eclic.ro is an exclusive Cloudflare site just like change.org is. Exclusivity is obviously quite lousy for democracy. Better alternatives are here:

https://codeberg.org/swiso/website/issues/140

privacytools.io always was shit show even before the infighting. They put their own endorsement site on Cloudflare. Despite a collossal pile of dirt emerging on #Signal:

https://github.com/privacytools/privacytools.io/issues/779

PTIO continued endorsing Signal non-stop, refusing to disclose the issues. That was also before the breakup. Dirt was routinely exposed on PTIO endorsements and it never changed their endorsement nor did they reveal the findings on their website.

Now both factions are hypocrits just as they were when they were united. The original PTIO site is back to being Cloudflared (nothing like tossing people coming to you for privacy advice into the walled garden of one of the most harmful privacy offenders), and Privacy Guides has setup on a CF’d Lemmy node. The hypocrisy has no end with these people.

Interesting, but that does not help because Mint jails all their docs in Cloudflare.

Also worth noting that #Ubuntu and #Mint both moved substantial amounts of documentation into Cloudflare (the antithisis of the values swiso claims to support). I have been moving people off those platforms.

BTW, prism-break is a disasterous project too. You know they don’t have a clue when they moved their repo from Github.com to Gitlab.com, an access-restricted Cloudflare site. There are tens if not hundreds of decent forges to choose from and PRISM Break moved from the 2nd worst to the one that most defeats the purpose of their constitution.

It might be useful to find dirt on various tech at prism-break, but none of these sites can be trusted for endorsements.

The prism-break website is timing out for me right now. I would not be surprised if they were dropping Tor packets since they have a history of hypocrisy.

If you look in their bug tracker, it actually reveals that they ignore dirt that has been dug up on their suggestions.

As others have mentioned there is little in the way of justification for these suggestions, and while I happen to agree with plenty of them, I’d personally like to see more reasoning, if not to appease people that already have opinions then to help newer users understand their options.

Indeed. In fact it’s actually worse than you describe. Swiso witholds negative information. They don’t want to inform people. They want to steer people. For example, swiso’s endorsements for donation platforms have some quite serious problems:

https://codeberg.org/swiso/website/issues/141

swiso is also aware of the serious issues with Qwant and the serious issues with DuckDuckGo. Not only failing to remove them but also failing to inform. Qwant and DDG are both Microsoft syndicates!

(if anyone is interested, one of the most privacy-respecting search services is Ombrelo¹, which is largely unknown to the world because PTIO, swiso, and prism-break don’t do the job they claim to do)

And swiso is aware because that’s their bug tracker.

/cc @Imprint9816@lemmy.dbzer0.com

¹ https://ombrelo.im5wixghmfmt7gf7wb4xrgdm6byx2gj26zn47da6nwo7xvybgxnqryid.onion/

There are a few good alternatives and swiso has been aware of them for ~4+ years:

https://codeberg.org/swiso/website/issues/140

StreetComplete shows me no map, just quests on a blank canvas. OSMand shows my offline maps just fine, but apparently StreetComplete has no way to reach the offline maps. I suppose that’s down to Android security – each app has it’s own storage space secure from other apps.

In principle, we should be able to put the maps on shared SD card space and both apps should access it. But StreetComplete gives no way in the settings of specifying the map location. And apparently it fails to fetch an extra copy of the maps as well in my case.

I would say mostly true.

I moved to a region where my lifestyle (accounting for wages, tax, cost of living) was effectively cut in half. Yet it was still the right move. My initial thinking was I will live anywhere for a year to get a different experience - I can always bounce back if I don’t like it… if the pay reduction bothered me. I ended up staying ~10 years.

A big factor is where you are in life. Fresh out of university, it’s important to gain ground right away and perhaps get the house paid for, or nearly so. But once you’re a senior dev and at a point of calling yourself “privileged class" with a decent sized 401k built up (which is great to convert to a Roth while abroad), you’re only cheating yourself out of life experiences by continuing to chase the money. Some research concluded around ~10 yrs ago that people’s overall happiness improves as income increases up until the $55k/year mark. Beyond that, income doesn’t matter much. Of course that would be a little higher now with inflation but I guess the OP has cleared that figure.

I think it was around 15 years ago I started researching typical incomes around the world and I noticed that Japan paid SWEs double the US average. Cost of living was about 50% higher in Japan but it still worked out that a US→Japan move would have been a lifestyle upgrade. So there are some rare exceptions.

I think you would benefit most by moving abroad. Staying in one country your whole life is very one-dimensional. If you move to another country, esp. overseas, you will look back on your current boredom as wasting your life and you will regret not having done it sooner. Go for just one year. You can always return if you don’t like it. You might be someone who says “I went for 1 year, but stayed 5”.

But first move to a purple swing state like GA or PA for just a month or two, then move your stuff into mini storage. Two reasons: you get to experience a different part of the US, briefly, and you can register to vote in a place where your future votes will count the most. Because that’s the state you will vote in while abroad. OTOH, isn’t Texas on the edge of being a swing state? It’s probably not a bad place to vote from.

I’m well aware that Cloudflare holds the TLS keys. I’m also well aware that that does not equal having access to credentials.

Can you elaborate? I believe the hashing must be done on the server side not the user side, so Cloudflare would see the creds before hashing. I know it’s possible to subscribe to an enterprise package where you hold your own SSL keys, but it’s unclear why CF would even be used in that scenario. If CF cannot see the traffic, it cannot optimize it as it all has to be passed through to the original host anyway. AFAICT, CF’s only usefulness in that scenario is privacy of the websites ownership - something that banks would not benefit from.

Banks certainly can not outsource willy nilly. Or well, I suppose they may in some jurisdictions, but the context here is Europe, where the banks actually are regulated.

US banks (esp. credit unions) outsource with reckless disregard for just about everything. Europe is indeed different in this regard. But European banks have no hesitation to outsource email to Microsoft or Google and then to use email for unencrypted correspondence with customers. That crosses a line for me.

European banks will also outsource investments to JP Morgan (one of the most unethical banks in the world), and they tend to be quiet about it. I boycott JPM along with other similar banks in part due to investments in fossil fuels and private prisons. This means banking in Europe is a minefield if you boycott the upstream baddies.

Cloudflare holds the keys. They decrypt all traffic that reaches their reverse proxy. It’s legal. Banks can outsource anything they want and they do so willy nilly. Their privacy policies cover this… they can share whatever they need to with their partners.

BTW FWiW, I have caught banks breaking a few laws and reported it to regulators. Regulators don’t care. Everyone thinks consumer banks have a gun pointed at them to comply with the law because it periodically makes a big splash in the media when they’re caught not enforcing AML rules. But when it comes to consumer protection, anything goes to a large extent. There’s very little pressure to do right by consumers. One regulator even had the nerve to say to me “why don’t you change banks?” (in response to a report of unlawful conduct).

Be the change you want to see.

I agree with that principle. And for me, that leads me elsewhere. (I’m not the OP)

I oppose forced banking. I also oppose forced online banking within the banking sector.

Forced online banking

Technologists are mostly incompetent, evidenced by today’s web which is increasingly enshitified. The ultimate escape from incompetently implemented shitty tech is an offline/analog option. It’s important for consumers to be able to say “fuck this, I’m done with electronic access.” Naturally you’d think if you write the app yourself that solves the problem. Not exactly. That API is still controlled by the bank. While the API is likely decent, there’s a firewall around it. Banks are increasingly making stupid anti-consumer moves in their firewalls:

1. They either put their services on Cloudflare, thus blocking Tor and subjecting all users (tor and non-tor) to Cloudflare’s eye on all their sensitive financial traffic including usernames and passwords. Or
2. they simply block Tor, which then enables your ISP to track where you bank and also enable the bank to track your physical whereabouts upon every single login.

These factors are outside of the control of the app developer. A developer could invest a lot of their own time building a great app, only to be demoralized by aggressive firewall anti-features. And worse, if the dev boycotts Cloudflare and/or the bank, their FOSS app continues to benefit the bank after they begin their boycott. IOW, the fruits of their labor is used against them.

Forced banking

Banks are becoming increasingly anti-consumer both online and offline. I could fill a book on this. But to be brief, imagine a bank decides to force everyone online, they close their countertop service, and then force people to obtain a mobile phone, mobile phone service, and force them to share their mobile phone number with the bank. (yes, this has actually happened). The ultimate escape is being able to function without a bank. The #WarOnCash is killing that option off so we are being forced to use banks.

So when you say “Be the change you want to see”, that’s exactly what I’m doing by living an unbanked life and fighting against the war on cash. In that mission, producing a FOSS app would actually be antithetical. A FOSS app would make banking a little more satisfying when it’s more important to have unbanked people fighting for the right to live an analog life.

Looks like Ing still maintains the linux CLI app. I thought they discontinued that but it’s apparently still maintained. I’ve never seen a FOSS app from any other Belgian bank. FOSS phone apps are entirely non-existent for all Belgian banks AFAICT. The link you posted does not appear to lead to one.

BTW, wouldn’t it be strange if Ing had a FOSS Android app considering their app from playstore detects when it’s launched in a virtual machine and then refuses to run? If they had a FOSS app, the user could make it run inside a VM.

In Belgium the water company has imposed forced-banking by removing the cash option. Then at least one bank has shutdown their website and shut their doors, essentially forcing people to buy a smartphone and install their non-free app. So if you want water service, you must buy a smartphone and sell your soul. How perverted is that? Sure, those customers can also change banks but more banks could take the same shitty direction: run non-free software or lose access to water… how’s that for human rights?

That’s not a reality for any Belgian banks as far as I can tell.

One bank even shut their doors, took down their website, and forced all their customers to either use their non-free app or lose access to their money.

What incentive would a bank have to release their apps as FOSS? … but the simplest answer is “why would they?”

Indeed they wouldn’t because most consumers are pushovers, willing to fetch and run any garbage non-free software and willing to share sensitive data with Google in the process. So there’s no reason to offer a FOSS option – as people are not demanding it.

I am one of the very few who demand FOSS. I will not run a non-free app (esp. banking) and I will not create a Google account to reach their exclusive playstore. And now that bank’s web services have started going to shit (blocking tor, reducing web features or simply being shut down to force people to use the phone apps), I’ve gone analog. If a critical mass of consumers were to do the same and stand up for themselves, banks would be forced to do the right thing. But they are not. Ethical consumers are too small of a group to be worth getting business from.

There is a cost to making a good app.

That cost is actually reduced in the open source world. Wheels need not be reinvented. The bank would only have to code a few basic features as an example, publish the API, and let the community develop their app at no cost to the bank. The bank would only have to finance the code audit and acceptance, which the commercial software producer must do anyway.

For example - I’m currently using a bank because their app is awesomely good (compared to other banks).

Surely you have a low bar for what’s good. Just about every banking app I’ve encountered is not even downloadable unless you have a Google account. That already crosses the enshitification line. You have to create a Google account, share your personal phone number with Google, agree to Google’s terms, let Google harvest your IMEI number, let Google keep track of where you bank (since it tracks every download), trust Google not to sell that info to debt collectors, etc. Then once you have the app, it likely detects and refuses to run inside a VM, thus forcing you to buy new hardware to keep up with updates. Then the app likely has spyware therein simply judging from the excessive perms they tend to require.

Why would they open source it - it means customers might go to other banks who do better on interest rates, or fees.

Are you saying a FOSS app from bank A would simply work on bank B? That they have the same API? Perhaps, but that can be controlled by using a unique API… though indeed that protectionism would incur an extra cost.

Why does any company ever undercut the competition by offering something more attractive?

Bank A makes their customer’s lives easy/convenient, but forces them to bend over and install freedom-disrespecting spyware. If bank B wants to take some of bank A’s market share (healthy competition), they produce an app that is equally convenient but respects freedom.

Healthy competition is not in play here. Banks are highly skiddish and risk adverse. The US has over 6000 banks yet US consumers experience very little diversity between them. They’re all basically the same because in when money is on the line no one in the finance industry wants to gamble with doing something different or original. They copy each other and produce shitty websites. Even the website software is outsourced primarily to a few different suppliers.

Even before smartphones existed, I was disturbed that if I wanted an electronic statement, I was forced to login to a website manually and do a lot of clicking. Fuck manual labor. They called that “electronic delivery”. But it wasn’t delivery; it was pick-up. I want my statements like I want my pizza: delivered. It’s been possible to email PGP-encrypted statements since the 1990s, but no banks in the US do it. I think just one bank in Germany did it. But in the US no bank wants to try something different because if they succeed, other banks will copy them anyway. So they only put their neck on the line with risk only to have the benefit of the success be exploited by the competition who avoided taking risk.

If we want FOSS banking apps, I think the first and most important step would be legally requiring banks to provide standard APIs.

Germany supposedly has an open standard banking API. I don’t know if it’s legally mandated but in principle its mere existence and acceptance by some banks would theoretically be sufficient to inspire FOSS apps. I vaguely recall that GNU Cash recognizes that standard… can anyone confirm?

I don’t think I’ve seen any portable FOSS banking apps for any country in the F-Droid official repos. Which suggests that a standard open API may not be sufficient. Or perhaps I have something wrong here.