an announcement community and make all participants a moderator. Bit crazy unless you really trust everyone involved.

Workaround 2 (Lemmy):

One community per instance using instance-specific registration control. Still too blunt, cumbersome, excludes mods who don’t have their own instance.

Question

Sometimes I click to subscribe to a community which then goes into a “subscription pending” state. What does that mean? As a moderator of some groups I never receive a signal that someone is requesting to subscribe.

BTW, the reason this enhancement request is not in the official bug trackers:

• Lemmy’s bug tracker is in MS Github (#deleteGithub)
• Kbin’s bug tracker is on codeberg, who silently deleted my account without warning or reason, and #Codeberg reg forces a graphical CAPTCHA (which fails on my non-graphical browser).

#lemmyBug #KbinBug

/cc @nutomic@lemmy.ml @ernest@kbin.social

Some of you might be interested in this Mastodon thread. It’s a bit of bashing PDFs for having poor accessibility, and some guidance on improving PDFs for accessibility.

Some people are saying they prefer MS Word over PDF for accessibility reasons. Of course the elephant in the room is that “accessibility” is an over-loaded word. It usually refers to usability by impaired people, but in the case of being generally usable to all people on a broad range of platforms, MS Word is obviously inaccessible due to being encumbered by proprietary tech by a protectionist corporation.

cross-posted from: https://links.hackliberty.org/post/582272

I have lots of old friends who I only maintained sparse contact with. When I let my personal email address die (the address they would all have records of), I did not bother to update them with a new address.

They are all on the platform of some surveillance capitalist (e.g. Google or Microsoft). Google & Microsoft both refuse connections from self-hosted residential servers. And even if they didn’t, I am not willing to feed those surveillance advertisers who obviously don’t limit their surveillance to their users but also inherently everyone who makes contract with their users. I cannot support that or partake in pawning myself to subsidize someone else’s service.

I just wonder if anyone else has taken this step.

cross-posted from: https://links.hackliberty.org/post/609883

This BBC interview has a #Cloudflare rep David Bellson who describes CF’s observations on internet traffic. CF tracks for example the popularity of Facebook vs. Tiktok. Neither of those services are Cloudflared, so how is CF tracking this? Apparently they are snooping on traffic that traverses their servers to record what people are talking about. Or is there a more legit way Cloudflare could be monitoring this activity?