Comparison of the human disempowerment severity of 3 walled gardens (Facebook, Google, and Cloudflare)

Posted on 2024/03/20 by nzx3233hom

Individual disempowerment by walled gardens has two components:

Inability to enter the walled garden (exclusion)
Inability to escape the walled garden (trapping)

1. Exclusion

Google’s exclusivity

Entry criteria for Google’s walled garden is quite simple:

must have a mobile phone number
must be willing to share the mobile phone number with Google

This essentially excludes people who cannot afford a mobile phone and
service.

Facebook’s exclusivity (same as Google)

Entry criteria for Facebook’s walled garden is quite simple:

must have a mobile phone number
must be willing to share the mobile phone number with Google

This essentially excludes people who cannot afford a mobile phone and service.

Cloudflare’s exclusivity

Cloudflare conceals its criteria for exclusion, but we know from tests and complaints that the following demographics experience denial of service:

people in developing countries
the Tor community
VPN users
people behind CGNAT (this often impacts poor people in impoverished regions whose ISPs receive a limited number of IPv4 addresses)
users of public libraries (consequently people who can’t afford a PC and internet subscription), and generally networks where IP addresses are shared
privacy enthusiasts who will not disclose ~25% of their web traffic to one single corporation in a country without privacy safeguards
people using non-graphical browsers or GUI browsers with image loading disabled (their traffic resembles that of robots); this includes:
- blind people
- poor people on capped internet plans
- environmentalists and the permacomputing community
people with impairments and disabilities (CAPTCHA-blocked)
people who deploy beneficial robots – Cloudflare is outspokenly anti-robot and treats beneficial bots the same as malicious bots
Android users running AOS 6.0 and older

No one knows all the groups excluded by Cloudflare or the full scale of the exclusion. Some users can overcome the exclusion if they manage to figure out why they are excluded. Some have no hope of overcoming the exclusion. For example, if the only ISPs available to someone use CGNAT, they cannot enter Cloudflare’s walled garden by changing ISPs. They may be able to upgrade to a static IP address as a separate feature or by subscribing to a business plan, but this may be out of reach as it’s often poor people who are stuck with CGNAT addresses to begin with.

2. Trapping and Escapability

Walled gardens have attributes and features that are designed to keep users inside the walled garden. The variables are so vast and countless it’s impractical to track and enumerate all of them. However, a useful simplification follows from the assumption that a user has the will and the intent to escape. In that context, it’s only useful to examine access to essential services. When there is an essential resource exclusively within the walled garden, it carries significance in the trapping factor.

What’s essential? Any service that traces to a human right or constitutional right is well within the scope of services we can consider “essential”.

Google’s trap

Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:

apps that contact emergency dispatch centers (e.g. apps that dial 112 in Europe or 911 in the US); these apps are configured with the user’s name and address which is instantly transmitted and they tend to support both voice and text so they function whether or not you have the use of your voice
banking apps (and 2FA apps for banking); although banking was traditionally a non-essential private sector service, it’s becoming increasing mandatory because cash payment for labor is already banned in some European countries
apps for public services (e.g. public parking)
national train apps
national eID services (e.g. “ID Austria” is exclusively accessible through “Digitales Amt” and “A-Trust Signatur”)

The above-mentioned apps all trace to a human right, such as the right to life, healthcare, the right to work, and the right of equal access to public services. The right to education is compromised by Google in a variety of ways:

Google Docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped while pursuing education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
The Wi-Fi networks at some public schools use a captive portal for authentication and the only way to gain access is to supply credentials for a Google or Facebook account.

Facebook’s trap

Facebook’s trap is triggered when someone needs to communicate with another organization that is exclusively reachable in Facebook. When that other entity is a public service or fills some other role related to human rights, it’s a noteworthy trap.

It’s impractical to document all such cases here but some examples are given:

A police department recovered stolen bicycles and announced that theft victims could visit the FB page of the police dept. to see if their bicycle appears in the photos. Non-FB users were blocked from the page and there was no other means to reach the photos. Effectively, non-FB users were denied equal access to public services.
A Danish university has a Facebook page as well as nearly every single student. Facebook is used exclusively to announce some campus social events and even some optional classes. Students without Facebook are excluded from being informed. They are effectively being excluded from some aspects to public education, although strictly speaking the Facebook exclusive events were not required to obtain a degree.
There is a local activist group fighting for the right to be analog. Their sole presence is on Facebook. So freedom of assembly in this case is conditions people on being trapped in Facebook. There are countless athletic clubs and housing associations that establish themselves exclusively on Facebook which has the effect of forcing others into the walled garden and retaining them.
Facebook marketplace facilitates the exchange of second hand goods. The right to environmental protection is enshrined in human rights law, so this is an essential service. For many people it is the sole resource that traps them in Facebook. Many would say the right to boycott is also essential despite not being enshrined in human rights law. The right to boycott is often exercised using the second hand markets.
Facebook
induces addiction to the service. This does not trace to a human right but it exceptionally impedes users with the will and intent to excape to the same extent an essential access has.

Cloudflare’s trap

Roughly 20% of all websites in the world exist inside Cloudflare’s walled garden. Countless Cloudflare websites are essential and indispensable. Where can we possibly begin? Below is a list of Cloudflared resources that play a significant role in protection of human rights. If someone exits Cloudflare’s walled garden, this is what they give up—

The right to vote:

The voter registration forms in nine U.S. states (AZ, FL, GA, HI, ID, NY, OH, RI, WA) are exclusively in Cloudflare’s walled garden.

The right to petition:

The biggest petition services in the world are in Cloudflare’s walled garden.

change·org
moveon·org
actionnetwork·org

Freedom of expression:

The biggest threadiverse server in the world (lemmy·world) is in Cloudflare’s walled garden.

Freedom of assembly and of association:

Countless political activist groups have their online existence exclusively in Cloudflare’s walled garden.

The right to education and academic freedom:

Learning platforms exclusively reachable within Cloudflare’s walled garden:

MyOpenMath
PhET

The right to engage in work and access to placement services:

Most of the biggest job searching sites are exclusively reachable within Cloudflare’s walled garden, including:

indeed·com
glassdoor·com
careerbuilder·com

Bank access is becoming increasingly critical for receiving payroll payments as the world eliminates cash. At the same time banks and credit unions are joining Cloudflare’s walled garden.

Fair and just working conditions:

Many workers’ rights organizations are exclusively inside Cloudflare’s walled garden, notably:

Center for Workers’ Rights
Justice at Work
Solidarity Center
The Farmworker Association of Florida, Inc.
Women Employed
Worker Rights Consortium (WRC)

Many workers’ safety organizations are also exclusively inside Cloudflare’s walled garden, notably:

American National Standards Institute (ANSI)
National Association of Safety Professionals (NASP)
National Safety Council (NSC)
The Electrical Safety Foundation International (ESFI)
World Health Organization – Office of Occupational Health (WHO-OCH)

The right of access to government documents:

At the federal level, these websites make access to government documents exclusively available in Cloudflare’s walled garden:

Library of Congress
The US Congress (congress·gov + the websites of some individual Congress members such as Ayanna Pressley)

Countless US states have made access to government documents and information exclusively reachable inside Cloudflare’s walled garden. There are too many to make a comprehensive list but if we only consider the Secretary of State resources, these states have made access to business registration records conditional on entry into Cloudflare’s walled garden:

Arizona
Georgia
Hawaii
Idaho
New York
Ohio
Rhode Island
Washington

Opensecrets·org enables people to review how money is spent in connection with politics. The site is also in Cloudflare’s walled garden.

The right life and to healthcare:

Searching for a health issue is often useful to quickly get essential medical information particularly in an emergency. When a search for medical information filters out Cloudflare sites, the resulting information is generally sparse and lacking. Websites like webmd·com are part of Cloudflare.

3. Exclusion (Cloudflare’s exclusion is more rigid and more vast)

Google and Facebook exclude those who do not have access to a mobile phone, which account for ~5% of the world’s population. A total of 5.35 billion people around the world were using the internet at the start of 2024, equivalent to 66.2 percent of the world’s total population. So it’s probably fair to say that a large portion of people without mobile phone access do not have internet access anyway. The people excluded by Google and Facebook may only be a small percentage of privacy enthusiasts who simply refuse to share their mobile phone number with a surveillance advertiser. Those who want to enter the walled gardens of Facebook and Google can also use a pinger service to overcome that barrier. This naturally pales in comparison to Cloudflare, whose exclusion is non-transparent. People in Cloudflare’s excluded groups cannot know how to overcome the exclusion if they do not even know the reason for their exclusion.

4. Trapping (Cloudflare’s walled garden is the least escapable)

Google’s Playstore traps people to the extent that they insist on the convenience of using an app. Most services offer web service as an alternative to a mobile app. There are some niche scenarios with schools but this does not affect a large portion of the population. Facebook’s trap is relatively weak as well apart from some niche situations. Escaping Cloudflare is unsurmountable. Most who decide to remain outside of Cloudflare’s walled garden must generally give up access to a substantial number of essential services.

Cloudflare has created the largest most rigidly exclusive walled garden in the world

Posted on 2024/03/18 - 2024/03/18 by nzx3233hom

Walled gardens are a technofeudal structure comprehensively defined by three varieties of oppression:

The 3 oppressions of walled gardens

(oppression 1) Exclusion— to keep people out
(oppression 2) Trapping— to keep people locked-in and held captive by inducing dependency
(oppression 3) Opacity— to keep people uninformed

Oppression 1 and 2 establishes a walled garden. Oppression 3 is commonly used to support oppressions 1 and 2.

History of walled gardens

A “walled garden” originated as a concept by John Malone and others at a telecom company that was later acquired by AT&T. Phones were leased to customers and the system was designed so customers could not connect their own telephones to the network.

The first notable evolution of the term appears in the adtech industry, which refers to walled gardens as a closed platform or ecosystem where the technology provider has significant control over the content, user data, advertising options, and generally the whole environment. The most well-known examples come from the Google and Facebook duopoly.

The walled garden paradigm has expanded beyond the adtech industry evolved toward a model that underpins all resources under technofeudalism independent of advertising. The biggest walled garden in the world has emerged with no known advertising component. It was created by US tech giant Cloudflare, Inc.

Oppression 1: Cloudflare excludes people from web-based resources

Cloudflare excludes people in pursuit of their abstract objective to convince their customers that malicious actors cannot reach their websites. Their business model entails offering this service free of charge. As a consequence, money-saving shortcuts are taken and Cloudflare uses a cheap blocking criteria based crudely on IP reputation. Similar to the effect SpamHaus has in yielding a high number of spam false-positives going back over 20 years, Cloudflare also yields substantial collateral damage to harmless users spanning several demographics, including:

people in developing countries
the Tor community
VPN users
people behind CGNAT (this often impacts poor people in impoverished regions whose ISPs receive a limited number of IPv4 addresses)
users of public libraries (consequently people who can’t afford a PC and internet subscription), and generally networks where IP addresses are shared
privacy enthusiasts who will not disclose ~25% of their web traffic to one single corporation in a country without privacy safeguards
people using non-graphical browsers or GUI browsers with image loading disabled (their traffic resembles that of robots); this includes:
- blind people
- poor people on capped internet plans
- environmentalists and the permacomputing community
people with impairments and disabilities (CAPTCHA-blocked)
people who deploy beneficial robots – Cloudflare is outspokenly anti-robot and treats beneficial bots the same as malicious bots
Android users running AOS 6.0 and older

That list is incomplete due to the non-transparent nature of Cloudflare. No one knows all the groups excluded by Cloudflare or the full scale of the exclusion.

Oppression 2: People are trapped in Cloudflare’s walled garden

Cloudflare’s direct customers are website owners, not the general public. However both Cloudflare’s direct patrons AND the (often unwitting) end-users of the affected web services are mutually trapped by Cloudflare.

Website owners are enticed by the prospect of getting what they perceive¹ as a gratis service to protect their website. Since no other service offers to protect website for free, website owners are trapped by the perception¹ of cost savings. They are essentially in a gilded cage.

When a website administrator joins the cage by opting to reverse proxy their services via Cloudflare’s walled garden, the visitors of the website have no choice in this decision. The end user is forced into a disempowered take-it-or-leave-it proposition and thus trapped to an essentially absolute extent. For example when nine U.S. states (AZ, FL, GA, HI, ID, NY, OH, RI, WA) proxy their voter registration service through Cloudflare, citizens of those states are trapped because online voter registration is preconditioned on entry into the walled garden (which in fact excludes some people). Petition hosts like Change·org and Moveon·org are Cloudflared, so when someone wants to sign a petition that’s exclusively hosted on either of those sites, they are trapped. They cannot sign the petition outside of Cloudflare. When the Internet Engineering Task Force (IETF) moved their website into Cloudflare’s walled garden, developers who need to access the text of (otherwise previously open) standards are trapped.

Oppression 3: The opacity of Cloudflare’s walled garden conceals the exclusivity

Cloudflare is designed to keep web users oblivious to the existence of the garden walls. If it had been widely realised that Cloudflare is an exclusive walled garden, it may not have grown to the enormous size that it is today (around 20% of all websites in the world are Cloudflare-gated). The proliferation of Cloudflare’s walled garden depends on a majority of the population either not knowing of Cloudflare’s existence or believing Cloudflare’s deception that they only exclude harmful actors.

There is an included group and an excluded group. People in the excluded group clearly see the garden wall. It’s a dysfunctional blocking page in their face with no means to progress toward the content sought, or it manifests as an (often broken) CAPTCHA. People in the INCLUDED group have no login requirement or any extra steps to enter the walled garden. The gate is wholly invisible to them, which is “opaque” in the sense that they are deceived about where they are. They are deceived about having passed through an access-restricted gate. People in the included group contribute content to this exclusive resource without knowing that their contribution is not openly reachable to everyone. It is effectively locked into a private property despite the illusion that it’s open public access.

Another instance of oppression 3 manifests in the form of a browser padlock that deceives visitors of Cloudflared websites into thinking their traffic is secure between the user and the website’s host. In reality the padlock only indicates a secure line to Cloudflare, who sees everything including usernames and unhashed passwords. This deception is important to Cloudflare because a large portion of the public would not likely trust Cloudflare with everything sensitive; they would not enter the walled garden.

So the deception about data exposure works both ways: content users expect to be public (such as a comment in a public forum) is in fact exclusively reachable, and content they expect to be private is in fact exposed to Cloudflare.

Cloudflare’s walled garden is the largest

Unlike the better known walled gardens such as Facebook and Google, Cloudflare leverages substantial growth and activity with every website that joins it. It’s not a mere handful of services like surveillance advertisers which scale by one user account at a time. Around 20% of all websites in the world are in Cloudflare’s walled garden, each of which has potentially countless users.

Cloudflare’s walled garden is the most rigidly exclusive

Google and Facebook are exclusive to the extent that users who do not register are excluded. Users without mobile phones are excluded from joining. But it’s within the realm of possibilities for most people to go through the hoops to join the included group. With Cloudflare, there is no registration. The included group is undefined because the excluded group is undefined. If you are in the excluded group, how do you even know exactly why you are in the excluded group? Cloudflare does not tell you “you are blocked for have a CGNAT IP address”, for example. You just get a block screen with bogus messaging.

Suppose you happen to know your CGNAT IP address is the problem. Then what? How do you join the included group? Some would say subscribe to a VPN service. Yet VPNs are also among the groups excluded by Cloudflare’s walled garden. There is no clear path to being included. Hence the title: most rigidly exclusive.

Cloudflare’s defense: Why Cloudflare proponents and digital rights opponents object to tagging Cloudflare as a “walled garden”

Cloudflare proponents and advocates essentially claim:

Website owners have control. They can configure their website to permit Tor users to have access. If they do not change their Cloudflare configuration settings, it’s their fault, not Cloudflare’s.

It’s true that website administrators can whitelist Tor to enable Tor users to access their website. This has two problems:

It only makes Tor users part of the included group. What about everyone else? What about the people behind CGNAT? There are still many other people in the demographics of the excluded group.
The power of defaults

It’s very rare that web admins whitelist Tor in their Cloudflare settings. Corporate actors understand the power of defaults to the most pernicious extent. This is why 83% of Mozilla’s revenue comes from Google merely for making Google the default search engine in Firefox.

Consider the “free-range” chicken swindle. A factory farmer will ram-pack an over-crowded chicken coop, but in order to legally make the claim that the chickens are “free-range”, they merely have to provide a door with access to some area outside the building. They design this door so that only the most clever chickens can find it, operate it, and fit through it. So in reality 1 or 2 chickens may escape the overcrowded conditions while most suffer. The farmer’s lawyer argues that all the chickens have free will and access to freedom. Cloudflare proponents use the same tactic. Very few admins are clever enough to realise Tor users are legitimate, that those legitimate users are blocked and also that Tor access can be toggled on. Cloudflare understands the power of defaults and in the end Cloudflare is responsible for selecting a malicious default setting in support for the world’s largest walled garden.

footnotes

① When a website is attacked, Cloudflare tells customers they have exceeded the parameters of the free service and must upgrade to a premium package. Hence the phrasing of “perception” of cost savings, which is otherwise beyond the scope of this paper.

What do you call people who reject non-free software?

Posted on 2023/04/15 - 2023/09/08 by nzx3233hom

There is no word for it. The free software movement needs a noun to describe those of us who reject oppressive technology such as non-free software. Our way of life needs recognition.

What happens when a banker says “you can download our app from the Google Playstore”? You have to respond with many words like “I do not run non-free software” or “I have no Google account and I do not trust proprietary closed-source software”. We are marginalized to some extent simply because our existence is unknown, unacknowledged, and perceived as a tiny scattered minority that can be disregarded.

“If you’re explaining, you’re losing” —Ronald Reagan¹

The idea is that simplicity is foundational to reaching a large audience. We do not want the burden and argumentative disadvantage of having to do a lot of explaining.

(① We do not need to accept Reaganomics or Ronald Reagan’s viewpoints to appreciate the merit of this particular quote.)

Works for vegans

Consider what happens when a vegan talks to a food server or clothing shop. There is no lengthy discussion about what the consumer can eat or wear. They simply say “I’m vegan”, or “can I see your vegan menu?” The server is not baffled. It’s instantly understood. Having a name for veganism is important to that cause. Vegans need a label because with that label comes recognition and understanding. The recognition comes with an implied need for accommodation that largely skips the step of questioning the merit of the position.

We are “libresarian”

I propose libresarian.

The suffix –arian changes an adjective into a personal noun, as in veterinarian. LibreS is short for libre (free as in freedom) software, a noun. But library is also already a noun from which “librarian” was derived.

Libre software (aka FOSS) is any software that provides users with these four essential freedoms.

The next time someone tells you “download our app”, say: “I’m libresarian; is your app FOSS?”

Countering harmful trends

20 years ago we could mostly avoid non-free software simply by boycotting COTS (commercial off-the-shelf) software and their shrink-wrapped licenses. That was successful until recently. Today you can’t even buy some common household appliances like TVs, pressure cookers, dryers, etc, as all the new models are coming with embedded updatable insecure proprietary software that connects to a network. It comes with a huge attack surface and you are at the mercy of the original creator to counter vulnerabilities even when the hardware is out of warranty and the vendor has no business incentive to provide updates. If a libresarian wants to buy a high-end TV or dryer, they are already excluded from those markets and therefore marginalized.

Restaurant menus show a green leaf next to vegetarian or vegan options. Likewise, libresarians need to reach that level of accommodation with technology being offered.

Thwarting negotiation and compromise

If a food server/salesperson hears: “I prefer to avoid meat” pre-vegan days, they might try to sway you with “we have cruelty-free veal” or “our cows don’t fart“. But if you say “I’m vegan” now that it’s defined, this quickly conveys your position as non-negotiable. Libresarians need to establish the same non-negotiable status so we can make more progress.

“Will not” becomes “cannot”. A libresarian without a label suggests the possibility of a certain degree of flexibility that invites unwanted promotion of non-free software. Vegans are free to choose whether to say “I will not eat meat” or “I cannot eat meat”, depending on how they want to steer the conversation. If they choose to say “cannot”, they are effectively saying they adhere to (or are bound by) the rules of the label… the rules of being vegan. The existence of the libresarian label makes the use of “cannot” more credible and less contestable, thus giving us more control in the conversation (depending on the personality of the other party).

Libresarians come in different varieties

Just as there are different kinds of vegans (e.g. “ethical vegan”, “environmental vegan”, “dietary vegan”, etc), there are libresarians of different kinds:

Utilitarian libresarian

Some libresarians are simply concerned with whether they have the four essential freedoms in the end. They do not object to buying non-free software that may be pre-installed or bundled with hardware so long as they can remove it or replace it with free software. When they can operate free from non-free software, their goals are satisfied.

Deontological libresarian

Some libresarians are driven by deontological ethics, often attributed to the ethical theories of Immanuel Kant. Unlike utilitarian libresarians, they find it insufficient or misfocused to only have concern with the tools in their final deployed state. To a deontological libresarian it would be unethical to buy a device like a smartphone or TV where non-free software is a part of the device at acquisition time. Some may even find it ethically objectionable for non-free software to be used in the supply chain. The problem is that even if you can destroy the non-free software, you’ve still made a financial contribution to the oppressive technology. A deontological libresarian therefore does not even acquire non-free software as a gift for a non-libresarian because it would contribute to the tyranny of producing non-free software.

Consider why vegans refuse to consume animal products. The purpose is to boycott a harmful practice by an ethically dubious or unconcerned industry. The boycott is also the means to an ends, not directly the final goal in itself. If a vegan buys a steak, prepares it, and serves it to someone else, it would defeat the vegan cause. There would be an interesting debate among vegans on that. Also consider the scenario of eating meat found in a dumpster. Such a consumer contributes absolutely nothing to the exploitation of that animal, yet vegans will debate fiercely as to whether such a consumer can call themselves vegan. The only certain non-controversial common ground on that is to say one who eats meat from a dumpster is not a dietary vegan.

Strict libresarian

Often a device cannot run 100% free software without becoming wholly unusable when some critical components have no freedom-respecting replacement. A strict libresarian rejects the whole device in this case and makes no compromises. Or they produce the missing pieces so the device becomes fully liberated. Other (non-strict) libresarians are content with reaching a certain maximum degree of freedom in exchange for ability to function without having to write code or create a project and finance it.

Libresarian types are neither complete nor mutually exclusive

The libresarians defined above (utilitarian, deontological, and strict) are not intended to cover all viewpoints. They merely serve to capture some common viewpoints to disambiguate discussions and clarify goals efficiently. They are not mutually exclusive categories that one must fall into. There is overlap. A libresarian is of course free to act as a utilitarian libresarian in one situation and practice deontology in other situations. There is no innate contradiction in being both a utilitarian and deontologist simultaneously or in appreciating both viewpoints.

Mainstream libresarian lifestyle (“libresarianism”) and scope thereof

Libresarians conform to a restrictive lifestyle. Like vegans, their lifestyle is subtractive not additive. That is, they sacrifice options because the scope of action is no more and no less than a boycott. We define mainstream libresarianism in the absence of adjectives like: utilitarian, deontological, strict to be those who reject the use of non-free software in situations notwithstanding some exceptions. Specifically, if a device executes software that lacks any of the four essential freedoms and:

* it is updatable; OR
* it connects to a network that reaches multi-purpose devices (“MPD”; e.g. PCs, servers, and phones)

then a libresarian does not and will not own that device.

Exceptions— when non-free software is acceptable to libresarians

Many appliances run non-free software but the factory-installed software cannot be updated and the device also cannot connect to a network. A classic example is a microwave oven produced in the 1990s. Such an appliance is outside the scope of concern for libresarians in general. The benefit of the four freedoms is too insignificant in such cases to make the sacrifice worthwhile and it would only serve to shrink the libresarian community. But if the microwave oven connects to a LAN and ultimately to a smartphone, then a libresarian insists that the software on the microwave be free software. A TV from the 1980s would be neither updatable nor would it connect to a network with reach to MPDs, but it would often act on signals from an infrared remote control. One might argue that the remote control is “networked” to the TV. However, a 1980s remote control was a special-purpose device that only connected to the TV it was made for. So such an appliance is not generally objectionable to libresarians. Hence the distinction of MPDs from special-purpose devices.

Air gap esoterics and intent

Suppose a special-purpose controller connects to an appliance and the controller also connects to a network that reaches phones or PCs. The appliance is effectively reachable by a MPD via the controller. In this situation libresarians insist that the appliance exclusively connect to controllers that run free software and that it be deployed such that it’s unreachable to controllers running non-free software. This essentially means the appliance must be air-gapped with respect to all devices that run non-free software but it need not be air-gapped from devices that run free software.

For the purposes of this section, air gaps to MPD only apply to one hop. So a MPD can connect to a free software controller and ultimately reach an appliance which may be running non-updatable non-free software. Since the user is in control of the intermediate free software controller, this sufficiently empowers the user with control to treat signals from MPDs as they wish.

The libresarian definition is dynamic & evolves over time

As times change and progress is made, the goalposts will move to reflect what is important to the community. This has happened with veganism, which began as a diet but broadened in scope. As the vegan movement gains more ground, it will likely make revisions to the meaning of vegan. Proponents of digital freedom will also gain more ground. Perhaps one day we will be able to take the battle beyond the four freedoms and (for example) develop an expectation that source code and documentation be available in public channels rather than walled gardens. We might decide later that some fine-tuning is needed if (for example) non-free controllers or services are using encryption to circumvent FOSS components. But for the moment the libresarian stance is sufficiently ambitious.

24 banking problems solved by cryptocurrency that Bruce Schneier does not know about

Posted on 2022/06/28 - 2022/07/01 by nzx3233hom

“From its inception, this technology [cryptocurrency] has been a solution in search of a problem.” –Bruce Schneier (June 24, 2022)

We can stop the search. I may have found the problem:

Some banks freeze your account if the form of ID they have for you expires before you give them an updated copy. The way you learn this has happened is when the ATM refuses you (which can happen outside of banking hours when you need money for food).
Some banks refuse to serve Americans.
The non-US banks willing to accept American customers all voluntarily opt-in to sharing sensitive client data with the US (under FATCA), thus facilitating unwarranted 4th amendment violations/circumventions against their own client. (The banks that respect your privacy are the same banks that refuse to serve Americans because they don’t want the babysitting effort imposed on non-FATCA institutions).
Some banks block Tor, thus forcing you to reveal to your ISP where you bank while also forcing you to disclose your IP address to the bank.
Some banks allow Tor just for login form submission, then lock your account after you attempt to login over Tor.
Some banks admit in their privacy policy that they use your IP to determine your location geographically and log it.
Some banks close your account if you move out of the country or if you neglect to tell them your new address. They don’t always write this in the ToS because the ToS usually says “we can close your account without warning for any reason and we don’t have to tell you why”.
Some banks spontaneously ask you (when you call them):
- What is your career industry?
- What is your job?
- Who do you work for?
- How much do you earn annually?
- Where do you live?
Of the banks that do this arbitrary interrogation, some tell you it’s a “US Patriot Act requirement” that you answer. Some banks say it’s a “US Patriot Act requirement” that they ask but answering is voluntary (but if you refuse to answer that goes in the notes). The banks that do not ask these questions are also compliant with the Patriot Act but they lose the opportunity to collect that data for their own surveillance advertising purposes (which is the real reason banks collect this data), thus putting the less intrusive banks at a competitive disadvantage.
Some banks close your account if they suspect you are in the marijuana trade (federally prohibited despite being locally permitted or tolerated), or if they suspect you’re in the sex trade, and more generally they close your account if your career profile and transactions appear inconsistent.
Some banks close or freeze your account if they suspect you used it to buy or sell a competing financial instrument like cryptocurrency (e.g. via Bisq), or you bought any other product that’s inconsistent with the bank’s values.
Some banks are exclusively accessible via their iOS/Android apps which are exclusively distributed by Apple & Google Playstore. No website. No over-the-counter service.
Some banks (often credit unions) proxy through Cloudflare, thus surreptitiously sharing your plaintext account creds & all banking transactions with Cloudflare Inc. (while you are bound to an agreement that holds you accountable for credential leaking)
Some banks (often credit unions) surreptitiously outsource everything from web access to statement printing to bill pay. It’s the same few centralized large corps who process this info for all CUs, so clients have the illusion of dealing with a small institution but in fact their sensitive data is still handled by a big corp that sees everyone else’s data. Bigger banks that don’t outsource as much still tend to be sloppy with safeguarding the data they collected.
Some banks charge a fee for paper statements. Often those same banks force customers to share sensitive data with Cloudflare to obtain their e-statements.
Some banks directly finance the oil industry & private prisons. Some smaller banks are ethical in this regard but they outsource their investments to the unethical banks.
Some banks are members of the Better Than Cash Alliance, thus actively promoting the elimination of cash.
Some banks are cashless. Without a vault, they cannot accept cash deposits. Of those banks, some accept limited amounts of cash deposits at ATMs and some do not.
Some countries have banned all cash transactions above ~1k or 3k, depending on residency status. If you are selling a used car in these regions in excess of the cash limit, the payer must wire the money in advance and trust the seller to sign over the car at a later time (or the seller must trust the buyer’s printout showing the transfer was sent). In these same regions there is no viable small claims process if one party swindles the other.
Visa has a webpage where you can enter your card# to opt-out of them selling your data, but that webpage is proxied through Cloudflare.
Mastercard has a webpage where you can enter your card# to opt-out of them selling your data, but that webpage gives a 403 forbidden to Tor users.
American Express is an ALEC member, thus financing climate denial along with a long list of policies favoring a pernicious political party.
Visa, MC, AmEx, & Paypal all collectively blocked donations to Wikileaks, voluntarily. When cash is eliminated, forcing corp-favored politics on consumers will become more regular.
Citibank blocked insulin to 450,000 Venezuelans.
Paypal shares customer data with over 600 corporations (I learned that from you in March, 2018, Mr. Schneier!)

Should people be needlessly forced into the private sector marketplace to patronize a corporation for something as basic and essential as money transactions, particularly in light of the landscape above? Mr. Schneier seems to imply banking problems can be solved by regulation, but some of those problems are caused by regulation, and some of them are caused by capitalism (particularly surveillance capitalism). Capitalism has pros & cons. Whether you favor capitalism or not, cryptocurrency clearly avoids many of its shortcomings. The regulatory changes required to fix any of the above problems require politicians who received campaign money from banks to work against banks.

From a security standpoint, the thesis that people should be forced to trust a bank to not be breached is questionable. Forced trust seems like a really bad idea from a security standpoint. A consumer might trust own ability to secure their own wallet more than they trust Capital One to protect customer information from Amazon contractors whilst neglecting to do risk assessment, for example.

(note: Bruce Schneier censored the above post as well as the following post.)

“Someone, please show me an application where blockchain is essential. That is, a problem that could not have been solved without blockchain that can now be solved with it.” –Bruce Schneier (June 24, 2022)

The use case that traditional pre-cryptocurrency mechanisms cannot serve is when Bob needs to pay Alice at a long distance without having to depend on (and trust) a corporate third party actor who has the rights and power to refuse service to either Bob or Alice.

And furthermore, both parties to a traditional long-distance transaction must each mutually depend on (and trust) both corporate third party actors and those two middlemen must have a relationship with each other that does not involve a currency conversion fee that’s intolerable to either Alice or Bob. When any of those factors fail to serve, it’s a problem that can only be solved by cryptocurrency.

“‘…and cash payments aren’t feasible’ does not count.” –Bruce Schneier

This qualifier to your question may or may not blow the proposed answer above. It’s unclear why feasibility of cash transactions would affect the question, but the use case above could be either local or spanning a distance depending on whether you want cash feasibility to be in play.

In the end, conventional bank transactions require existence of a bank who is willing to serve Alice/Bob, and likewise Alice and Bob must be willing to depend on and trust the bank. What bank can be trusted which is also ethical (that is, a bank that does not finance fossil fuels, private prisons, bad politicians, does not force me to run non-free software, etc)? If such a dream bank emerges, the next problem is that the person you transact with most certainly banks at a boycott-worthy bank. Transacting with that person passively supports the unethical bank. So the cryptocurrency-free world that Mr. Schneier proposes is one that forces us into transactions that work against the ethical constitution of many individuals.

Cryptocurrency enables ethical consumers to boycott unethical banks.